diff --git a/CHANGELOG.md b/CHANGELOG.md
index c2929f0..907ae9a 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -7,6 +7,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
## [Unreleased]
### Fixed
- Incorrect initial line and column count in status bar.
+- Security issue in `marked` dependency.
## [2.16.0] - 2022-01-11
### Added
diff --git a/package-lock.json b/package-lock.json
index d407c13..b26624d 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -10,10 +10,10 @@
"license": "MIT",
"dependencies": {
"@types/codemirror": "^5.60.4",
- "@types/marked": "^3.0.1",
+ "@types/marked": "^4.0.1",
"codemirror": "^5.63.1",
"codemirror-spell-checker": "1.1.2",
- "marked": "^3.0.4"
+ "marked": "^4.0.10"
},
"devDependencies": {
"browserify": "^17.0.0",
@@ -192,9 +192,9 @@
"integrity": "sha512-C6N5s2ZFtuZRj54k2/zyRhNDjJwwcViAM3Nbm8zjBpbqAdZ00mr0CFxvSKeO8Y/e03WVFLpQMdHYVfUd6SB+Hw=="
},
"node_modules/@types/marked": {
- "version": "3.0.3",
- "resolved": "https://registry.npmjs.org/@types/marked/-/marked-3.0.3.tgz",
- "integrity": "sha512-ZgAr847Wl68W+B0sWH7F4fDPxTzerLnRuUXjUpp1n4NjGSs8hgPAjAp7NQIXblG34MXTrf5wWkAK8PVJ2LIlVg=="
+ "version": "4.0.1",
+ "resolved": "https://registry.npmjs.org/@types/marked/-/marked-4.0.1.tgz",
+ "integrity": "sha512-ZigEmCWdNUU7IjZEuQ/iaimYdDHWHfTe3kg8ORfKjyGYd9RWumPoOJRQXB0bO+XLkNwzCthW3wUIQtANaEZ1ag=="
},
"node_modules/@types/node": {
"version": "14.18.5",
@@ -5328,11 +5328,11 @@
}
},
"node_modules/marked": {
- "version": "3.0.8",
- "resolved": "https://registry.npmjs.org/marked/-/marked-3.0.8.tgz",
- "integrity": "sha512-0gVrAjo5m0VZSJb4rpL59K1unJAMb/hm8HRXqasD8VeC8m91ytDPMritgFSlKonfdt+rRYYpP/JfLxgIX8yoSw==",
+ "version": "4.0.10",
+ "resolved": "https://registry.npmjs.org/marked/-/marked-4.0.10.tgz",
+ "integrity": "sha512-+QvuFj0nGgO970fySghXGmuw+Fd0gD2x3+MqCWLIPf5oxdv1Ka6b2q+z9RP01P/IaKPMEramy+7cNy/Lw8c3hw==",
"bin": {
- "marked": "bin/marked"
+ "marked": "bin/marked.js"
},
"engines": {
"node": ">= 12"
@@ -9060,9 +9060,9 @@
"integrity": "sha512-C6N5s2ZFtuZRj54k2/zyRhNDjJwwcViAM3Nbm8zjBpbqAdZ00mr0CFxvSKeO8Y/e03WVFLpQMdHYVfUd6SB+Hw=="
},
"@types/marked": {
- "version": "3.0.3",
- "resolved": "https://registry.npmjs.org/@types/marked/-/marked-3.0.3.tgz",
- "integrity": "sha512-ZgAr847Wl68W+B0sWH7F4fDPxTzerLnRuUXjUpp1n4NjGSs8hgPAjAp7NQIXblG34MXTrf5wWkAK8PVJ2LIlVg=="
+ "version": "4.0.1",
+ "resolved": "https://registry.npmjs.org/@types/marked/-/marked-4.0.1.tgz",
+ "integrity": "sha512-ZigEmCWdNUU7IjZEuQ/iaimYdDHWHfTe3kg8ORfKjyGYd9RWumPoOJRQXB0bO+XLkNwzCthW3wUIQtANaEZ1ag=="
},
"@types/node": {
"version": "14.18.5",
@@ -13192,9 +13192,9 @@
}
},
"marked": {
- "version": "3.0.8",
- "resolved": "https://registry.npmjs.org/marked/-/marked-3.0.8.tgz",
- "integrity": "sha512-0gVrAjo5m0VZSJb4rpL59K1unJAMb/hm8HRXqasD8VeC8m91ytDPMritgFSlKonfdt+rRYYpP/JfLxgIX8yoSw=="
+ "version": "4.0.10",
+ "resolved": "https://registry.npmjs.org/marked/-/marked-4.0.10.tgz",
+ "integrity": "sha512-+QvuFj0nGgO970fySghXGmuw+Fd0gD2x3+MqCWLIPf5oxdv1Ka6b2q+z9RP01P/IaKPMEramy+7cNy/Lw8c3hw=="
},
"matchdep": {
"version": "2.0.0",
diff --git a/package.json b/package.json
index d64bc47..50c8249 100644
--- a/package.json
+++ b/package.json
@@ -20,10 +20,10 @@
"author": "Jeroen Akkerman",
"dependencies": {
"@types/codemirror": "^5.60.4",
- "@types/marked": "^3.0.1",
+ "@types/marked": "^4.0.1",
"codemirror": "^5.63.1",
"codemirror-spell-checker": "1.1.2",
- "marked": "^3.0.4"
+ "marked": "^4.0.10"
},
"devDependencies": {
"browserify": "^17.0.0",
diff --git a/src/js/easymde.js b/src/js/easymde.js
index ea4a839..cece3b0 100644
--- a/src/js/easymde.js
+++ b/src/js/easymde.js
@@ -12,7 +12,7 @@ require('codemirror/addon/search/searchcursor.js');
require('codemirror/mode/gfm/gfm.js');
require('codemirror/mode/xml/xml.js');
var CodeMirrorSpellChecker = require('codemirror-spell-checker');
-var marked = require('marked/lib/marked');
+var marked = require('marked').marked;
// Some variables
@@ -1986,7 +1986,7 @@ EasyMDE.prototype.markdown = function (text) {
marked.setOptions(markedOptions);
// Convert the markdown to HTML
- var htmlText = marked(text);
+ var htmlText = marked.parse(text);
// Sanitize HTML
if (this.options.renderingConfig && typeof this.options.renderingConfig.sanitizerFunction === 'function') {
diff --git a/types/easymde.d.ts b/types/easymde.d.ts
index e08a9ab..2aa161b 100644
--- a/types/easymde.d.ts
+++ b/types/easymde.d.ts
@@ -20,7 +20,8 @@
// SOFTWARE.
///
-///
+
+import { marked } from 'marked';
interface ArrayOneOrMore extends Array {
0: T;
@@ -178,7 +179,7 @@ declare namespace EasyMDE {
autoDownloadFontAwesome?: boolean;
autofocus?: boolean;
autosave?: AutoSaveOptions;
- autoRefresh?: boolean | { delay: number };
+ autoRefresh?: boolean | { delay: number; };
blockStyles?: BlockStyleOptions;
element?: HTMLElement;
forceSync?: boolean;