Backport: Upgrade EasyMDE 2.16.1 (package-lock.json)

[wxiaoguang]

This PR follows #18279 to add forgotten package-lock.json

npm suggests:

Browserslist: caniuse-lite is outdated. Please run:
npx browserslist@latest --update-db

So the caniuse-lite is also updated.

[wxiaoguang]

Hmm ... why a new codemirror comes.

    "node_modules/easymde/node_modules/codemirror": {
      "version": "5.65.0",
      "resolved": "https://registry.npmjs.org/codemirror/-/codemirror-5.65.0.tgz",
      "integrity": "sha512-gWEnHKEcz1Hyz7fsQWpK7P0sPI2/kSkRX2tc7DFA6TmZuDN75x/1ejnH/Pn8adYKrLEA1V2ww6L00GudHZbSKw=="
    },

Let me see ....

Gitea 1.15 uses "codemirror": "5.61.0", while EasyMDE 2.16.1 depends on "codemirror": "^5.63.1"

Do maintainers have suggestions about how to deal with such dependency?

• Should we upgrade CodeMirror for Gitea 1.15 to apply EasyMDE 2.16.1?
• Or should we revert to use old EasyMDE 2.15 (there is a browser-side DoS problem in EasyMDE 2.15, maybe not too serious)?

[zeripath]

• Should we upgrade CodeMirror for Gitea 1.15 to apply EasyMDE 2.16.1?

Yes do this after checking that the editor still works.

AFAIU we're not really tightly depending on Codemirror - we're only using it as part of EasyMDE (and I think the githooks editor.) Even though we may import it directly it's only to ensure that we load syntax highlighting. I think therefore its version should be more tightly bound to EasyMDE than to any of our code.

[wxiaoguang]

Yep, CodeMirror is only used by EasyMDE. I tested locally and EasyMDE works.

PR is updated.

[silverwind]

Update CM as well. There is still a static version of CM in public whis is used for the modeload feature and those plugins are loaded as outdated versions, but that's another issue to be solved.