Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

chore(deps): update dependency react-markdown to v5 #153

Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

chore(deps): update dependency react-markdown to v5 #153

wants to merge 1 commit into from

Conversation

mend-for-github-com[bot]
Copy link

This PR contains the following updates:

Package Type Update Change
react-markdown dependencies major ^3.2.0 -> ^5.0.0

By merging this PR, the issue #124 will be automatically resolved and closed:

Severity CVSS Score CVE Reachability
High High 7.5 CVE-2020-7753

Release Notes

remarkjs/react-markdown (react-markdown)

v5.0.0

Compare Source

BREAKING
Maintained by unified

This project is now maintained by the unified collective, which also houses the
underlying tools used in react-markdown: hundreds of projects for working with
markdown and markup related things (including MDX).
We have cleaned the project: updated dependencies, improved
docs/tests/coverage/types, cleaned the issue tracker, and fixed a couple of
bugs, but otherwise much should be the same.

Upgrade remark-parse

The parser used in react-markdown has been upgraded to the latest version.
It is now 100% CommonMark compliant: that means it works the same as in other
places, such as Discourse, Reddit, Stack Overflow, and GitHub.
Note that GitHub does extend CommonMark: to match how Markdown works on GitHub,
use the remark-gfm plugin.

New serializer property: node

A new node prop is passed to all non-tag/non-fragment renderers.
This contains the raw mdast AST node,
which opens up a number of interesting possibilities.
The breaking change is for renderers which blindly spread their props to an
underlying component/tag.
For instance:

<ReactMarkdown renderers={{link: props => <a {...props} />}}  />

Should now be written as:

<ReactMarkdown renderers={{link: ({node, ...props}) => <a {...props} />}}  />
List/list item tight property replaced by spread

Previously, the tight property would hint as to whether or not list items
should be wrapped in paragraphs.
This logic has now been replaced by a new spread property, which behaves
slightly differently.
Read more.

v4.3.1

Compare Source

Fixes
  • (Typings) Fix incorrect typescript definitions (Peng Guanwen)

v4.3.0

Compare Source

Fixes
  • (Typings) Add typings for react-markdown/html-parser (Peng Guanwen)

v4.2.2

Compare Source

Fixes
  • (Typings) Inline RemarkParseOptions for now (Espen Hovlandsdal)

v4.2.1

Compare Source

Fixes
  • (Typings) Fix incorrect import - RemarkParseOptions (Jakub Chrzanowski)

v4.2.0

Compare Source

Added
  • Add support for plugins that use AST transformations (Frankie Ali)
Fixes
  • (Typings) Add parserOptions to type defintions (Ted Piotrowski)
  • Allow renderer to be any React element type (Nathan Bierema)

v4.1.0

Compare Source

Added
  • Add prop parserOptions to specify options for remark-parse (Kelvin Chan)

v4.0.9

Compare Source

Fixes
  • (Typings) Make transformLinkUri & transformImageUri actually nullable
    (Florentin Luca Rieger)

v4.0.8

Compare Source

Fixes
  • Fix HTML parsing of elements with a single child vs. multiple children
    (Nicolas Venegas)

v4.0.7

Compare Source

Fixes
  • Fix matching of replaced non-void elements in HTML parser plugin (Nicolas
    Venegas)
  • Fix HTML parsing of multiple void elements (Nicolas Venegas)
  • Fix void element children invariant violation (Nicolas Venegas)

v4.0.6

Compare Source

Fixes
  • Mitigate regex ddos by upgrading html-to-react (Christoph Werner)
  • Update typings to allow arbitrary node types (Jesse Pinho)
  • Readme: Add note about only parsing plugins working (Vincent Tunru)

v4.0.5

Compare Source

v4.0.4

Compare Source

Changed
  • Upgrade dependencies (Espen Hovlandsdal)

v4.0.3

Compare Source

Fixes
  • Output paragraph element for last item in loose list (Jeremy Moseley)

v4.0.2

Compare Source

Fixes
  • Fix text rendering in React versions lower than or equal to 15 (Espen
    Hovlandsdal)

v4.0.1

Compare Source

Fixes
  • [TypeScript] Fix TypeScript index signature for renderers (Linus Unnebäck)

v4.0.0

Compare Source

BREAKING
  • text is now a first-class node + renderer
    — if you are using allowedNodes, it needs to be included in this list.
    Since it is now a React component, it will be passed an object of props
    instead of the old approach where a string was passed.
    children will contain the actual text string.
  • On React >= 16.2, if no className prop is provided, a fragment will be
    used instead of a div.
    To always render a div, pass 'div' as the root renderer.
  • On React >= 16.2, escaped HTML will no longer be rendered with div/span
    containers
  • The UMD bundle now exports the component as window.ReactMarkdown instead
    of window.reactMarkdown
Added
  • HTML parser plugin for full HTML compatibility (Espen Hovlandsdal)
Fixes
  • URI transformer allows uppercase http/https URLs (Liam Kennedy)
  • [TypeScript] Strongly type the keys of renderers (Linus Unnebäck)
  • If you want to rebase/retry this PR, check this box

@mend-for-github-com mend-for-github-com bot added the security fix Security fix generated by Mend label Nov 15, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
security fix Security fix generated by Mend
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
0 participants