You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Upgrading to mdast-util-from-markdown might not be quite as difficult as originally feared. I have a prototype implementation that actually uncovered two incorrect assertions in the existing tests! I'll need to do more testing to be confident enough to submit a PR, but early signs are encouraging.
The previous parser, `remark-parse` v7, included a transitive dependency
on an npm package with a security vulnerability. Newer versions of
`remark-parse` are wrappers around a new underlying parser,
`mdast-util-from-markdown`, so we can use that directly.
The previous parser also failed to preserve `\r\n` line endings,
replacing them all with `\n`. The new parser correctly preserves `\r\n`
line endings, finally providing a fix for the failing test case I
cherry-picked in the previous commit. The improved behavior also
uncovered an incorrect line ending test assertion that this commit
corrects.
While this change is in theory fully compatible, containing just bug
fixes, I'm tagging it `Update:` in case there are compatibility changes
in the new parser. This is consistent with #175, which upgraded
`remark-parse` v5 to v7 in a semver-minor `Update:` change.
The currently installed version of remark-parse uses a version of "trim" that is marked "high severity" by npm!
https://www.npmjs.com/advisories/1700
The latest version of remark-parse does not depend on this dangerous dependency.
Thanks in advance!
The text was updated successfully, but these errors were encountered: