Skip to content

fix(dependencies): Update "markdown-to-jsx" to "^7.4.0" #635

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 5 commits into
base: dev
Choose a base branch
from
Open

fix(dependencies): Update "markdown-to-jsx" to "^7.4.0" #635

wants to merge 5 commits into from

Conversation

@brianpmccullough
Copy link

@brianpmccullough brianpmccullough commented Jan 9, 2025

Q A
Bug fix? [ ]
New feature? [ ]
New sample? [ ]
Related issues? fixes #634

What's in this Pull Request?

Version bump of markdown-to-jsx from 6.x.x to version 7.4.0

@vishalshitole
Copy link

vishalshitole commented Mar 4, 2025

It would be great if this gets in the next drop along with the controls react. This is being flagged by the vulnerability scan utility.

@michaelmaillot
Copy link
Collaborator

michaelmaillot commented Mar 4, 2025

Hi @brianpmccullough,

I didn't check deeply, but I was wondering if there was a reason bumping to 7.4.0 instead of latest version (7.7.4)?

@AJIXuMuK AJIXuMuK changed the base branch from master to dev March 14, 2025 21:42
@AJIXuMuK
Copy link
Collaborator

AJIXuMuK commented Mar 14, 2025

updated the target branch to dev

@brianpmccullough
Copy link
Author

brianpmccullough commented May 1, 2025
edited
Loading

@michaelmaillot I latest should be fine, but at least 7.4 as that looks like the version where vulnerabilities are addressed: https://security.snyk.io/package/npm/markdown-to-jsx

I can update the PR to be the latest version?

@michaelmaillot
Copy link
Collaborator

michaelmaillot commented May 2, 2025

Ok, just ensure that latest version doesn't trigger regressions on the PropertyPaneMarkdownContent.

@brianpmccullough
Copy link
Author

brianpmccullough commented Jul 17, 2025

Good catch @michaelmaillot . Updated to latest markdown-to-jsx version (7.7.10) and updated IMarkdownProps to MarkdownToJsx.Options.

image

As is, the sample webpart will work.

image

An interesting one here, however, given the markdown-to-jsx options are directly exposed as props for the control. So if IMarkdownProps -> MardownToJsx.Options change in a breaking way, from a semver perspective might be a need to bump major version on the spfx property controls.

Does this warrant a more thorough evaluation of IMarkdownProps -> MarkdownToJsx.Options or could be covered with a note in Release Notes?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Upgrade markdown-to-jsx to version 7.4.0 or higher.

4 participants

@brianpmccullough @vishalshitole @michaelmaillot @AJIXuMuK