From 73c198a30c7d4a8d5e087c89f177b56dcaa8e0fb Mon Sep 17 00:00:00 2001 From: Svallinn <41585298+Svallinn@users.noreply.github.com> Date: Thu, 17 Jun 2021 04:14:06 +0100 Subject: [PATCH] Chore: Replace `markdown` package with `marked` The 'markdown' package is unmaintained (last update was 8 years ago) and has a low severity vulnerability, so it makes sense to replace it with 'marked', which is actively maintained and very small in size. --- package-lock.json | 30 ++++++++++-------------------- package.json | 2 +- src/renderer/App.js | 4 ++-- 3 files changed, 13 insertions(+), 23 deletions(-) diff --git a/package-lock.json b/package-lock.json index 9404373b..d0f6af6b 100644 --- a/package-lock.json +++ b/package-lock.json @@ -4335,7 +4335,8 @@ "abbrev": { "version": "1.1.1", "resolved": "https://registry.npmjs.org/abbrev/-/abbrev-1.1.1.tgz", - "integrity": "sha512-nne9/IiQ/hzIhY6pdDnbBtz7DjPTKrY00P/zvPSm5pOFkl6xuGrGnXn/VtTNNfNtAfZ9/1RtehkszU9qcTii0Q==" + "integrity": "sha512-nne9/IiQ/hzIhY6pdDnbBtz7DjPTKrY00P/zvPSm5pOFkl6xuGrGnXn/VtTNNfNtAfZ9/1RtehkszU9qcTii0Q==", + "dev": true }, "accepts": { "version": "1.3.7", @@ -12596,13 +12597,10 @@ "object-visit": "^1.0.0" } }, - "markdown": { - "version": "0.5.0", - "resolved": "https://registry.npmjs.org/markdown/-/markdown-0.5.0.tgz", - "integrity": "sha1-KCBbVlqK51kt4gdGPWY33BgnIrI=", - "requires": { - "nopt": "~2.1.1" - } + "marked": { + "version": "2.1.1", + "resolved": "https://registry.npmjs.org/marked/-/marked-2.1.1.tgz", + "integrity": "sha512-5XFS69o9CzDpQDSpUYC+AN2xvq8yl1EGa5SG/GI1hP78/uTeo3PDfiDNmsUyiahpyhToDDJhQk7fNtJsga+KVw==" }, "matcher": { "version": "3.0.0", @@ -13140,15 +13138,6 @@ "which": "^2.0.2" }, "dependencies": { - "nopt": { - "version": "5.0.0", - "resolved": "https://registry.npmjs.org/nopt/-/nopt-5.0.0.tgz", - "integrity": "sha512-Tbj67rffqceeLpcRXrT7vKAN8CwfPeIBgM7E6iBkmKLV7bEMwpGgYLGv0jACUsECaa/vuxP0IjEont6umdMgtQ==", - "dev": true, - "requires": { - "abbrev": "1" - } - }, "semver": { "version": "7.3.4", "resolved": "https://registry.npmjs.org/semver/-/semver-7.3.4.tgz", @@ -13334,9 +13323,10 @@ "dev": true }, "nopt": { - "version": "2.1.2", - "resolved": "https://registry.npmjs.org/nopt/-/nopt-2.1.2.tgz", - "integrity": "sha1-bMzZd7gBMqB3MdbozljCyDA8+a8=", + "version": "5.0.0", + "resolved": "https://registry.npmjs.org/nopt/-/nopt-5.0.0.tgz", + "integrity": "sha512-Tbj67rffqceeLpcRXrT7vKAN8CwfPeIBgM7E6iBkmKLV7bEMwpGgYLGv0jACUsECaa/vuxP0IjEont6umdMgtQ==", + "dev": true, "requires": { "abbrev": "1" } diff --git a/package.json b/package.json index 6e78bc92..14067c18 100644 --- a/package.json +++ b/package.json @@ -24,7 +24,7 @@ "lodash.debounce": "^4.0.8", "lodash.isequal": "^4.5.0", "lodash.uniqwith": "^4.5.0", - "markdown": "^0.5.0", + "marked": "^2.1.1", "material-design-icons": "^3.0.1", "nedb": "^1.8.0", "node-forge": "^0.10.0", diff --git a/src/renderer/App.js b/src/renderer/App.js index 1880c59d..39097a4f 100644 --- a/src/renderer/App.js +++ b/src/renderer/App.js @@ -10,7 +10,7 @@ import FtButton from './components/ft-button/ft-button.vue' import FtToast from './components/ft-toast/ft-toast.vue' import FtProgressBar from './components/ft-progress-bar/ft-progress-bar.vue' import $ from 'jquery' -import { markdown } from 'markdown' +import marked from 'marked' import Parser from 'rss-parser' let ipcRenderer = null @@ -183,7 +183,7 @@ export default Vue.extend({ $.getJSON(requestUrl, (response) => { const tagName = response[0].tag_name const versionNumber = tagName.replace('v', '').replace('-beta', '') - this.updateChangelog = markdown.toHTML(response[0].body) + this.updateChangelog = marked(response[0].body) this.changeLogTitle = response[0].name const message = this.$t('Version $ is now available! Click for more details')