From c629e3b17681f78f0705899547fdabd0cfbb947e Mon Sep 17 00:00:00 2001 From: pyyupsk Date: Thu, 4 Dec 2025 18:23:18 +0700 Subject: [PATCH] fix(deps): update mdast-util-to-hast to ^13.2.1 Address security vulnerability GHSA-4fh9-h7wg-q85m (unsanitized class attribute). Update tests to use ts-ignore for runtime behavior tests. --- lib/omission/closing.js | 8 +- package.json | 2 +- test/attribute.js | 176 ++++++++++++++++++++++------------------ 3 files changed, 104 insertions(+), 82 deletions(-) diff --git a/lib/omission/closing.js b/lib/omission/closing.js index b30baf7..1de4c0e 100644 --- a/lib/omission/closing.js +++ b/lib/omission/closing.js @@ -176,8 +176,8 @@ function dt(_, index, parent) { const next = siblingAfter(parent, index) return Boolean( next && - next.type === 'element' && - (next.tagName === 'dt' || next.tagName === 'dd') + next.type === 'element' && + (next.tagName === 'dt' || next.tagName === 'dd') ) } @@ -277,8 +277,8 @@ function thead(_, index, parent) { const next = siblingAfter(parent, index) return Boolean( next && - next.type === 'element' && - (next.tagName === 'tbody' || next.tagName === 'tfoot') + next.type === 'element' && + (next.tagName === 'tbody' || next.tagName === 'tfoot') ) } diff --git a/package.json b/package.json index b1ea5a1..37dd7d1 100644 --- a/package.json +++ b/package.json @@ -11,7 +11,7 @@ "comma-separated-tokens": "^2.0.0", "hast-util-whitespace": "^3.0.0", "html-void-elements": "^3.0.0", - "mdast-util-to-hast": "^13.0.0", + "mdast-util-to-hast": "^13.2.1", "property-information": "^7.0.0", "space-separated-tokens": "^2.0.0", "stringify-entities": "^4.0.0", diff --git a/test/attribute.js b/test/attribute.js index bdf6366..7554566 100644 --- a/test/attribute.js +++ b/test/attribute.js @@ -130,13 +130,15 @@ test('`element` attributes', async (t) => { await t.test('should serialize unknowns set to objects', async function () { assert.deepEqual( - toHtml({ - type: 'element', - tagName: 'i', - // @ts-expect-error: check how the runtime handles a `toString` method on an object. - properties: {unknown: {toString}}, - children: [] - }), + toHtml( + // @ts-ignore: check how the runtime handles a `toString` method on an object. + { + type: 'element', + tagName: 'i', + properties: {unknown: {toString}}, + children: [] + } + ), '' ) }) @@ -531,13 +533,15 @@ test('`element` attributes', async (t) => { 'should serialize known numbers set to an object', async function () { assert.deepEqual( - toHtml({ - type: 'element', - tagName: 'i', - // @ts-expect-error: check how the runtime handles a `toString` method on an object. - properties: {cols: {toString}}, - children: [] - }), + toHtml( + // @ts-ignore: check how the runtime handles a `toString` method on an object. + { + type: 'element', + tagName: 'i', + properties: {cols: {toString}}, + children: [] + } + ), '' ) } @@ -577,13 +581,15 @@ test('`element` attributes', async (t) => { 'should serialize known numbers set to an array of booleans', async function () { assert.deepEqual( - toHtml({ - type: 'element', - tagName: 'i', - // @ts-expect-error: check how the runtime handles booleans in an array. - properties: {cols: [true, false]}, - children: [] - }), + toHtml( + // @ts-ignore: check how the runtime handles booleans in an array. + { + type: 'element', + tagName: 'i', + properties: {cols: [true, false]}, + children: [] + } + ), '' ) } @@ -717,13 +723,15 @@ test('`element` attributes', async (t) => { 'should serialize known space-separated lists set to an object', async function () { assert.deepEqual( - toHtml({ - type: 'element', - tagName: 'i', - // @ts-expect-error: check how the runtime handles a `toString` method on an object. - properties: {className: {toString}}, - children: [] - }), + toHtml( + // @ts-ignore: check how the runtime handles a `toString` method on an object. + { + type: 'element', + tagName: 'i', + properties: {className: {toString}}, + children: [] + } + ), '' ) } @@ -763,13 +771,15 @@ test('`element` attributes', async (t) => { 'should serialize known space-separated lists set to an array of booleans', async function () { assert.deepEqual( - toHtml({ - type: 'element', - tagName: 'i', - // @ts-expect-error: check how the runtime handles booleans in an array. - properties: {className: [true, false]}, - children: [] - }), + toHtml( + // @ts-ignore: check how the runtime handles booleans in an array. + { + type: 'element', + tagName: 'i', + properties: {className: [true, false]}, + children: [] + } + ), '' ) } @@ -889,13 +899,15 @@ test('`element` attributes', async (t) => { 'should serialize known comma-separated lists set to an object', async function () { assert.deepEqual( - toHtml({ - type: 'element', - tagName: 'i', - // @ts-expect-error: check how the runtime handles a `toString` method on an object. - properties: {accept: {toString}}, - children: [] - }), + toHtml( + // @ts-ignore: check how the runtime handles a `toString` method on an object. + { + type: 'element', + tagName: 'i', + properties: {accept: {toString}}, + children: [] + } + ), '' ) } @@ -935,13 +947,15 @@ test('`element` attributes', async (t) => { 'should serialize known comma-separated lists set to an array of booleans', async function () { assert.deepEqual( - toHtml({ - type: 'element', - tagName: 'i', - // @ts-expect-error: check how the runtime handles booleans in an array. - properties: {accept: [true, false]}, - children: [] - }), + toHtml( + // @ts-ignore: check how the runtime handles booleans in an array. + { + type: 'element', + tagName: 'i', + properties: {accept: [true, false]}, + children: [] + } + ), '' ) } @@ -1056,13 +1070,15 @@ test('`element` attributes', async (t) => { 'should serialize known normals set to an object', async function () { assert.deepEqual( - toHtml({ - type: 'element', - tagName: 'i', - // @ts-expect-error: check how the runtime handles a `toString` method on an object. - properties: {id: {toString}}, - children: [] - }), + toHtml( + // @ts-ignore: check how the runtime handles a `toString` method on an object. + { + type: 'element', + tagName: 'i', + properties: {id: {toString}}, + children: [] + } + ), '' ) } @@ -1102,13 +1118,15 @@ test('`element` attributes', async (t) => { 'should serialize known normals set to an array of booleans as a space-separated list', async function () { assert.deepEqual( - toHtml({ - type: 'element', - tagName: 'i', - // @ts-expect-error: check how the runtime handles booleans in an array. - properties: {id: [true, false]}, - children: [] - }), + toHtml( + // @ts-ignore: check how the runtime handles booleans in an array. + { + type: 'element', + tagName: 'i', + properties: {id: [true, false]}, + children: [] + } + ), '' ) } @@ -1252,13 +1270,15 @@ test('`element` attributes', async (t) => { 'should serialize data properties set to an object', async function () { assert.deepEqual( - toHtml({ - type: 'element', - tagName: 'i', - // @ts-expect-error: check how the runtime handles a `toString` method on an object. - properties: {dataId: {toString}}, - children: [] - }), + toHtml( + // @ts-ignore: check how the runtime handles a `toString` method on an object. + { + type: 'element', + tagName: 'i', + properties: {dataId: {toString}}, + children: [] + } + ), '' ) } @@ -1298,13 +1318,15 @@ test('`element` attributes', async (t) => { 'should serialize data properties set to an array of booleans as a space-separated list', async function () { assert.deepEqual( - toHtml({ - type: 'element', - tagName: 'i', - // @ts-expect-error: check how the runtime handles booleans in an array. - properties: {dataId: [true, false]}, - children: [] - }), + toHtml( + // @ts-ignore: check how the runtime handles booleans in an array. + { + type: 'element', + tagName: 'i', + properties: {dataId: [true, false]}, + children: [] + } + ), '' ) }