documentation Update remark dependencies - JavaScript

The latest version of documentation still calls out to older versions of remark which have serious security vulnerabilities in them; for example: trim-0.0.1 called as a sub dependency from remark 9. meanwhile trim has moved on to 1.0.0

  • My current version: documentation-13.1.0
  • Used as a sub dependency of taiko
Asked Oct 14 '21 01:10
avatar raninan
raninan

3 Answer:

Happy to accept a PR. These kinds of security vulnerabilities are never actually exploitable or worth worrying about, but the automated checkers will nag us nonetheless.

1
Answered Jan 19 '21 at 19:36
avatar  of tmcw
tmcw

~~@tmcw, I've opened a PR, https://github.com/documentationjs/documentation/pull/1357, with the dependencies update. Can you take a look?~~

Seems like after updating remark the parser's prototype has changed and initializeTokenizers is not there anymore, so the doc command breaks when assigning the tokenizeLink. I'd appreciate some help fixing this issue, given I am totally new to this codebase (and the remark project) 🙂

1
Answered Feb 18 '21 at 02:04
avatar  of lalli-flores
lalli-flores

remark has new engine started 13 version. I updated on last 12.0 which still compatible with us.

1
Answered Apr 07 '21 at 15:48
avatar  of anthony-redFox
anthony-redFox