From 3920790a98b9c887f3dedc2759ac30b70d19cfea Mon Sep 17 00:00:00 2001 From: XuluWarrior Date: Sun, 30 Jun 2019 19:15:30 +0100 Subject: [PATCH] Use marked rather than helper-markdown helper-markdown depends on remarkable which has unfixed security issue https://github.com/jonschlinkert/remarkable/issues/332 --- index.js | 23 +++++++++++--- package-lock.json | 79 +++++++++++------------------------------------ package.json | 5 +-- 3 files changed, 40 insertions(+), 67 deletions(-) diff --git a/index.js b/index.js index c46b8de..bcc802c 100644 --- a/index.js +++ b/index.js @@ -1,11 +1,26 @@ var fs = require("fs"); var path = require('path'); var Handlebars = require("handlebars"); -var markdown = require('helper-markdown'); +var utils = require('handlebars-utils'); +var marked = require('marked'); var moment = require('moment'); -Handlebars.registerHelper('markdown', function() { - var markup = markdown().apply(this, arguments); +Handlebars.registerHelper('markdown', function(str, locals, options) { + if (typeof str !== 'string') { + options = locals; + locals = str; + str = true; + } + + if (utils.isOptions(locals)) { + options = locals; + locals = {}; + } + + var ctx = utils.context(this, locals, options); + var val = utils.value(str, ctx, options); + + var markup = marked(val); // If we end up with a string wrapped in one

block, remove it so we don't create a new text block var startEndMatch = markup.match(/^

(.*)<\/p>\n$/); @@ -131,4 +146,4 @@ function render(resume) { module.exports = { render: render -}; \ No newline at end of file +}; diff --git a/package-lock.json b/package-lock.json index 0f92e91..c0f4191 100644 --- a/package-lock.json +++ b/package-lock.json @@ -17,15 +17,6 @@ "uri-js": "^4.2.2" } }, - "argparse": { - "version": "0.1.16", - "resolved": "https://registry.npmjs.org/argparse/-/argparse-0.1.16.tgz", - "integrity": "sha1-z9AeD7uj1srtBJ+9dY1A9lGW9Xw=", - "requires": { - "underscore": "~1.7.0", - "underscore.string": "~2.4.0" - } - }, "asap": { "version": "2.0.6", "resolved": "https://registry.npmjs.org/asap/-/asap-2.0.6.tgz", @@ -57,11 +48,6 @@ "dev": true, "optional": true }, - "autolinker": { - "version": "0.15.3", - "resolved": "https://registry.npmjs.org/autolinker/-/autolinker-0.15.3.tgz", - "integrity": "sha1-NCQX2PLzRhsUzwkIjV7fh5HcmDI=" - }, "aws-sign2": { "version": "0.7.0", "resolved": "https://registry.npmjs.org/aws-sign2/-/aws-sign2-0.7.0.tgz", @@ -242,13 +228,6 @@ "requires": { "kind-of": "^6.0.0", "typeof-article": "^0.1.1" - }, - "dependencies": { - "kind-of": { - "version": "6.0.2", - "resolved": "https://registry.npmjs.org/kind-of/-/kind-of-6.0.2.tgz", - "integrity": "sha512-s5kLOcnH0XqDO+FvuaLX8DDjZ18CGFk7VygH40QoKPUQhW4e2rvM0rwUq0t8IQDOwYSeLK01U90OjzBTme2QqA==" - } } }, "har-schema": { @@ -269,21 +248,6 @@ "har-schema": "^2.0.0" } }, - "helper-markdown": { - "version": "1.0.0", - "resolved": "https://registry.npmjs.org/helper-markdown/-/helper-markdown-1.0.0.tgz", - "integrity": "sha512-AnDqMS4ejkQK0MXze7pA9TM3pu01ZY+XXsES6gEE0RmCGk5/NIfvTn0NmItfyDOjRAzyo9z6X7YHbHX4PzIvOA==", - "requires": { - "handlebars-utils": "^1.0.2", - "highlight.js": "^9.12.0", - "remarkable": "^1.7.1" - } - }, - "highlight.js": { - "version": "9.12.0", - "resolved": "https://registry.npmjs.org/highlight.js/-/highlight.js-9.12.0.tgz", - "integrity": "sha1-5tnb5Xy+/mB1HwKvM2GVhwyQwB4=" - }, "http-signature": { "version": "1.2.0", "resolved": "https://registry.npmjs.org/http-signature/-/http-signature-1.2.0.tgz", @@ -357,12 +321,9 @@ } }, "kind-of": { - "version": "3.2.2", - "resolved": "https://registry.npmjs.org/kind-of/-/kind-of-3.2.2.tgz", - "integrity": "sha1-MeohpzS6ubuw8yRm2JOupR5KPGQ=", - "requires": { - "is-buffer": "^1.1.5" - } + "version": "6.0.2", + "resolved": "https://registry.npmjs.org/kind-of/-/kind-of-6.0.2.tgz", + "integrity": "sha512-s5kLOcnH0XqDO+FvuaLX8DDjZ18CGFk7VygH40QoKPUQhW4e2rvM0rwUq0t8IQDOwYSeLK01U90OjzBTme2QqA==" }, "less": { "version": "3.9.0", @@ -380,6 +341,11 @@ "source-map": "~0.6.0" } }, + "marked": { + "version": "0.6.3", + "resolved": "https://registry.npmjs.org/marked/-/marked-0.6.3.tgz", + "integrity": "sha512-Fqa7eq+UaxfMriqzYLayfqAE40WN03jf+zHjT18/uXNuzjq3TY0XTbrAoPeqSJrAmPz11VuUA+kBPYOhHt9oOQ==" + }, "mime": { "version": "1.6.0", "resolved": "https://registry.npmjs.org/mime/-/mime-1.6.0.tgz", @@ -499,15 +465,6 @@ "dev": true, "optional": true }, - "remarkable": { - "version": "1.7.1", - "resolved": "https://registry.npmjs.org/remarkable/-/remarkable-1.7.1.tgz", - "integrity": "sha1-qspJchALZqZCpjoQIcpLrBvjv/Y=", - "requires": { - "argparse": "~0.1.15", - "autolinker": "~0.15.0" - } - }, "request": { "version": "2.88.0", "resolved": "https://registry.npmjs.org/request/-/request-2.88.0.tgz", @@ -617,6 +574,16 @@ "integrity": "sha1-nwfnM8P7tkb/qeYcCN66zUYOBq8=", "requires": { "kind-of": "^3.1.0" + }, + "dependencies": { + "kind-of": { + "version": "3.2.2", + "resolved": "https://registry.npmjs.org/kind-of/-/kind-of-3.2.2.tgz", + "integrity": "sha1-MeohpzS6ubuw8yRm2JOupR5KPGQ=", + "requires": { + "is-buffer": "^1.1.5" + } + } } }, "uglify-js": { @@ -629,16 +596,6 @@ "source-map": "~0.6.1" } }, - "underscore": { - "version": "1.7.0", - "resolved": "https://registry.npmjs.org/underscore/-/underscore-1.7.0.tgz", - "integrity": "sha1-a7rwh3UA02vjTsqlhODbn+8DUgk=" - }, - "underscore.string": { - "version": "2.4.0", - "resolved": "https://registry.npmjs.org/underscore.string/-/underscore.string-2.4.0.tgz", - "integrity": "sha1-jN2PusTi0uoefi6Al8QvRCKA+Fs=" - }, "uri-js": { "version": "4.2.2", "resolved": "https://registry.npmjs.org/uri-js/-/uri-js-4.2.2.tgz", diff --git a/package.json b/package.json index 75dff93..eaa0ff9 100644 --- a/package.json +++ b/package.json @@ -18,13 +18,14 @@ }, "dependencies": { "handlebars": "^4.1.2", - "helper-markdown": "^1.0.0", + "handlebars-utils": "^1.0.6", + "marked": "^0.6.3", "moment": "^2.24.0" }, "devDependencies": { "less": "^3.9.0" }, - "engineStrict" : true, + "engineStrict": true, "engines": { "node": ">=6" }