helper-markdown icon indicating copy to clipboard operation
helper-markdown copied to clipboard

Published 20 hours ago verified publisher icon helpers

Upgrade highlight.js dependency to v10

Open Romakita opened this issue 5 years ago • 8 comments

Hello Team,

This is problem about the latest dependency about highlight.js related here: https://github.com/highlightjs/highlight.js/issues/2877

Is it possible to upgrade you highlight dependencies to v10 please :)

See you Romain

Romakita avatar Nov 19 '20 17:11 Romakita

At a glance I think this should be pretty straightforward.

joshgoebel avatar Nov 19 '20 17:11 joshgoebel

I would love it if you could update this to version 10 of highlight.js.

I'm starting to get folks logging issues on my repo due to this dependency 😢 - If there anything I can do to help please let me know. 🙏🏻

DannyDainton avatar Nov 19 '20 20:11 DannyDainton

Unfortunately I don't have time to make PRs for every downstream library but if someone just bumped the dependencies here and then played around a bit that might get them really far. It's always hard to call these things with just a glance but our public API between v9 -> v10 was actually super stable. You could read the Version 10 release notes to see what changed, but for many, many people upgrading was super simple - despite many small breaking changes.

We no longer support IE11 is the big change that might bite some people. (though that wouldn't matter if you were running this on the server-side).

joshgoebel avatar Nov 19 '20 22:11 joshgoebel

Wrote a very tiny guide:

https://github.com/highlightjs/highlight.js/issues/2882

joshgoebel avatar Nov 19 '20 22:11 joshgoebel

Hey @jonschlinkert / @doowb / @almeidap

Is there any chance that you could take a look at this issue, please? 🙏

DannyDainton avatar Jan 26 '21 11:01 DannyDainton

@joshgoebel @DannyDainton @almeidap PR => https://github.com/helpers/helper-markdown/pull/17

Romakita avatar Jan 30 '21 08:01 Romakita

Hey, the linked highlightjs 9.x version has a reported security vulnerability https://snyk.io/test/npm/helper-markdown/1.0.0

There are 2 Pull requests that request to bump to v10: https://github.com/helpers/helper-markdown/pull/17 https://github.com/helpers/helper-markdown/pull/16

@jonschlinkert @doowb @almeidap Could you help to merge it to address the security risk?

jimjaeger avatar Apr 24 '21 16:04 jimjaeger

👋 Hi @jonschlinkert @doowb I apologise for the inconvenience, unfortunately for now the only way to get the update for this library is to ask you. Could you find the time to update it? If you don't have time, can you invite someone (I volunteer) to help maintain the library?

rvitaliy avatar Aug 10 '23 11:08 rvitaliy