fix(deps): update dependency markdown-to-jsx to v7.4.0 [security]

[renovate]

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence
markdown-to-jsx (source)	7.1.7 -> 7.4.0

GitHub Vulnerability Alerts

CVE-2024-21535

Versions of the package markdown-to-jsx before 7.4.0 are vulnerable to Cross-site Scripting (XSS) via the src property due to improper input sanitization. An attacker can execute arbitrary code by injecting a malicious iframe element in the markdown.

---

Release Notes

quantizor/markdown-to-jsx (markdown-to-jsx)

v7.4.0

Compare Source

Happy New Year! 🎆

markdown-to-jsx v7.4 features a new option renderRule! — From the README:

Supply your own rendering function that can selectively override how rules are rendered (note, this is different than options.overrides which operates at the HTML tag level and is more general). You can use this functionality to do pretty much anything with an established AST node; here's an example of selectively overriding the "codeBlock" rule to process LaTeX syntax using the @matejmazur/react-katex library:

import { Markdown, RuleType } from 'markdown-to-jsx'
import TeX from '@​matejmazur/react-katex'

const exampleContent =
  'Some important formula:\n\n```latex\nmathbb{N} = { a in mathbb{Z} : a > 0 }\n```\n'

function App() {
  return (
    <Markdown
      children={exampleContent}
      options={{
        renderRule(next, node, renderChildren, state) {
          if (node.type === RuleType.codeBlock && node.lang === 'latex') {
            return (
              <TeX as="div" key={state.key}>{String.raw`${node.text}`}</TeX>
            )
          }

          return next()
        },
      }}
    />
  )
}

The README docs around syntax highlighting have also been updated with sample code.

With the new year comes a push toward v8. Performance will be a top priority, reducing the complexity of the library's regexes to increase throughput for SSR use-cases and ideally eliminate rare but frustrating issues like catastrophic backtracking. In addition, the library will be pivoting into more of a pure compiler model, with a React adapter offered and ones added for other major frameworks as well. The idea is anywhere you can run JS, you can use [secret new library name].

Stay tuned and thanks for being part of the journey ✌🏼
Here's to a great 2024 🍾

markdown-to-jsx is maintained by @​quantizor, buy him a coffee

Full Changelog: quantizor/markdown-to-jsx@v7.3.2...v7.4.0

v7.3.2

Compare Source

fix(types): path to esm types in "exports"

Full Changelog: quantizor/markdown-to-jsx@v7.3.1...v7.3.2

v7.3.1

Compare Source

What's Changed

• add dev-time error if trying to provide bad input

Full Changelog: quantizor/markdown-to-jsx@v7.3.0...v7.3.1

v7.3.0

Compare Source

What's Changed

• chore(deps): bump word-wrap from 1.2.3 to 1.2.4 by @​dependabot in https://github.com/probablyup/markdown-to-jsx/pull/505
• chore(deps): bump semver from 6.3.0 to 6.3.1 by @​dependabot in https://github.com/probablyup/markdown-to-jsx/pull/504
• chore(deps): bump tough-cookie from 4.1.2 to 4.1.3 by @​dependabot in https://github.com/probablyup/markdown-to-jsx/pull/503
• #​379 - Allow more custom HTML character codes by @​brianfryer in https://github.com/probablyup/markdown-to-jsx/pull/502
• fix: correctly parse markdown inside of a table row when a preceding column has nested HTML elements by @​gusbmurphy in https://github.com/probablyup/markdown-to-jsx/pull/501
• add option to enforce a space between headings by @​insanicly in https://github.com/probablyup/markdown-to-jsx/pull/440
• fix: Update package.json for "type": "module" with updated size-limit tests for index.cjs and index.module.js (replacing index.js) by @​nbarrow-inspire-labs in https://github.com/probablyup/markdown-to-jsx/pull/500

New Contributors

• @​brianfryer made their first contribution in https://github.com/probablyup/markdown-to-jsx/pull/502
• @​gusbmurphy made their first contribution in https://github.com/probablyup/markdown-to-jsx/pull/501
• @​insanicly made their first contribution in https://github.com/probablyup/markdown-to-jsx/pull/440
• @​nbarrow-inspire-labs made their first contribution in https://github.com/probablyup/markdown-to-jsx/pull/500

Full Changelog: quantizor/markdown-to-jsx@v7.2.1...v7.3.0

v7.2.1

Compare Source

What's Changed

• fix: move types condition to the front by @​Andarist in https://github.com/probablyup/markdown-to-jsx/pull/492

New Contributors

• @​Andarist made their first contribution in https://github.com/probablyup/markdown-to-jsx/pull/492

Full Changelog: quantizor/markdown-to-jsx@v7.2.0...v7.2.1

v7.2.0

Compare Source

What's Changed

• Resolve issue with catastrophic backtracking regex by @​Prestaul in https://github.com/probablyup/markdown-to-jsx/pull/436
• fix: add package.json to exports by @​ilia-kurganskii in https://github.com/probablyup/markdown-to-jsx/pull/445
• refactor: simplify image+link regexes, allow data image URLs by @​probablyup in https://github.com/probablyup/markdown-to-jsx/pull/472
• Parse link reference definitions surrounded by angle brackets by @​ElliotFriend in https://github.com/probablyup/markdown-to-jsx/pull/476
• feat: add support for "mark" syntax ==text== by @​probablyup in https://github.com/probablyup/markdown-to-jsx/pull/471
• Syntax nits to make IntelliJ happy by @​ikonst in https://github.com/probablyup/markdown-to-jsx/pull/417
• fix: improve link detection regex by @​probablyup in https://github.com/probablyup/markdown-to-jsx/pull/483

New Contributors

• @​Prestaul made their first contribution in https://github.com/probablyup/markdown-to-jsx/pull/436
• @​ilia-kurganskii made their first contribution in https://github.com/probablyup/markdown-to-jsx/pull/445
• @​ElliotFriend made their first contribution in https://github.com/probablyup/markdown-to-jsx/pull/476

Full Changelog: quantizor/markdown-to-jsx@v7.1.9...v7.2.0

v7.1.9

Compare Source

What's Changed

• feat(compiler): allow replacing of special capital html characters by @​garywilddev in https://github.com/probablyup/markdown-to-jsx/pull/448
• fix: handle fenced code block metadata (4e403ae)
• fix: use JSX.IntrinsicAttributes instead of React.Props (9d1d907)
• refactor: detect ordered and unordered lists separately unless nested (895c2b7)
• fix: lists are not eligible in simple inline mode (b7c9481)

New Contributors

• @​fubhy made their first contribution in https://github.com/probablyup/markdown-to-jsx/pull/467
• @​garywilddev made their first contribution in https://github.com/probablyup/markdown-to-jsx/pull/448

Full Changelog: quantizor/markdown-to-jsx@v7.1.8...v7.1.9

v7.1.8

Compare Source

What's Changed

• Bump ejs from 3.1.6 to 3.1.8 by @​dependabot in https://github.com/probablyup/markdown-to-jsx/pull/452
• Escaped an unescaped tilde. by @​Dhruvin-Purohit in https://github.com/probablyup/markdown-to-jsx/pull/450
• fix: a space is required between id block and url for references by @​probablyup in https://github.com/probablyup/markdown-to-jsx/pull/458

New Contributors

• @​Dhruvin-Purohit made their first contribution in https://github.com/probablyup/markdown-to-jsx/pull/450

Full Changelog: quantizor/markdown-to-jsx@v7.1.7...v7.1.8

---

Configuration

📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.