Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

fixes: #156, osv/GHSA-35jh-r3h4-6jhm: override autolinker #195

Open
wants to merge 1 commit into
base: master
Choose a base branch
from

Conversation

ramonpetgrave64
Copy link

@ramonpetgrave64 ramonpetgrave64 commented Jun 28, 2024

Fixes #156

Overrides the version of autolinker used to fix a vulnerability.

I understand this solution may seem hacky, but npm's docs suggest overrides for fixing security issues.

Testing process

  • npm audit now finds no vulnerabilities
@ramonpetgrave64 ➜ /workspaces/markdown-toc (master) $ npm audit
found 0 vulnerabilities
  • unit tests still pass
@ramonpetgrave64 ➜ /workspaces/markdown-toc (master) $ npm install && npm test
npm WARN deprecated inflight@1.0.6: This module is not supported, and leaks memory. Do not use it. Check out lru-cache if you want a good and tested way to coalesce async requests by a key value, which is much more comprehensive and powerful.
npm WARN deprecated glob@8.1.0: Glob versions prior to v9 are no longer supported

added 135 packages, and audited 136 packages in 2s

20 packages are looking for funding
  run `npm fund` for details

found 0 vulnerabilities

> markdown-toc@1.2.0 test
> mocha



  plugin
    ✔ should work as a remarkable plugin (61ms)

  options: custom functions:
    ✔ should allow a custom `strip` function to strip words from heading text:
    ✔ should allow a custom slugify function to be passed:
    ✔ should strip forward slashes in slugs
    ✔ should strip backticks in slugs
    ✔ should strip CJK punctuations in slugs
    ✔ should strip & in slugs
    ✔ should escape the CJK characters in linkify
    ✔ should strip HTML tags from headings
    ✔ should not strip HTML tags from headings when `stripHeadingTags` is false
    ✔ should condense spaces in the heading text
    ✔ should replace spaces in links with dashes
    ✔ should allow a `filter` function to filter out unwanted bullets:

  toc
    ✔ should generate a TOC from markdown headings:
    ✔ should allow duplicate headings:
    ✔ should increment duplicate headings:
    ✔ should allow and ignore empty headings:
    ✔ should handle dots, colons dashes and underscores correctly:
    ✔ should use a different bullet for each level
    ✔ should use a different bullet for each level
    ✔ should handle mixed heading levels:
    ✔ should ignore headings in fenced code blocks.
    ✔ should allow `maxdepth` to limit heading levels:
    ✔ should remove the first H1 when `firsth1` is false:
    - should correctly calculate `maxdepth` when `firsth1` is false:
    ✔ should allow custom bullet points to be defined:
    ✔ should rotate bullets when there are more levels than bullets defined:
    ✔ should rotate bullets when there are more levels than bullets defined:
    ✔ should wrap around the bullet point array
    ✔ should allow custom bullet points at different depths
    ✔ should remove diacritics from the links
    ✔ should strip words from heading text, but not from urls:

  toc tokens
    ✔ should return an object for customizing a toc:
    ✔ should return the `highest` heading level in the TOC:
    ✔ should return an array of tokens:
    ✔ should expose the `lvl` property on headings tokens:

  json property
    ✔ should expose a `json` property:
    ✔ should return the `content` property for a heading:

  toc.insert
    ✔ should retain trailing newlines in the given string
    ✔ should insert a markdown TOC beneath a `<!-- toc -->` comment. (39ms)
    ✔ should replace an old TOC between `<!-- toc -->...<!-- tocstop -->` comments.
    ✔ should insert the toc passed on the options.
    ✔ should accept options
    ✔ should accept no links option


  43 passing (159ms)
  1 pending

@ramonpetgrave64 ramonpetgrave64 marked this pull request as ready for review June 28, 2024 21:01
@ramonpetgrave64
Copy link
Author

@aneeshusa

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

Remarkable Dependency Vulnerability
1 participant