search

thlorenz / doctoc

📜 Generates table of contents for markdown files inside local git repository. Links are compatible with anchors generated by github or other sites.
https://www.npmjs.com/package/doctoc
MIT License
4.23k stars 480 forks source link

fix: upgrade deps #225

Closed hongaar closed 2 years ago

hongaar commented 2 years ago

This updates all dependencies to their latest version.

Specifically, this resolves an issue with a vulnerable version of trim@0.0.1 in the current dependency tree.

$ npm ls trim
doctoc@2.1.0 /workspaces/doctoc
└─┬ @textlint/markdown-to-ast@6.1.7
  └─┬ remark-parse@5.0.0
    └── trim@0.0.1

More details here: https://github.com/advisories/GHSA-w5p7-h5w8-2hfq

I had to slightly tweak one test to account for a change in the markdown parser (heading not recognized when part of a previous paragraph).

pygy commented 2 years ago

It would be nice to have this merged.

Currently, npm audit fix downgrades to doctoc@1.3.1 which is vulnerable to other problems.

From that version npm audit fix loops back to doctoc@v2.1...

AndrewSouthpaw commented 2 years ago

Oof, sorry for the slow response here. This looks good to me, thanks.