Use marked rather than helper-markdown

helper-markdown depends on remarkable which has unfixed security issue jonschlinkert/remarkable#332
XuluWarrior · Jun 30, 2019 · 3920790 · 3920790
1 parent 9ef0f73
commit 3920790
Show file tree

Hide file tree

Showing 3 changed files with 40 additions and 67 deletions.
diff --git a/index.js b/index.js
@@ -1,11 +1,26 @@
 var fs = require("fs");
 var path = require('path');
 var Handlebars = require("handlebars");
-var markdown = require('helper-markdown');
+var utils = require('handlebars-utils');
+var marked = require('marked');
 var moment = require('moment');
 
-Handlebars.registerHelper('markdown', function() {
-	var markup = markdown().apply(this, arguments);
+Handlebars.registerHelper('markdown', function(str, locals, options) {
+	if (typeof str !== 'string') {
+		options = locals;
+		locals = str;
+		str = true;
+	}
+
+	if (utils.isOptions(locals)) {
+		options = locals;
+		locals = {};
+	}
+
+	var ctx = utils.context(this, locals, options);
+	var val = utils.value(str, ctx, options);
+
+	var markup = marked(val);
 
 	// If we end up with a string wrapped in one <p> block, remove it so we don't create a new text block
 	var startEndMatch = markup.match(/^<p>(.*)<\/p>\n$/);
@@ -131,4 +146,4 @@ function render(resume) {
 
 module.exports = {
 	render: render
-};
+};
diff --git a/package-lock.json b/package-lock.json
diff --git a/package.json b/package.json
@@ -18,13 +18,14 @@
   },
   "dependencies": {
     "handlebars": "^4.1.2",
-    "helper-markdown": "^1.0.0",
+    "handlebars-utils": "^1.0.6",
+    "marked": "^0.6.3",
     "moment": "^2.24.0"
   },
   "devDependencies": {
     "less": "^3.9.0"
   },
-  "engineStrict" : true,
+  "engineStrict": true,
   "engines": {
     "node": ">=6"
   }