Skip to content

chore: update dependencies and improve markmap integration #1934

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 6 commits into
base: develop
Choose a base branch
from
Open

chore: update dependencies and improve markmap integration #1934

wants to merge 6 commits into from

Conversation

Yukaii
Copy link
Member

@Yukaii Yukaii commented Jul 15, 2025

  • Updated markmap dependencies to versions 0.18.9 for markmap-common and 0.18.12 for markmap-lib and markmap-view.
  • Refactored import statements in extra.js to use the updated markmap packages.
  • Added a new helper function to sanitize markmap nodes against XSS vulnerabilities.

This update enhances the security and functionality of the markmap integration in the project.

@Yukaii Yukaii linked an issue Jul 15, 2025 that may be closed by this pull request
Stored XSS via markmap-lib #1933
Open
@Yukaii
chore: update dependencies and improve markmap integration
e7dc372 
- Updated markmap dependencies to versions 0.18.9 for markmap-common and 0.18.12 for markmap-lib and markmap-view.
- Refactored import statements in extra.js to use the updated markmap packages.
- Added a new helper function to sanitize markmap nodes against XSS vulnerabilities.

This update enhances the security and functionality of the markmap integration in the project.

Signed-off-by: Yukai Huang <[email protected]>
@Yukaii Yukaii force-pushed the bugfix/markmap-xss branch from b6d65cd to e7dc372 Compare July 15, 2025 08:25
Yukaii added 4 commits August 2, 2025 23:25
@Yukaii
refactor: replace babel-polyfill with core-js and regenerator-runtime
29837c2 
- Removed babel-polyfill from package.json and webpack.common.js.
- Added core-js and regenerator-runtime as dependencies.
- Updated babel-loader to version 8.x in devDependencies.
- Ensured compatibility with modern JavaScript features by using core-js and regenerator-runtime.

Signed-off-by: Yukai Huang <[email protected]>
@Yukaii
feat: add optional chaining plugin and update webpack config for mark…
300f11c 
…map and yaml support

Signed-off-by: Yukai Huang <[email protected]>
@Yukaii
refactor: migrate to ES modules and update webpack config for markmap…
cc2201d 
… and yaml support

Signed-off-by: Yukai Huang <[email protected]>
@Yukaii
fix: add globalThis declaration for compatibility
7cad0ef 
Signed-off-by: Yukai Huang <[email protected]>
@Yukaii Yukaii force-pushed the bugfix/markmap-xss branch from 85195b7 to 7cad0ef Compare August 2, 2025 15:25
@Yukaii Yukaii modified the milestones: Next, 2.6.1 Aug 8, 2025
@Yukaii Yukaii force-pushed the bugfix/markmap-xss branch from b4da5c3 to 7cad0ef Compare August 13, 2025 01:00
@Yukaii Yukaii force-pushed the bugfix/markmap-xss branch from 11e327e to dc81ffb Compare August 13, 2025 02:18
@Yukaii Yukaii requested a review from jackycute August 13, 2025 02:22
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jackycute jackycute Awaiting requested review from jackycute

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
2.6.1
Development

Successfully merging this pull request may close these issues.

Stored XSS via markmap-lib
1 participant
@Yukaii