yuany3721/vuepress-theme-plume
1
0
Fork 0
forked from gitea-yuany3721/vuepress-theme-plume
Code Pull Requests Activity

fix: fix security

Browse Source
This commit is contained in:
pengzhanbo 2026-04-19 14:34:47 +08:00
parent 402f259086
commit e5126663ef
4 changed files with 36 additions and 32 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
package.json
View File

@ -92,10 +92,12 @@
"@shikijs/twoslash": "^4.0.2",
"@typescript-eslint/types": "catalog:peer",
"@typescript-eslint/utils": "catalog:peer",
"@xmldom/xmldom": ">=0.9.9",
"baseline-browser-mapping": "^2.10.19",
"@xmldom/xmldom": ">=0.9.10",
"baseline-browser-mapping": "^2.10.20",
"chokidar": "catalog:prod",
"dompurify": ">=3.4.0",
"esbuild": "catalog:prod",
"follow-redirects": ">=1.16.0",
"lodash": ">=4.18.1",
"lodash-es": ">=4.18.1",
"sass-embedded": "catalog:peer",

2
plugins/plugin-md-power/src/node/demo/supports/insertScript.ts
View File

@ -1,6 +1,6 @@
import type { DemoFile, MarkdownDemoEnv } from '../../../shared/demo.js'
const SCRIPT_RE = /<script.*?>/
const SCRIPT_RE = /<script\b[^>]*>/
export function insertSetupScript({ export: name, path }: DemoFile, env: MarkdownDemoEnv): void {
const imports = `import ${name ? `${name} from ` : ''}'${path}';`

58
pnpm-lock.yaml generated
View File

@ -137,8 +137,8 @@ catalogs:
version: 9.0.5
peer:
'@iconify/json':
specifier: ^2.2.463
version: 2.2.463
specifier: ^2.2.464
version: 2.2.464
'@mathjax/src':
specifier: ^4.1.1
version: 4.1.1
@ -398,10 +398,12 @@ overrides:
'@shikijs/twoslash': ^4.0.2
'@typescript-eslint/types': ^8.58.2
'@typescript-eslint/utils': ^8.58.2
'@xmldom/xmldom': '>=0.9.9'
baseline-browser-mapping: ^2.10.19
'@xmldom/xmldom': '>=0.9.10'
baseline-browser-mapping: ^2.10.20
chokidar: 5.0.0
dompurify: '>=3.4.0'
esbuild: ^0.28.0
follow-redirects: '>=1.16.0'
lodash: '>=4.18.1'
lodash-es: '>=4.18.1'
sass-embedded: ^1.99.0
@ -565,7 +567,7 @@ importers:
dependencies:
'@iconify/json':
specifier: catalog:peer
version: 2.2.463
version: 2.2.464
'@lunariajs/core':
specifier: catalog:dev
version: 0.1.1
@ -629,7 +631,7 @@ importers:
dependencies:
'@iconify/json':
specifier: catalog:peer
version: 2.2.463
version: 2.2.464
'@vuepress/bundler-vite':
specifier: catalog:vuepress
version: 2.0.0-rc.28(@types/node@25.6.0)(@vue/compiler-sfc@3.5.32)(esbuild@0.28.0)(jiti@2.6.1)(less@4.6.4)(sass-embedded@1.99.0)(sass@1.99.0)(stylus@0.64.0)(typescript@6.0.3)(yaml@2.8.3)
@ -650,7 +652,7 @@ importers:
dependencies:
'@iconify/json':
specifier: catalog:peer
version: 2.2.463
version: 2.2.464
'@vuepress/bundler-vite':
specifier: catalog:vuepress
version: 2.0.0-rc.28(@types/node@25.6.0)(@vue/compiler-sfc@3.5.32)(esbuild@0.28.0)(jiti@2.6.1)(less@4.6.4)(sass-embedded@1.99.0)(sass@1.99.0)(stylus@0.64.0)(typescript@6.0.3)(yaml@2.8.3)
@ -958,7 +960,7 @@ importers:
devDependencies:
'@iconify/json':
specifier: catalog:peer
version: 2.2.463
version: 2.2.464
'@pinyin-pro/data':
specifier: catalog:peer
version: 1.3.1
@ -1511,8 +1513,8 @@ packages:
resolution: {integrity: sha512-bV0Tgo9K4hfPCek+aMAn81RppFKv2ySDQeMoSZuvTASywNTnVJCArCZE2FWqpvIatKu7VMRLWlR1EazvVhDyhQ==}
engines: {node: '>=18.18'}
'@iconify/json@2.2.463':
resolution: {integrity: sha512-VZ0n+99OWe9677b04KPF0NajDbFEyWNxMalXZA/4j8HrqyVvY+N1XN/EIER4ceQlKQJ501w9UxLJZjZ5mga0xA==}
'@iconify/json@2.2.464':
resolution: {integrity: sha512-VSU7hPHuqqEwQk8Hmy+88iGmsL6KE2JAv1ZwxE0z50+JpymIzhZMHcuSrL2MOFtTDZQ4eJ7Ao9Hdm+TCctDwCQ==}
'@iconify/types@2.0.0':
resolution: {integrity: sha512-+wluvCrRhXrhyOmRDJ3q8mux9JkKy5SJ/v8ol2tu4FVjyYvtEzkc/3pK15ET6RKg4b4w4BmTk1+gsCUhf21Ykg==}
@ -3371,8 +3373,8 @@ packages:
peerDependencies:
vue: ^3.5.0
'@xmldom/xmldom@0.9.9':
resolution: {integrity: sha512-qycIHAucxy/LXAYIjmLmtQ8q9GPnMbnjG1KXhWm9o5sCr6pOYDATkMPiTNa6/v8eELyqOQ2FsEqeoFYmgv/gJg==}
'@xmldom/xmldom@0.9.10':
resolution: {integrity: sha512-A9gOqLdi6cV4ibazAjcQufGj0B1y/vDqYrcuP6d/6x8P27gRS8643Dj9o1dEKtB6O7fwxb2FgBmJS2mX7gpvdw==}
engines: {node: '>=14.6'}
acorn-jsx@5.3.2:
@ -3547,8 +3549,8 @@ packages:
base64-js@1.5.1:
resolution: {integrity: sha512-AKpaYlHn8t4SVbOHCy+b5+KKgvR4vrsD8vbvrbiQJps7fKDTkjkDry6ji0rUJjC0kzbNePLwzxq8iypo41qeWA==}
baseline-browser-mapping@2.10.19:
resolution: {integrity: sha512-qCkNLi2sfBOn8XhZQ0FXsT1Ki/Yo5P90hrkRamVFRS7/KV9hpfA4HkoWNU152+8w0zPjnxo5psx5NL3PSGgv5g==}
baseline-browser-mapping@2.10.20:
resolution: {integrity: sha512-1AaXxEPfXT+GvTBJFuy4yXVHWJBXa4OdbIebGN/wX5DlsIkU0+wzGnd2lOzokSk51d5LUmqjgBLRLlypLUqInQ==}
engines: {node: '>=6.0.0'}
hasBin: true
@ -4222,8 +4224,8 @@ packages:
resolution: {integrity: sha512-cgwlv/1iFQiFnU96XXgROh8xTeetsnJiDsTc7TYCLFd9+/WNkIqPTxiM/8pSd8VIrhXGTf1Ny1q1hquVqDJB5w==}
engines: {node: '>= 4'}
dompurify@3.3.3:
resolution: {integrity: sha512-Oj6pzI2+RqBfFG+qOaOLbFXLQ90ARpcGG6UePL82bJLtdsa6CYJD7nmiU8MW9nQNOtCHV3lZ/Bzq1X0QYbBZCA==}
dompurify@3.4.0:
resolution: {integrity: sha512-nolgK9JcaUXMSmW+j1yaSvaEaoXYHwWyGJlkoCTghc97KgGDDSnpoU/PlEnw63Ah+TGKFOyY+X5LnxaWbCSfXg==}
domutils@3.2.2:
resolution: {integrity: sha512-6kZKyUajlDuqlHKVX1w7gyslj9MPIXzIFiz/rGu35uC1wMi+kMhQwGhl4lt9unC9Vb9INnY9Z3/ZA3+FhASLaw==}
@ -4736,8 +4738,8 @@ packages:
focus-trap@8.0.1:
resolution: {integrity: sha512-9ptSG6z51YQOstI/oN4XuVGP/03u2nh0g//qz7L6zX0i6PZiPnkcf3GenXq7N2hZnASXaMxTPpbKwdI+PFvxlw==}
follow-redirects@1.15.11:
resolution: {integrity: sha512-deG2P0JfjrTxl50XGCDyfI97ZGVCxIpfKYmfyrQ54n5FO/0gfIES8C/Psl6kWVDolizcaaxZJnTS0QSMxvnsBQ==}
follow-redirects@1.16.0:
resolution: {integrity: sha512-y5rN/uOsadFT/JfYwhxRS5R7Qce+g3zG97+JrtFZlC9klX/W5hD7iiLzScI4nZqUS7DNUdhPgw4xI8W2LuXlUw==}
engines: {node: '>=4.0'}
peerDependencies:
debug: '*'
@ -8231,7 +8233,7 @@ snapshots:
'@humanwhocodes/retry@0.4.3': {}
'@iconify/json@2.2.463':
'@iconify/json@2.2.464':
dependencies:
'@iconify/types': 2.0.0
pathe: 2.0.3
@ -10271,7 +10273,7 @@ snapshots:
dependencies:
vue: 3.5.32(typescript@6.0.3)
'@xmldom/xmldom@0.9.9': {}
'@xmldom/xmldom@0.9.10': {}
acorn-jsx@5.3.2(acorn@8.16.0):
dependencies:
@ -10432,7 +10434,7 @@ snapshots:
axios@1.15.0:
dependencies:
follow-redirects: 1.15.11
follow-redirects: 1.16.0
form-data: 4.0.5
proxy-from-env: 2.1.0
transitivePeerDependencies:
@ -10448,7 +10450,7 @@ snapshots:
base64-js@1.5.1: {}
baseline-browser-mapping@2.10.19: {}
baseline-browser-mapping@2.10.20: {}
basic-auth@2.0.1:
dependencies:
@ -10498,7 +10500,7 @@ snapshots:
browserslist@4.28.2:
dependencies:
baseline-browser-mapping: 2.10.19
baseline-browser-mapping: 2.10.20
caniuse-lite: 1.0.30001784
electron-to-chromium: 1.5.331
node-releases: 2.0.37
@ -11197,7 +11199,7 @@ snapshots:
dependencies:
domelementtype: 2.3.0
dompurify@3.3.3:
dompurify@3.4.0:
optionalDependencies:
'@types/trusted-types': 2.0.7
@ -11863,7 +11865,7 @@ snapshots:
dependencies:
tabbable: 6.4.0
follow-redirects@1.15.11: {}
follow-redirects@1.16.0: {}
for-each@0.3.5:
dependencies:
@ -12231,7 +12233,7 @@ snapshots:
http-proxy@1.18.1:
dependencies:
eventemitter3: 4.0.7
follow-redirects: 1.15.11
follow-redirects: 1.16.0
requires-port: 1.0.0
transitivePeerDependencies:
- debug
@ -13091,7 +13093,7 @@ snapshots:
d3-sankey: 0.12.3
dagre-d3-es: 7.0.14
dayjs: 1.11.20
dompurify: 3.3.3
dompurify: 3.4.0
katex: 0.16.44
khroma: 2.1.0
lodash-es: 4.18.1
@ -14305,7 +14307,7 @@ snapshots:
speech-rule-engine@5.0.0-beta.6:
dependencies:
'@xmldom/xmldom': 0.9.9
'@xmldom/xmldom': 0.9.10
commander: 14.0.2
wicked-good-xpath: 1.3.0

2
pnpm-workspace.yaml
View File

@ -67,7 +67,7 @@ catalogs:
wait-on: ^9.0.5
peer:
'@eslint-community/eslint-utils': ^4.9.1
'@iconify/json': ^2.2.463
'@iconify/json': ^2.2.464
'@mathjax/src': ^4.1.1
'@pinyin-pro/data': ^1.3.1
'@typescript-eslint/types': ^8.58.2