fix: fix security
This commit is contained in:
pengzhanbo
parent
402f259086
commit
e5126663ef
@ -92,10 +92,12 @@
|
|||||||
"@shikijs/twoslash": "^4.0.2",
|
"@shikijs/twoslash": "^4.0.2",
|
||||||
"@typescript-eslint/types": "catalog:peer",
|
"@typescript-eslint/types": "catalog:peer",
|
||||||
"@typescript-eslint/utils": "catalog:peer",
|
"@typescript-eslint/utils": "catalog:peer",
|
||||||
"@xmldom/xmldom": ">=0.9.9",
|
"@xmldom/xmldom": ">=0.9.10",
|
||||||
"baseline-browser-mapping": "^2.10.19",
|
"baseline-browser-mapping": "^2.10.20",
|
||||||
"chokidar": "catalog:prod",
|
"chokidar": "catalog:prod",
|
||||||
|
"dompurify": ">=3.4.0",
|
||||||
"esbuild": "catalog:prod",
|
"esbuild": "catalog:prod",
|
||||||
|
"follow-redirects": ">=1.16.0",
|
||||||
"lodash": ">=4.18.1",
|
"lodash": ">=4.18.1",
|
||||||
"lodash-es": ">=4.18.1",
|
"lodash-es": ">=4.18.1",
|
||||||
"sass-embedded": "catalog:peer",
|
"sass-embedded": "catalog:peer",
|
||||||
|
|||||||
@ -1,6 +1,6 @@
|
|||||||
import type { DemoFile, MarkdownDemoEnv } from '../../../shared/demo.js'
|
import type { DemoFile, MarkdownDemoEnv } from '../../../shared/demo.js'
|
||||||
|
|
||||||
const SCRIPT_RE = /<script.*?>/
|
const SCRIPT_RE = /<script\b[^>]*>/
|
||||||
|
|
||||||
export function insertSetupScript({ export: name, path }: DemoFile, env: MarkdownDemoEnv): void {
|
export function insertSetupScript({ export: name, path }: DemoFile, env: MarkdownDemoEnv): void {
|
||||||
const imports = `import ${name ? `${name} from ` : ''}'${path}';`
|
const imports = `import ${name ? `${name} from ` : ''}'${path}';`
|
||||||
|
|||||||
58
pnpm-lock.yaml
generated
58
pnpm-lock.yaml
generated
@ -137,8 +137,8 @@ catalogs:
|
|||||||
version: 9.0.5
|
version: 9.0.5
|
||||||
peer:
|
peer:
|
||||||
'@iconify/json':
|
'@iconify/json':
|
||||||
specifier: ^2.2.463
|
specifier: ^2.2.464
|
||||||
version: 2.2.463
|
version: 2.2.464
|
||||||
'@mathjax/src':
|
'@mathjax/src':
|
||||||
specifier: ^4.1.1
|
specifier: ^4.1.1
|
||||||
version: 4.1.1
|
version: 4.1.1
|
||||||
@ -398,10 +398,12 @@ overrides:
|
|||||||
'@shikijs/twoslash': ^4.0.2
|
'@shikijs/twoslash': ^4.0.2
|
||||||
'@typescript-eslint/types': ^8.58.2
|
'@typescript-eslint/types': ^8.58.2
|
||||||
'@typescript-eslint/utils': ^8.58.2
|
'@typescript-eslint/utils': ^8.58.2
|
||||||
'@xmldom/xmldom': '>=0.9.9'
|
'@xmldom/xmldom': '>=0.9.10'
|
||||||
baseline-browser-mapping: ^2.10.19
|
baseline-browser-mapping: ^2.10.20
|
||||||
chokidar: 5.0.0
|
chokidar: 5.0.0
|
||||||
|
dompurify: '>=3.4.0'
|
||||||
esbuild: ^0.28.0
|
esbuild: ^0.28.0
|
||||||
|
follow-redirects: '>=1.16.0'
|
||||||
lodash: '>=4.18.1'
|
lodash: '>=4.18.1'
|
||||||
lodash-es: '>=4.18.1'
|
lodash-es: '>=4.18.1'
|
||||||
sass-embedded: ^1.99.0
|
sass-embedded: ^1.99.0
|
||||||
@ -565,7 +567,7 @@ importers:
|
|||||||
dependencies:
|
dependencies:
|
||||||
'@iconify/json':
|
'@iconify/json':
|
||||||
specifier: catalog:peer
|
specifier: catalog:peer
|
||||||
version: 2.2.463
|
version: 2.2.464
|
||||||
'@lunariajs/core':
|
'@lunariajs/core':
|
||||||
specifier: catalog:dev
|
specifier: catalog:dev
|
||||||
version: 0.1.1
|
version: 0.1.1
|
||||||
@ -629,7 +631,7 @@ importers:
|
|||||||
dependencies:
|
dependencies:
|
||||||
'@iconify/json':
|
'@iconify/json':
|
||||||
specifier: catalog:peer
|
specifier: catalog:peer
|
||||||
version: 2.2.463
|
version: 2.2.464
|
||||||
'@vuepress/bundler-vite':
|
'@vuepress/bundler-vite':
|
||||||
specifier: catalog:vuepress
|
specifier: catalog:vuepress
|
||||||
version: 2.0.0-rc.28(@types/node@25.6.0)(@vue/compiler-sfc@3.5.32)(esbuild@0.28.0)(jiti@2.6.1)(less@4.6.4)(sass-embedded@1.99.0)(sass@1.99.0)(stylus@0.64.0)(typescript@6.0.3)(yaml@2.8.3)
|
version: 2.0.0-rc.28(@types/node@25.6.0)(@vue/compiler-sfc@3.5.32)(esbuild@0.28.0)(jiti@2.6.1)(less@4.6.4)(sass-embedded@1.99.0)(sass@1.99.0)(stylus@0.64.0)(typescript@6.0.3)(yaml@2.8.3)
|
||||||
@ -650,7 +652,7 @@ importers:
|
|||||||
dependencies:
|
dependencies:
|
||||||
'@iconify/json':
|
'@iconify/json':
|
||||||
specifier: catalog:peer
|
specifier: catalog:peer
|
||||||
version: 2.2.463
|
version: 2.2.464
|
||||||
'@vuepress/bundler-vite':
|
'@vuepress/bundler-vite':
|
||||||
specifier: catalog:vuepress
|
specifier: catalog:vuepress
|
||||||
version: 2.0.0-rc.28(@types/node@25.6.0)(@vue/compiler-sfc@3.5.32)(esbuild@0.28.0)(jiti@2.6.1)(less@4.6.4)(sass-embedded@1.99.0)(sass@1.99.0)(stylus@0.64.0)(typescript@6.0.3)(yaml@2.8.3)
|
version: 2.0.0-rc.28(@types/node@25.6.0)(@vue/compiler-sfc@3.5.32)(esbuild@0.28.0)(jiti@2.6.1)(less@4.6.4)(sass-embedded@1.99.0)(sass@1.99.0)(stylus@0.64.0)(typescript@6.0.3)(yaml@2.8.3)
|
||||||
@ -958,7 +960,7 @@ importers:
|
|||||||
devDependencies:
|
devDependencies:
|
||||||
'@iconify/json':
|
'@iconify/json':
|
||||||
specifier: catalog:peer
|
specifier: catalog:peer
|
||||||
version: 2.2.463
|
version: 2.2.464
|
||||||
'@pinyin-pro/data':
|
'@pinyin-pro/data':
|
||||||
specifier: catalog:peer
|
specifier: catalog:peer
|
||||||
version: 1.3.1
|
version: 1.3.1
|
||||||
@ -1511,8 +1513,8 @@ packages:
|
|||||||
resolution: {integrity: sha512-bV0Tgo9K4hfPCek+aMAn81RppFKv2ySDQeMoSZuvTASywNTnVJCArCZE2FWqpvIatKu7VMRLWlR1EazvVhDyhQ==}
|
resolution: {integrity: sha512-bV0Tgo9K4hfPCek+aMAn81RppFKv2ySDQeMoSZuvTASywNTnVJCArCZE2FWqpvIatKu7VMRLWlR1EazvVhDyhQ==}
|
||||||
engines: {node: '>=18.18'}
|
engines: {node: '>=18.18'}
|
||||||
|
|
||||||
'@iconify/json@2.2.463':
|
'@iconify/json@2.2.464':
|
||||||
resolution: {integrity: sha512-VZ0n+99OWe9677b04KPF0NajDbFEyWNxMalXZA/4j8HrqyVvY+N1XN/EIER4ceQlKQJ501w9UxLJZjZ5mga0xA==}
|
resolution: {integrity: sha512-VSU7hPHuqqEwQk8Hmy+88iGmsL6KE2JAv1ZwxE0z50+JpymIzhZMHcuSrL2MOFtTDZQ4eJ7Ao9Hdm+TCctDwCQ==}
|
||||||
|
|
||||||
'@iconify/types@2.0.0':
|
'@iconify/types@2.0.0':
|
||||||
resolution: {integrity: sha512-+wluvCrRhXrhyOmRDJ3q8mux9JkKy5SJ/v8ol2tu4FVjyYvtEzkc/3pK15ET6RKg4b4w4BmTk1+gsCUhf21Ykg==}
|
resolution: {integrity: sha512-+wluvCrRhXrhyOmRDJ3q8mux9JkKy5SJ/v8ol2tu4FVjyYvtEzkc/3pK15ET6RKg4b4w4BmTk1+gsCUhf21Ykg==}
|
||||||
@ -3371,8 +3373,8 @@ packages:
|
|||||||
peerDependencies:
|
peerDependencies:
|
||||||
vue: ^3.5.0
|
vue: ^3.5.0
|
||||||
|
|
||||||
'@xmldom/xmldom@0.9.9':
|
'@xmldom/xmldom@0.9.10':
|
||||||
resolution: {integrity: sha512-qycIHAucxy/LXAYIjmLmtQ8q9GPnMbnjG1KXhWm9o5sCr6pOYDATkMPiTNa6/v8eELyqOQ2FsEqeoFYmgv/gJg==}
|
resolution: {integrity: sha512-A9gOqLdi6cV4ibazAjcQufGj0B1y/vDqYrcuP6d/6x8P27gRS8643Dj9o1dEKtB6O7fwxb2FgBmJS2mX7gpvdw==}
|
||||||
engines: {node: '>=14.6'}
|
engines: {node: '>=14.6'}
|
||||||
|
|
||||||
acorn-jsx@5.3.2:
|
acorn-jsx@5.3.2:
|
||||||
@ -3547,8 +3549,8 @@ packages:
|
|||||||
base64-js@1.5.1:
|
base64-js@1.5.1:
|
||||||
resolution: {integrity: sha512-AKpaYlHn8t4SVbOHCy+b5+KKgvR4vrsD8vbvrbiQJps7fKDTkjkDry6ji0rUJjC0kzbNePLwzxq8iypo41qeWA==}
|
resolution: {integrity: sha512-AKpaYlHn8t4SVbOHCy+b5+KKgvR4vrsD8vbvrbiQJps7fKDTkjkDry6ji0rUJjC0kzbNePLwzxq8iypo41qeWA==}
|
||||||
|
|
||||||
baseline-browser-mapping@2.10.19:
|
baseline-browser-mapping@2.10.20:
|
||||||
resolution: {integrity: sha512-qCkNLi2sfBOn8XhZQ0FXsT1Ki/Yo5P90hrkRamVFRS7/KV9hpfA4HkoWNU152+8w0zPjnxo5psx5NL3PSGgv5g==}
|
resolution: {integrity: sha512-1AaXxEPfXT+GvTBJFuy4yXVHWJBXa4OdbIebGN/wX5DlsIkU0+wzGnd2lOzokSk51d5LUmqjgBLRLlypLUqInQ==}
|
||||||
engines: {node: '>=6.0.0'}
|
engines: {node: '>=6.0.0'}
|
||||||
hasBin: true
|
hasBin: true
|
||||||
|
|
||||||
@ -4222,8 +4224,8 @@ packages:
|
|||||||
resolution: {integrity: sha512-cgwlv/1iFQiFnU96XXgROh8xTeetsnJiDsTc7TYCLFd9+/WNkIqPTxiM/8pSd8VIrhXGTf1Ny1q1hquVqDJB5w==}
|
resolution: {integrity: sha512-cgwlv/1iFQiFnU96XXgROh8xTeetsnJiDsTc7TYCLFd9+/WNkIqPTxiM/8pSd8VIrhXGTf1Ny1q1hquVqDJB5w==}
|
||||||
engines: {node: '>= 4'}
|
engines: {node: '>= 4'}
|
||||||
|
|
||||||
dompurify@3.3.3:
|
dompurify@3.4.0:
|
||||||
resolution: {integrity: sha512-Oj6pzI2+RqBfFG+qOaOLbFXLQ90ARpcGG6UePL82bJLtdsa6CYJD7nmiU8MW9nQNOtCHV3lZ/Bzq1X0QYbBZCA==}
|
resolution: {integrity: sha512-nolgK9JcaUXMSmW+j1yaSvaEaoXYHwWyGJlkoCTghc97KgGDDSnpoU/PlEnw63Ah+TGKFOyY+X5LnxaWbCSfXg==}
|
||||||
|
|
||||||
domutils@3.2.2:
|
domutils@3.2.2:
|
||||||
resolution: {integrity: sha512-6kZKyUajlDuqlHKVX1w7gyslj9MPIXzIFiz/rGu35uC1wMi+kMhQwGhl4lt9unC9Vb9INnY9Z3/ZA3+FhASLaw==}
|
resolution: {integrity: sha512-6kZKyUajlDuqlHKVX1w7gyslj9MPIXzIFiz/rGu35uC1wMi+kMhQwGhl4lt9unC9Vb9INnY9Z3/ZA3+FhASLaw==}
|
||||||
@ -4736,8 +4738,8 @@ packages:
|
|||||||
focus-trap@8.0.1:
|
focus-trap@8.0.1:
|
||||||
resolution: {integrity: sha512-9ptSG6z51YQOstI/oN4XuVGP/03u2nh0g//qz7L6zX0i6PZiPnkcf3GenXq7N2hZnASXaMxTPpbKwdI+PFvxlw==}
|
resolution: {integrity: sha512-9ptSG6z51YQOstI/oN4XuVGP/03u2nh0g//qz7L6zX0i6PZiPnkcf3GenXq7N2hZnASXaMxTPpbKwdI+PFvxlw==}
|
||||||
|
|
||||||
follow-redirects@1.15.11:
|
follow-redirects@1.16.0:
|
||||||
resolution: {integrity: sha512-deG2P0JfjrTxl50XGCDyfI97ZGVCxIpfKYmfyrQ54n5FO/0gfIES8C/Psl6kWVDolizcaaxZJnTS0QSMxvnsBQ==}
|
resolution: {integrity: sha512-y5rN/uOsadFT/JfYwhxRS5R7Qce+g3zG97+JrtFZlC9klX/W5hD7iiLzScI4nZqUS7DNUdhPgw4xI8W2LuXlUw==}
|
||||||
engines: {node: '>=4.0'}
|
engines: {node: '>=4.0'}
|
||||||
peerDependencies:
|
peerDependencies:
|
||||||
debug: '*'
|
debug: '*'
|
||||||
@ -8231,7 +8233,7 @@ snapshots:
|
|||||||
|
|
||||||
'@humanwhocodes/retry@0.4.3': {}
|
'@humanwhocodes/retry@0.4.3': {}
|
||||||
|
|
||||||
'@iconify/json@2.2.463':
|
'@iconify/json@2.2.464':
|
||||||
dependencies:
|
dependencies:
|
||||||
'@iconify/types': 2.0.0
|
'@iconify/types': 2.0.0
|
||||||
pathe: 2.0.3
|
pathe: 2.0.3
|
||||||
@ -10271,7 +10273,7 @@ snapshots:
|
|||||||
dependencies:
|
dependencies:
|
||||||
vue: 3.5.32(typescript@6.0.3)
|
vue: 3.5.32(typescript@6.0.3)
|
||||||
|
|
||||||
'@xmldom/xmldom@0.9.9': {}
|
'@xmldom/xmldom@0.9.10': {}
|
||||||
|
|
||||||
acorn-jsx@5.3.2(acorn@8.16.0):
|
acorn-jsx@5.3.2(acorn@8.16.0):
|
||||||
dependencies:
|
dependencies:
|
||||||
@ -10432,7 +10434,7 @@ snapshots:
|
|||||||
|
|
||||||
axios@1.15.0:
|
axios@1.15.0:
|
||||||
dependencies:
|
dependencies:
|
||||||
follow-redirects: 1.15.11
|
follow-redirects: 1.16.0
|
||||||
form-data: 4.0.5
|
form-data: 4.0.5
|
||||||
proxy-from-env: 2.1.0
|
proxy-from-env: 2.1.0
|
||||||
transitivePeerDependencies:
|
transitivePeerDependencies:
|
||||||
@ -10448,7 +10450,7 @@ snapshots:
|
|||||||
|
|
||||||
base64-js@1.5.1: {}
|
base64-js@1.5.1: {}
|
||||||
|
|
||||||
baseline-browser-mapping@2.10.19: {}
|
baseline-browser-mapping@2.10.20: {}
|
||||||
|
|
||||||
basic-auth@2.0.1:
|
basic-auth@2.0.1:
|
||||||
dependencies:
|
dependencies:
|
||||||
@ -10498,7 +10500,7 @@ snapshots:
|
|||||||
|
|
||||||
browserslist@4.28.2:
|
browserslist@4.28.2:
|
||||||
dependencies:
|
dependencies:
|
||||||
baseline-browser-mapping: 2.10.19
|
baseline-browser-mapping: 2.10.20
|
||||||
caniuse-lite: 1.0.30001784
|
caniuse-lite: 1.0.30001784
|
||||||
electron-to-chromium: 1.5.331
|
electron-to-chromium: 1.5.331
|
||||||
node-releases: 2.0.37
|
node-releases: 2.0.37
|
||||||
@ -11197,7 +11199,7 @@ snapshots:
|
|||||||
dependencies:
|
dependencies:
|
||||||
domelementtype: 2.3.0
|
domelementtype: 2.3.0
|
||||||
|
|
||||||
dompurify@3.3.3:
|
dompurify@3.4.0:
|
||||||
optionalDependencies:
|
optionalDependencies:
|
||||||
'@types/trusted-types': 2.0.7
|
'@types/trusted-types': 2.0.7
|
||||||
|
|
||||||
@ -11863,7 +11865,7 @@ snapshots:
|
|||||||
dependencies:
|
dependencies:
|
||||||
tabbable: 6.4.0
|
tabbable: 6.4.0
|
||||||
|
|
||||||
follow-redirects@1.15.11: {}
|
follow-redirects@1.16.0: {}
|
||||||
|
|
||||||
for-each@0.3.5:
|
for-each@0.3.5:
|
||||||
dependencies:
|
dependencies:
|
||||||
@ -12231,7 +12233,7 @@ snapshots:
|
|||||||
http-proxy@1.18.1:
|
http-proxy@1.18.1:
|
||||||
dependencies:
|
dependencies:
|
||||||
eventemitter3: 4.0.7
|
eventemitter3: 4.0.7
|
||||||
follow-redirects: 1.15.11
|
follow-redirects: 1.16.0
|
||||||
requires-port: 1.0.0
|
requires-port: 1.0.0
|
||||||
transitivePeerDependencies:
|
transitivePeerDependencies:
|
||||||
- debug
|
- debug
|
||||||
@ -13091,7 +13093,7 @@ snapshots:
|
|||||||
d3-sankey: 0.12.3
|
d3-sankey: 0.12.3
|
||||||
dagre-d3-es: 7.0.14
|
dagre-d3-es: 7.0.14
|
||||||
dayjs: 1.11.20
|
dayjs: 1.11.20
|
||||||
dompurify: 3.3.3
|
dompurify: 3.4.0
|
||||||
katex: 0.16.44
|
katex: 0.16.44
|
||||||
khroma: 2.1.0
|
khroma: 2.1.0
|
||||||
lodash-es: 4.18.1
|
lodash-es: 4.18.1
|
||||||
@ -14305,7 +14307,7 @@ snapshots:
|
|||||||
|
|
||||||
speech-rule-engine@5.0.0-beta.6:
|
speech-rule-engine@5.0.0-beta.6:
|
||||||
dependencies:
|
dependencies:
|
||||||
'@xmldom/xmldom': 0.9.9
|
'@xmldom/xmldom': 0.9.10
|
||||||
commander: 14.0.2
|
commander: 14.0.2
|
||||||
wicked-good-xpath: 1.3.0
|
wicked-good-xpath: 1.3.0
|
||||||
|
|
||||||
|
|||||||
@ -67,7 +67,7 @@ catalogs:
|
|||||||
wait-on: ^9.0.5
|
wait-on: ^9.0.5
|
||||||
peer:
|
peer:
|
||||||
'@eslint-community/eslint-utils': ^4.9.1
|
'@eslint-community/eslint-utils': ^4.9.1
|
||||||
'@iconify/json': ^2.2.463
|
'@iconify/json': ^2.2.464
|
||||||
'@mathjax/src': ^4.1.1
|
'@mathjax/src': ^4.1.1
|
||||||
'@pinyin-pro/data': ^1.3.1
|
'@pinyin-pro/data': ^1.3.1
|
||||||
'@typescript-eslint/types': ^8.58.2
|
'@typescript-eslint/types': ^8.58.2
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user