fix: update remark-parse to v9 to fix security issue of [email protected] (#444

)

* fix: pin trim resolution to 0.0.3 to fix security risk

* chore: replace deprecated validate-commit-msg with @commitlint

* fix: update remark-parse to v9 to fix security issue of [email protected]

commitlint.config.js

@@ -0,0 +1 @@
+module.exports = { extends: ['@commitlint/config-conventional'] };

package.json

@@ -35,10 +35,6 @@
     ]
   },
   "config": {
-    "validate-commit-msg": {
-      "types": "conventional-commit-types",
-      "helpMessage": "Use \"yarn commit\" instead, we use conventional-changelog format :) (https://github.com/commitizen/cz-cli)"
-    },
     "commitizen": {
       "path": "./node_modules/git-cz"
     }
@@ -48,11 +44,13 @@
     "trailingComma": "all"
   },
   "devDependencies": {
+    "@commitlint/cli": "17.4.2",
+    "@commitlint/config-conventional": "17.4.2",
     "@types/benchmark": "^1.0.33",
     "@types/faker": "^4.1.12",
     "@types/jest": "^27.0.1",
     "benchmark": "^2.1.4",
-    "commitizen": "^3.1.2",
+    "commitizen": "4.3.0",
     "git-cz": "^3.3.0",
     "husky": "^8.0.0",
     "lerna": "^6.0.3",
@@ -68,8 +66,7 @@
     "ts-node": "^8.10.2",
     "tslint-config-prettier": "^1.18.0",
     "tslint-config-standard": "^8.0.1",
-    "typescript": "^4.4.2",
-    "validate-commit-msg": "^2.14.0"
+    "typescript": "^4.4.2"
   },
   "dependencies": {}
 }

packages/rich-text-from-markdown/package.json

@@ -36,8 +36,9 @@
   "dependencies": {
     "@contentful/rich-text-types": "^16.0.2",
     "lodash": "^4.17.11",
-    "remark-parse": "^6.0.3",
-    "unified": "^7.1.0"
+    "remark-parse": "^9.0.0",
+    "remark-gfm": "^1.0.0",
+    "unified": "^9.0.0"
   },
   "devDependencies": {
     "@types/lodash": "^4.14.172",

packages/rich-text-from-markdown/src/__test__/index.test.ts

@@ -80,7 +80,12 @@ describe('parses complex inline image markdown correctly', () => {
           nodeType: 'image',
           data: {},
         },
-        block(BLOCKS.PARAGRAPH, {}, text('\n      ')),
+        block(
+          BLOCKS.PARAGRAPH,
+          {},
+          text(`
+`),
+        ),
         {
           nodeType: 'image',
           data: {},

packages/rich-text-from-markdown/src/index.ts

@@ -1,6 +1,7 @@
 import _ from 'lodash';
 import unified from 'unified';
 import markdown from 'remark-parse';
+import gfm from 'remark-gfm';
 import {
   Document,
   Node,
@@ -337,14 +338,14 @@ function prepareMdAST(ast: MarkdownTree): MarkdownNode {
 
     return { ...node, children };
   }
-  const treeNode: MarkdownNode = {
+
+  return prepareASTNodeChildren({
     depth: '0',
     type: 'root',
     value: '',
     ordered: true,
     children: ast.children,
-  };
-  return prepareASTNodeChildren(treeNode);
+  });
 }
 
 // COMPAT: can resolve with either Node or an array of Nodes for back compatibility.
@@ -354,8 +355,9 @@ export async function richTextFromMarkdown(
   md: string,
   fallback: FallbackResolver = () => Promise.resolve(null),
 ): Promise<Document> {
-  const processor = unified().use(markdown, { commonmark: true });
+  const processor = unified().use(markdown).use(gfm);
   const tree = processor.parse(md);
+  // @ts-expect-error children is missing in the return type of processor.parse
   const ast = prepareMdAST(tree);
   return await astToRichTextDocument(ast, fallback);
 }

tsconfig.json

@@ -20,6 +20,6 @@
     "experimentalDecorators": true,
     "emitDecoratorMetadata": true,
     "jsx": "react",
-    "types": ["jest"]
+    "types": ["jest", "node"]
   }
 }