[Snyk] Upgrade markdown-to-jsx from 7.3.2 to 7.5.0 #132
+63
−64
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Snyk has created this PR to upgrade markdown-to-jsx from 7.3.2 to 7.5.0.
ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.
The recommended version is 9 versions ahead of your current version.
The recommended version was released on 23 days ago.
Release notes
Package name: markdown-to-jsx
Minor Changes
62a16f3: Allow modifying HTML attribute sanitization when
options.sanitizer
is passed by the composer.By default a lightweight URL sanitizer function is provided to avoid common attack vectors that might be placed into the
href
of an anchor tag, for example. The sanitizer receives the input, the HTML tag being targeted, and the attribute name. The original function is available as a library export calledsanitizer
.This can be overridden and replaced with a custom sanitizer if desired via
options.sanitizer
:sanitizer: (value, tag, attribute) => value,
})">
Patch Changes
Patch Changes
Patch Changes
a9e5276: Browsers assign element with
id
to the global scope using the value as the variable name. E.g.:<h1 id="analytics">
can be referenced viawindow.analytics
.This can be a problem when a name conflict happens. For instance, pages that expect
analytics.push()
to be a function will stop working if the an element with anid
ofanalytics
exists in the page.In this change, we export the
slugify
function so that users can easily augment it.This can be used to avoid variable name conflicts by giving the element a different
id
.options={{
slugify: str => {
let result = slugify(str)
}
}}
Patch Changes
f5a0079: fix: double newline between consecutive blockquote syntax creates separate blockquotes
Previously, for consecutive blockquotes they were rendered as one:
Input
> Block A.2
> Block B.1
Output
This is not compliant with the GFM spec which states that consecutive blocks should be created if there is a blank line between them.
What's Changed
New Contributors
Full Changelog: v7.4.3...v7.4.4
What's Changed
Full Changelog: v7.4.2...v7.4.3
Re-release 7.4.1 with less existential console screaming
What's Changed
New Contributors
Full Changelog: v7.4.0...v7.4.1
Happy New Year! 🎆
markdown-to-jsx v7.4 features a new option
renderRule
! — From the README:Supply your own rendering function that can selectively override how rules are rendered (note, this is different than
options.overrides
which operates at the HTML tag level and is more general). You can use this functionality to do pretty much anything with an established AST node; here's an example of selectively overriding the "codeBlock" rule to process LaTeX syntax using the@ matejmazur/react-katex
library:import TeX from '@ matejmazur/react-katex'
const exampleContent =
'Some important formula:\n\n
latex\nmathbb{N} = { a in mathbb{Z} : a > 0 }\n
\n'function App() {
return (
<Markdown
children={exampleContent}
options={{
renderRule(next, node, renderChildren, state) {
if (node.type === RuleType.codeBlock && node.lang === 'latex') {
return (
<TeX as="div" key={state.key}>{String.raw
<span class="pl-s1"><span class="pl-kos">${</span><span class="pl-s1">node</span><span class="pl-kos">.</span><span class="pl-c1">text</span><span class="pl-kos">}</span></span>
}</TeX>)
}
)
}
The README docs around syntax highlighting have also been updated with sample code.
With the new year comes a push toward v8. Performance will be a top priority, reducing the complexity of the library's regexes to increase throughput for SSR use-cases and ideally eliminate rare but frustrating issues like catastrophic backtracking. In addition, the library will be pivoting into more of a pure compiler model, with a React adapter offered and ones added for other major frameworks as well. The idea is anywhere you can run JS, you can use [secret new library name].
Stay tuned and thanks for being part of the journey ✌🏼
Here's to a great 2024 🍾
markdown-to-jsx is maintained by @ quantizor, buy him a coffee
Full Changelog: v7.3.2...v7.4.0
fix(types): path to esm types in "exports"
Full Changelog: v7.3.1...v7.3.2
Important
Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.
For more information: