Update rollup-plugin-md for security alerts and modern build#6
Open
BobKerns wants to merge 39 commits into
Open
Update rollup-plugin-md for security alerts and modern build#6BobKerns wants to merge 39 commits into
BobKerns wants to merge 39 commits into
Conversation
BobKerns
commented
Dec 26, 2020
Comment on lines
-8
to
+25
| const filter = createFilter( options.include || [ '**/*.md'], options.exclude ); | ||
| if(options.marked){ | ||
| marked.setOptions(options.marked) | ||
| } | ||
| return { | ||
| name: 'md', | ||
| const filter = createFilter( options.include || [ '**/*.md'], options.exclude ); | ||
| if (options.marked) { | ||
| marked.setOptions(options.marked); | ||
| } | ||
| return { | ||
| name: 'md', | ||
|
|
||
| transform ( md, id ) { | ||
| if ( !ext.test( id ) ) return null; | ||
| if ( !filter( id ) ) return null; | ||
| transform ( md, id ) { | ||
| if ( !ext.test( id ) ) return null; | ||
| if ( !filter( id ) ) return null; | ||
|
|
||
| const data = marked( md ); | ||
| return { | ||
| code: `export default ${JSON.stringify(data.toString())};`, | ||
| map: { mappings: '' } | ||
| }; | ||
| } | ||
| }; | ||
| const data = marked( md ); | ||
| return { | ||
| code: `export default ${JSON.stringify(data.toString())};`, | ||
| map: { mappings: '' } | ||
| }; | ||
| } | ||
| }; |
Author
There was a problem hiding this comment.
Indentation only, no code changes in this section.
BobKerns
commented
Dec 26, 2020
| var rollup = require( 'rollup' ); | ||
| var md = require( '../dist/rollup-plugin-md.js' ); | ||
| var npm = require( 'rollup-plugin-node-resolve' ); | ||
| var npm = require( '@rollup/plugin-node-resolve' ); |
BobKerns
commented
Dec 26, 2020
Comment on lines
11
to
35
| function executeBundle ( bundle ) { | ||
| var generated = bundle.generate(); | ||
| var code = generated.code; | ||
| var generated = bundle.generate(); | ||
| var code = generated.code; | ||
|
|
||
| var fn = new Function( 'assert', code ); | ||
| fn( assert ); | ||
| var fn = new Function( 'assert', code ); | ||
| fn( assert ); | ||
| } | ||
|
|
||
| describe( 'rollup-plugin-md', function () { | ||
| it( 'converts md', function () { | ||
| return rollup.rollup({ | ||
| entry: 'samples/main.js', | ||
| plugins: [ md({ | ||
| marked: { | ||
| gfm: true, | ||
| tables: true, | ||
| breaks: false, | ||
| pedantic: false, | ||
| sanitize: true, | ||
| smartLists: true, | ||
| smartypants: false | ||
| } | ||
| }) ] | ||
| }).then( executeBundle ); | ||
| }); | ||
| it( 'converts md', function () { | ||
| return rollup.rollup({ | ||
| input: 'samples/main.js', | ||
| plugins: [ md({ | ||
| marked: { | ||
| gfm: true, | ||
| tables: true, | ||
| breaks: false, | ||
| pedantic: false, | ||
| sanitize: true, | ||
| smartLists: true, | ||
| smartypants: false | ||
| } | ||
| }) ] | ||
| }).then( executeBundle ); | ||
| }); | ||
| }); |
Author
There was a problem hiding this comment.
The code change here is on line 21: 'entry' => 'input' to match the current rollup API. The rest is indentation.
I am not a fan of tabs, but since you set up the .eslint rules to call for it, I invoked the rules, so you would not have mixed indentation.
BobKerns
commented
Dec 26, 2020
| import buble from 'rollup-plugin-buble'; | ||
|
|
||
| var pkg = require('./package.json') | ||
| var pkg = require('./package.json'); |
Author
There was a problem hiding this comment.
Buble is no longer needed, and no longer works with mocha.
BobKerns
commented
Dec 26, 2020
Comment on lines
-7
to
+19
| entry: 'src/index.js', | ||
| plugins: [ buble({ sourceMap: true }) ], | ||
| targets: [ | ||
| { | ||
| format: 'cjs', | ||
| dest: pkg['main'] | ||
| }, | ||
| { | ||
| format: 'es', | ||
| dest: pkg['jsnext:main'] | ||
| } | ||
| ], | ||
| external: external, | ||
| sourceMap: true | ||
| input: 'src/index.js', | ||
| output: [ | ||
| { | ||
| format: 'cjs', | ||
| file: pkg['main'], | ||
| sourcemap: true, | ||
| exports: 'auto' | ||
| }, | ||
| { | ||
| format: 'es', | ||
| file: pkg['jsnext:main'], | ||
| sourcemap: true | ||
| } | ||
| ], | ||
| external: external |
Author
There was a problem hiding this comment.
The rollup API has changed. This should be equivalent.
BobKerns
commented
Dec 26, 2020
| "jsnext:main": "dist/rollup-plugin-md.mjs", | ||
| "scripts": { | ||
| "test": "mocha test/*.js --compilers js:buble/register", | ||
| "test": "mocha test/*.js", |
Author
There was a problem hiding this comment.
The --compilers option is deprecated, and buble/register no longer works. Removed since it is no longer needed.
Author
|
This should fix issue #4. |
Author
|
This should subsume #5; the changes are a superset. |
Author
@BobKerns I ended up just forking to my own repo and using some of my own packages to build, test and also use my own tsconfig base and eslint. I did not think this repo was being maintained but if you still want me to reopen with my changes then let me know. Apologies if I jumped the gun |
Author
Nothing to apologize for; we're both jumping in here. I don't know if it's maintained or not, @xiaofuzi has had activity in the past few days, so he may pop in here. But they haven't touched this repo in 4 years. I was reacting to the same issues you were, but you got around to a pull request first. It looked to me like from the commit comments like you were making it more maintainable. I hope to see this folded together under one umbrella or another. |
|
@BobKerns I don't think anything will happen here. Let me know if there is anything I can do. |
Owner
|
there are some conflicts |
Bumps [marked](https://github.com/markedjs/marked) from 1.2.7 to 4.0.10. - [Release notes](https://github.com/markedjs/marked/releases) - [Changelog](https://github.com/markedjs/marked/blob/master/.releaserc.json) - [Commits](markedjs/marked@v1.2.7...v4.0.10) --- updated-dependencies: - dependency-name: marked dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com>
Bumps [lodash](https://github.com/lodash/lodash) from 4.17.20 to 4.17.21. - [Release notes](https://github.com/lodash/lodash/releases) - [Commits](lodash/lodash@4.17.20...4.17.21) --- updated-dependencies: - dependency-name: lodash dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com>
Bumps [path-parse](https://github.com/jbgutierrez/path-parse) from 1.0.6 to 1.0.7. - [Release notes](https://github.com/jbgutierrez/path-parse/releases) - [Commits](https://github.com/jbgutierrez/path-parse/commits/v1.0.7) --- updated-dependencies: - dependency-name: path-parse dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com>
Bumps [glob-parent](https://github.com/gulpjs/glob-parent) from 5.1.1 to 5.1.2. - [Release notes](https://github.com/gulpjs/glob-parent/releases) - [Changelog](https://github.com/gulpjs/glob-parent/blob/main/CHANGELOG.md) - [Commits](gulpjs/glob-parent@v5.1.1...v5.1.2) --- updated-dependencies: - dependency-name: glob-parent dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com>
…nt-5.1.2 Bump glob-parent from 5.1.1 to 5.1.2
…e-1.0.7 Bump path-parse from 1.0.6 to 1.0.7
…17.21 Bump lodash from 4.17.20 to 4.17.21
…0.10 Bump marked from 1.2.7 to 4.0.10
Bumps [minimatch](https://github.com/isaacs/minimatch) to 3.1.2 and updates ancestor dependency [mocha](https://github.com/mochajs/mocha). These dependencies need to be updated together. Updates `minimatch` from 3.0.4 to 3.1.2 - [Release notes](https://github.com/isaacs/minimatch/releases) - [Changelog](https://github.com/isaacs/minimatch/blob/main/changelog.md) - [Commits](isaacs/minimatch@v3.0.4...v3.1.2) Updates `mocha` from 8.2.1 to 10.1.0 - [Release notes](https://github.com/mochajs/mocha/releases) - [Changelog](https://github.com/mochajs/mocha/blob/master/CHANGELOG.md) - [Commits](mochajs/mocha@v8.2.1...v10.1.0) --- updated-dependencies: - dependency-name: minimatch dependency-type: indirect - dependency-name: mocha dependency-type: direct:development ... Signed-off-by: dependabot[bot] <support@github.com>
…-and-mocha-3.1.2 Bump minimatch and mocha
Bumps [ansi-regex](https://github.com/chalk/ansi-regex) from 5.0.0 to 5.0.1. - [Release notes](https://github.com/chalk/ansi-regex/releases) - [Commits](chalk/ansi-regex@v5.0.0...v5.0.1) --- updated-dependencies: - dependency-name: ansi-regex dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com>
Bumps [nanoid](https://github.com/ai/nanoid) to 3.3.3 and updates ancestor dependency [mocha](https://github.com/mochajs/mocha). These dependencies need to be updated together. Updates `nanoid` from 3.1.12 to 3.3.3 - [Release notes](https://github.com/ai/nanoid/releases) - [Changelog](https://github.com/ai/nanoid/blob/main/CHANGELOG.md) - [Commits](ai/nanoid@3.1.12...3.3.3) Updates `mocha` from 8.2.1 to 10.1.0 - [Release notes](https://github.com/mochajs/mocha/releases) - [Changelog](https://github.com/mochajs/mocha/blob/master/CHANGELOG.md) - [Commits](mochajs/mocha@v8.2.1...v10.1.0) --- updated-dependencies: - dependency-name: nanoid dependency-type: indirect - dependency-name: mocha dependency-type: direct:development ... Signed-off-by: dependabot[bot] <support@github.com>
Bumps [word-wrap](https://github.com/jonschlinkert/word-wrap) from 1.2.3 to 1.2.4. - [Release notes](https://github.com/jonschlinkert/word-wrap/releases) - [Commits](jonschlinkert/word-wrap@1.2.3...1.2.4) --- updated-dependencies: - dependency-name: word-wrap dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com>
…x-5.0.1 Bump ansi-regex from 5.0.0 to 5.0.1
…d-mocha-3.3.3 Bump nanoid and mocha
…-1.2.4 Bump word-wrap from 1.2.3 to 1.2.4
Bumps [serialize-javascript](https://github.com/yahoo/serialize-javascript) to 6.0.2 and updates ancestor dependency [mocha](https://github.com/mochajs/mocha). These dependencies need to be updated together. Updates `serialize-javascript` from 6.0.0 to 6.0.2 - [Release notes](https://github.com/yahoo/serialize-javascript/releases) - [Commits](yahoo/serialize-javascript@v6.0.0...v6.0.2) Updates `mocha` from 10.1.0 to 10.8.2 - [Release notes](https://github.com/mochajs/mocha/releases) - [Changelog](https://github.com/mochajs/mocha/blob/main/CHANGELOG.md) - [Commits](mochajs/mocha@v10.1.0...v10.8.2) --- updated-dependencies: - dependency-name: serialize-javascript dependency-version: 6.0.2 dependency-type: indirect - dependency-name: mocha dependency-version: 10.8.2 dependency-type: direct:development ... Signed-off-by: dependabot[bot] <support@github.com>
…6de2e4f1 Bump serialize-javascript and mocha
Bumps [rollup](https://github.com/rollup/rollup) from 2.35.1 to 2.79.2. - [Release notes](https://github.com/rollup/rollup/releases) - [Changelog](https://github.com/rollup/rollup/blob/master/CHANGELOG.md) - [Commits](rollup/rollup@v2.35.1...v2.79.2) --- updated-dependencies: - dependency-name: rollup dependency-version: 2.79.2 dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com>
Bumps [braces](https://github.com/micromatch/braces) from 3.0.2 to 3.0.3. - [Changelog](https://github.com/micromatch/braces/blob/master/CHANGELOG.md) - [Commits](micromatch/braces@3.0.2...3.0.3) --- updated-dependencies: - dependency-name: braces dependency-version: 3.0.3 dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com>
….79.2 Bump rollup from 2.35.1 to 2.79.2
….0.3 Bump braces from 3.0.2 to 3.0.3
Rename rollup.config with .cjs extension.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
The plugin is referencing downrev versions of
markedand other dependencies that result in security alerts with npm and github.This updates the dependencies, drops the use of
buble, updates how rollup is called, and adds a Github action to do a CI test build.I also suggest adding the following
.github/workflows/npm.yamlfile to publish to npm whenever you create a release in github. I did not include it as you may have your own workflow you prefer.