[Snyk] Security upgrade marked from 0.7.0 to 1.1.1 (#1313)

snyk-bot · Koooooo-7 · sy-records · web-flow · commit 086c2859adb4 · 2020-08-14T07:53:23.000+08:00
* fix: package.json & package-lock.json to reduce vulnerabilities The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-MARKED-584281 * fix: fix CompileError * fix: embed files error Co-authored-by: Koy <369491420@qq.com> Co-authored-by: 沈唁 <52o@qq52o.cn>
diff --git a/build/build.js b/build/build.js
@@ -22,7 +22,10 @@ async function build(opts) {
     .rollup({
       input: opts.input,
       plugins: (opts.plugins || []).concat([
-        buble(),
+        buble({
+          transforms: {
+            dangerousForOf: true
+          }}),
         commonjs(),
         nodeResolve(),
         replace({
@@ -33,8 +36,8 @@ async function build(opts) {
       onwarn: function (message) {
         if (message.code === 'UNRESOLVED_IMPORT') {
           throw new Error(
-            `Could not resolve module ` + 
-            message.source + 
+            `Could not resolve module ` +
+            message.source +
             `. Try running 'npm install' or using rollup's 'external' option if this is an external dependency. ` +
             `Module ${message.source} is imported in ${message.importer}`
             )
diff --git a/docs/embed-files.md b/docs/embed-files.md
@@ -62,7 +62,7 @@ Sometimes you don't want to embed a whole file. Maybe because you need just a fe
 [filename](_media/example.js ':include :type=code :fragment=demo')
 ```
 
-In your code file you need to surround the fragment between `/// [demo]` lines (before and after the fragment).  
+In your code file you need to surround the fragment between `/// [demo]` lines (before and after the fragment).
 Alternatively you can use `### [demo]`.
 
 Example:
@@ -153,7 +153,7 @@ The `LABEL` can be any text you want. It acts as a _fallback_ message if the lin
 ### Render a codeblock from a gist
 
 The format is the same as the previous section, but with `:type=code` added to the alt text. As with the [Embedded file type](#embedded-file-type) section, the syntax highlighting will be **inferred** from the extension (e.g. `.js` or `.py`), so you can leave the `type` set as `code`.
- 
+
 Here is the format:
 
 ```markdown
diff --git a/package-lock.json b/package-lock.json
diff --git a/package.json b/package.json
@@ -58,7 +58,7 @@
   },
   "dependencies": {
     "dompurify": "^2.0.8",
-    "marked": "^0.7.0",
+    "marked": "^1.1.1",
     "medium-zoom": "^1.0.5",
     "opencollective-postinstall": "^2.0.2",
     "prismjs": "^1.19.0",
diff --git a/src/core/render/embed.js b/src/core/render/embed.js
@@ -101,7 +101,7 @@ export function prerenderEmbed({ compiler, raw = '', fetch }, done) {
   const compile = compiler._marked;
   let tokens = compile.lexer(raw);
   const embedTokens = [];
-  const linkRE = compile.InlineLexer.rules.link;
+  const linkRE = compile.Lexer.rules.inline.link;
   const links = tokens.links;
 
   tokens.forEach((token, index) => {
