Update rollup-plugin-md for security alerts and modern build #6
Conversation
| const filter = createFilter( options.include || [ '**/*.md'], options.exclude ); | ||
| if(options.marked){ | ||
| marked.setOptions(options.marked) | ||
| } | ||
| return { | ||
| name: 'md', | ||
| const filter = createFilter( options.include || [ '**/*.md'], options.exclude ); | ||
| if (options.marked) { | ||
| marked.setOptions(options.marked); | ||
| } | ||
| return { | ||
| name: 'md', | ||
|
|
||
| transform ( md, id ) { | ||
| if ( !ext.test( id ) ) return null; | ||
| if ( !filter( id ) ) return null; | ||
| transform ( md, id ) { | ||
| if ( !ext.test( id ) ) return null; | ||
| if ( !filter( id ) ) return null; | ||
|
|
||
| const data = marked( md ); | ||
| return { | ||
| code: `export default ${JSON.stringify(data.toString())};`, | ||
| map: { mappings: '' } | ||
| }; | ||
| } | ||
| }; | ||
| const data = marked( md ); | ||
| return { | ||
| code: `export default ${JSON.stringify(data.toString())};`, | ||
| map: { mappings: '' } | ||
| }; | ||
| } | ||
| }; |
There was a problem hiding this comment.
Indentation only, no code changes in this section.
| var npm = require( 'rollup-plugin-node-resolve' ); | ||
| var npm = require( '@rollup/plugin-node-resolve' ); |
test/test.js
Outdated
| var generated = bundle.generate(); | ||
| var code = generated.code; | ||
| var generated = bundle.generate(); | ||
| var code = generated.code; | ||
|
|
||
| var fn = new Function( 'assert', code ); | ||
| fn( assert ); | ||
| var fn = new Function( 'assert', code ); | ||
| fn( assert ); | ||
| } | ||
|
|
||
| describe( 'rollup-plugin-md', function () { | ||
| it( 'converts md', function () { | ||
| return rollup.rollup({ | ||
| entry: 'samples/main.js', | ||
| plugins: [ md({ | ||
| marked: { | ||
| gfm: true, | ||
| tables: true, | ||
| breaks: false, | ||
| pedantic: false, | ||
| sanitize: true, | ||
| smartLists: true, | ||
| smartypants: false | ||
| } | ||
| }) ] | ||
| }).then( executeBundle ); | ||
| }); | ||
| it( 'converts md', function () { | ||
| return rollup.rollup({ | ||
| input: 'samples/main.js', | ||
| plugins: [ md({ | ||
| marked: { | ||
| gfm: true, | ||
| tables: true, | ||
| breaks: false, | ||
| pedantic: false, | ||
| sanitize: true, | ||
| smartLists: true, | ||
| smartypants: false | ||
| } | ||
| }) ] | ||
| }).then( executeBundle ); | ||
| }); | ||
| }); |
There was a problem hiding this comment.
The code change here is on line 21: 'entry' => 'input' to match the current rollup API. The rest is indentation.
I am not a fan of tabs, but since you set up the .eslint rules to call for it, I invoked the rules, so you would not have mixed indentation.
| import buble from 'rollup-plugin-buble'; | ||
|
|
||
| var pkg = require('./package.json') | ||
| var pkg = require('./package.json'); |
There was a problem hiding this comment.
Buble is no longer needed, and no longer works with mocha.
| entry: 'src/index.js', | ||
| plugins: [ buble({ sourceMap: true }) ], | ||
| targets: [ | ||
| { | ||
| format: 'cjs', | ||
| dest: pkg['main'] | ||
| }, | ||
| { | ||
| format: 'es', | ||
| dest: pkg['jsnext:main'] | ||
| } | ||
| ], | ||
| external: external, | ||
| sourceMap: true | ||
| input: 'src/index.js', | ||
| output: [ | ||
| { | ||
| format: 'cjs', | ||
| file: pkg['main'], | ||
| sourcemap: true, | ||
| exports: 'auto' | ||
| }, | ||
| { | ||
| format: 'es', | ||
| file: pkg['jsnext:main'], | ||
| sourcemap: true | ||
| } | ||
| ], | ||
| external: external |
There was a problem hiding this comment.
The rollup API has changed. This should be equivalent.
| "test": "mocha test/*.js --compilers js:buble/register", | ||
| "test": "mocha test/*.js", |
There was a problem hiding this comment.
The --compilers option is deprecated, and buble/register no longer works. Removed since it is no longer needed.
|
This should fix issue #4. |
|
This should subsume #5; the changes are a superset. |
@BobKerns I ended up just forking to my own repo and using some of my own packages to build, test and also use my own tsconfig base and eslint. I did not think this repo was being maintained but if you still want me to reopen with my changes then let me know. Apologies if I jumped the gun |
Nothing to apologize for; we're both jumping in here. I don't know if it's maintained or not, @xiaofuzi has had activity in the past few days, so he may pop in here. But they haven't touched this repo in 4 years. I was reacting to the same issues you were, but you got around to a pull request first. It looked to me like from the commit comments like you were making it more maintainable. I hope to see this folded together under one umbrella or another. |
|
@BobKerns I don't think anything will happen here. Let me know if there is anything I can do. |
|
there are some conflicts |
Bumps [marked](https://github.com/markedjs/marked) from 1.2.7 to 4.0.10. - [Release notes](https://github.com/markedjs/marked/releases) - [Changelog](https://github.com/markedjs/marked/blob/master/.releaserc.json) - [Commits](markedjs/marked@v1.2.7...v4.0.10) --- updated-dependencies: - dependency-name: marked dependency-type: direct:production ... Signed-off-by: dependabot[bot] <[email protected]>
Bumps [lodash](https://github.com/lodash/lodash) from 4.17.20 to 4.17.21. - [Release notes](https://github.com/lodash/lodash/releases) - [Commits](lodash/lodash@4.17.20...4.17.21) --- updated-dependencies: - dependency-name: lodash dependency-type: indirect ... Signed-off-by: dependabot[bot] <[email protected]>
Bumps [path-parse](https://github.com/jbgutierrez/path-parse) from 1.0.6 to 1.0.7. - [Release notes](https://github.com/jbgutierrez/path-parse/releases) - [Commits](https://github.com/jbgutierrez/path-parse/commits/v1.0.7) --- updated-dependencies: - dependency-name: path-parse dependency-type: indirect ... Signed-off-by: dependabot[bot] <[email protected]>
Bumps [glob-parent](https://github.com/gulpjs/glob-parent) from 5.1.1 to 5.1.2. - [Release notes](https://github.com/gulpjs/glob-parent/releases) - [Changelog](https://github.com/gulpjs/glob-parent/blob/main/CHANGELOG.md) - [Commits](gulpjs/glob-parent@v5.1.1...v5.1.2) --- updated-dependencies: - dependency-name: glob-parent dependency-type: indirect ... Signed-off-by: dependabot[bot] <[email protected]>
…nt-5.1.2 Bump glob-parent from 5.1.1 to 5.1.2
…e-1.0.7 Bump path-parse from 1.0.6 to 1.0.7
…17.21 Bump lodash from 4.17.20 to 4.17.21
…0.10 Bump marked from 1.2.7 to 4.0.10
Bumps [minimatch](https://github.com/isaacs/minimatch) to 3.1.2 and updates ancestor dependency [mocha](https://github.com/mochajs/mocha). These dependencies need to be updated together. Updates `minimatch` from 3.0.4 to 3.1.2 - [Release notes](https://github.com/isaacs/minimatch/releases) - [Changelog](https://github.com/isaacs/minimatch/blob/main/changelog.md) - [Commits](isaacs/minimatch@v3.0.4...v3.1.2) Updates `mocha` from 8.2.1 to 10.1.0 - [Release notes](https://github.com/mochajs/mocha/releases) - [Changelog](https://github.com/mochajs/mocha/blob/master/CHANGELOG.md) - [Commits](mochajs/mocha@v8.2.1...v10.1.0) --- updated-dependencies: - dependency-name: minimatch dependency-type: indirect - dependency-name: mocha dependency-type: direct:development ... Signed-off-by: dependabot[bot] <[email protected]>
…-and-mocha-3.1.2 Bump minimatch and mocha
The plugin is referencing downrev versions of
markedand other dependencies that result in security alerts with npm and github.This updates the dependencies, drops the use of
buble, updates how rollup is called, and adds a Github action to do a CI test build.I also suggest adding the following
.github/workflows/npm.yamlfile to publish to npm whenever you create a release in github. I did not include it as you may have your own workflow you prefer.