fix: updating Remarkable dependency to resolve subdependency DOS vulnerability

kblanfor · kblanfor · commit 1a69f1b2108c · 2019-12-18T10:41:41.000-07:00
diff --git a/index.js b/index.js
@@ -26,7 +26,8 @@ module.exports = toc;
  */
 
 function toc(str, options) {
-  return new utils.Remarkable()
+  var Remarkable = utils.Remarkable.Remarkable;
+  return new Remarkable()
     .use(generate(options))
     .render(str);
 }
diff --git a/package.json b/package.json
@@ -56,7 +56,7 @@
     "minimist": "^1.2.0",
     "mixin-deep": "^1.1.3",
     "object.pick": "^1.2.0",
-    "remarkable": "^1.7.1",
+    "remarkable": "^2.0.0",
     "repeat-string": "^1.6.1",
     "strip-color": "^0.1.0"
   },
diff --git a/test/test.js b/test/test.js
@@ -18,7 +18,8 @@ function read(fp) {
 describe('plugin', function() {
   it('should work as a remarkable plugin', function() {
     function render(str, options) {
-      return new utils.Remarkable()
+      var Remarkable = utils.Remarkable.Remarkable;
+      return new Remarkable()
         .use(toc.plugin(options))
         .render(str);
     }

Original file line number	Diff line number	Diff line change
`@@ -26,7 +26,8 @@ module.exports = toc;`
`26`	`26`	`*/`
`27`	`27`
`28`	`28`	`function toc(str, options) {`
`29`		`- return new utils.Remarkable()`
	`29`	`+ var Remarkable = utils.Remarkable.Remarkable;`
	`30`	`+ return new Remarkable()`
`30`	`31`	`.use(generate(options))`
`31`	`32`	`.render(str);`
`32`	`33`	`}`