diff --git a/app/components/crate-header.gjs b/app/components/crate-header.gjs index 878940d419..3417bff410 100644 --- a/app/components/crate-header.gjs +++ b/app/components/crate-header.gjs @@ -106,6 +106,10 @@ export default class CrateHeader extends Component { Dependents + + Security + + {{#if this.isOwner}} Settings diff --git a/app/router.js b/app/router.js index b9f60b3e4d..0d7203271c 100644 --- a/app/router.js +++ b/app/router.js @@ -18,6 +18,7 @@ Router.map(function () { this.route('range', { path: '/range/:range' }); this.route('reverse-dependencies', { path: 'reverse_dependencies' }); + this.route('security'); this.route('owners'); this.route('settings', function () { diff --git a/app/routes/crate/security.js b/app/routes/crate/security.js new file mode 100644 index 0000000000..9c0913b987 --- /dev/null +++ b/app/routes/crate/security.js @@ -0,0 +1,49 @@ +import Route from '@ember/routing/route'; +import { service } from '@ember/service'; + +async function fetchAdvisories(crateId) { + let url = `https://rustsec.org/packages/${crateId}.json`; + let response = await fetch(url); + if (response.status === 404) { + return []; + } else if (response.ok) { + return await response.json(); + } else { + throw new Error(`HTTP error! status: ${response}`); + } +} + +export default class SecurityRoute extends Route { + @service router; + @service sentry; + + async model(_params, transition) { + let crate = this.modelFor('crate'); + try { + let [advisories, micromarkModule, gfmModule] = await Promise.all([ + fetchAdvisories(crate.id), + import('micromark'), + import('micromark-extension-gfm'), + ]); + + let convertMarkdown = markdown => { + return micromarkModule.micromark(markdown, { + extensions: [gfmModule.gfm()], + htmlExtensions: [gfmModule.gfmHtml()], + }); + }; + + return { crate, advisories, convertMarkdown }; + } catch (error) { + let title = `${crate.name}: Failed to load advisories`; + return this.router.replaceWith('catch-all', { transition, error, title, tryAgain: true }); + } + } + + setupController(controller, { crate, advisories, convertMarkdown }) { + super.setupController(...arguments); + controller.crate = crate; + controller.advisories = advisories; + controller.convertMarkdown = convertMarkdown; + } +} diff --git a/app/templates/crate/security.css b/app/templates/crate/security.css new file mode 100644 index 0000000000..72d23cbbbe --- /dev/null +++ b/app/templates/crate/security.css @@ -0,0 +1,29 @@ +.heading { + font-size: 1.17em; + margin-block-start: 1em; + margin-block-end: 1em; +} + +.advisories { + list-style: none; + margin: 0; + padding: 0; +} + +.row { + margin-top: var(--space-2xs); + background-color: light-dark(white, #141413); + border-radius: var(--space-3xs); + padding: var(--space-m) var(--space-l); + list-style: none; +} + +.no-results { + padding: var(--space-l) var(--space-s); + background-color: light-dark(white, #141413); + text-align: center; + font-size: 20px; + font-weight: 300; + overflow-wrap: break-word; + line-height: 1.5; +} diff --git a/app/templates/crate/security.gjs b/app/templates/crate/security.gjs new file mode 100644 index 0000000000..a3d2a54396 --- /dev/null +++ b/app/templates/crate/security.gjs @@ -0,0 +1,25 @@ +import { htmlSafe } from '@ember/template'; + +import CrateHeader from 'crates-io/components/crate-header'; + + diff --git a/e2e/acceptance/security.spec.ts b/e2e/acceptance/security.spec.ts new file mode 100644 index 0000000000..648993d252 --- /dev/null +++ b/e2e/acceptance/security.spec.ts @@ -0,0 +1,107 @@ +import { expect, test } from '@/e2e/helper'; +import { http, HttpResponse } from 'msw'; + +test.describe('Acceptance | crate security page', { tag: '@acceptance' }, () => { + test('show some advisories', async ({ page, msw, percy }) => { + let crate = await msw.db.crate.create({ name: 'foo' }); + await msw.db.version.create({ crate, num: '1.0.0' }); + + let advisories = [ + { + id: 'TEST-001', + summary: 'First test advisory', + details: 'This is the first test advisory with **markdown** support.', + }, + { + id: 'TEST-002', + summary: 'Second test advisory', + details: 'This is the second test advisory with more details.', + }, + ]; + + await msw.worker.use(http.get('https://rustsec.org/packages/:crateId.json', () => HttpResponse.json(advisories))); + + await page.goto('/crates/foo/security'); + + await expect(page.locator('[data-test-list] li')).toHaveCount(2); + + // Check first advisory + let advisory1 = page.locator('[data-test-list] li').nth(0); + await expect(advisory1.locator('h3 a')).toHaveAttribute('href', 'https://rustsec.org/advisories/TEST-001.html'); + await expect(advisory1.locator('h3 a')).toHaveText('TEST-001'); + await expect(advisory1.locator('h3')).toContainText('First test advisory'); + expect(await advisory1.locator('p').innerHTML()).toBe( + 'This is the first test advisory with markdown support.', + ); + + // Check second advisory + let advisory2 = page.locator('[data-test-list] li').nth(1); + await expect(advisory2.locator('h3 a')).toHaveAttribute('href', 'https://rustsec.org/advisories/TEST-002.html'); + await expect(advisory2.locator('h3 a')).toHaveText('TEST-002'); + await expect(advisory2.locator('h3')).toContainText('Second test advisory'); + expect(await advisory2.locator('p').innerHTML()).toBe('This is the second test advisory with more details.'); + + await percy.snapshot(); + }); + + test('show no advisory data when none exist', async ({ page, msw }) => { + let crate = await msw.db.crate.create({ name: 'safe-crate' }); + await msw.db.version.create({ crate, num: '1.0.0' }); + + await msw.worker.use( + http.get('https://rustsec.org/packages/:crateId.json', () => HttpResponse.text('not found', { status: 404 })), + ); + + await page.goto('/crates/safe-crate/security'); + + await expect(page.locator('[data-no-advisories]')).toBeVisible(); + await expect(page.locator('[data-no-advisories]')).toHaveText('No advisories found for this crate.'); + }); + + test('handles errors gracefully', async ({ page, msw }) => { + let crate = await msw.db.crate.create({ name: 'error-crate' }); + await msw.db.version.create({ crate, num: '1.0.0' }); + + await msw.worker.use( + http.get('https://rustsec.org/packages/:crateId.json', () => + HttpResponse.text('Internal Server Error', { status: 500 }), + ), + ); + + await page.goto('/crates/error-crate/security'); + + // When there's an error, the route redirects to the catch-all error page + await expect(page).toHaveURL('/crates/error-crate/security'); + await expect(page.locator('[data-test-404-page]')).toBeVisible(); + await expect(page.locator('[data-test-title]')).toHaveText('error-crate: Failed to load advisories'); + await expect(page.locator('[data-test-try-again]')).toBeVisible(); + }); + + test('properly escapes HTML in advisory details', async ({ page, msw }) => { + let crate = await msw.db.crate.create({ name: 'xss-test' }); + await msw.db.version.create({ crate, num: '1.0.0' }); + + let advisories = [ + { + id: 'TEST-XSS', + summary: 'Advisory with XSS attempt', + details: 'This advisory contains and should be escaped.', + }, + ]; + + await msw.worker.use(http.get('https://rustsec.org/packages/:crateId.json', () => HttpResponse.json(advisories))); + + await page.goto('/crates/xss-test/security'); + + await expect(page.locator('[data-test-list] li')).toHaveCount(1); + + let advisory = page.locator('[data-test-list] li').first(); + await expect(advisory.locator('h3 a')).toHaveText('TEST-XSS'); + await expect(advisory.locator('h3')).toContainText('Advisory with XSS attempt'); + + // Verify the script tag is escaped and not executed + expect(await advisory.locator('p').innerHTML()).toBe( + 'This advisory contains <script>alert("XSS")</script> and should be escaped.', + ); + }); +}); diff --git a/package.json b/package.json index 63d0eecc9b..f9922616a2 100644 --- a/package.json +++ b/package.json @@ -156,6 +156,8 @@ "loader.js": "4.7.0", "match-json": "1.3.7", "memory-scroll": "2.0.1", + "micromark": "4.0.2", + "micromark-extension-gfm": "^3.0.0", "msw": "2.12.7", "playwright-msw": "3.0.1", "postcss": "8.5.6", diff --git a/pnpm-lock.yaml b/pnpm-lock.yaml index 0e13c475c0..4cb1ec3c49 100644 --- a/pnpm-lock.yaml +++ b/pnpm-lock.yaml @@ -285,6 +285,12 @@ importers: memory-scroll: specifier: 2.0.1 version: 2.0.1(@babel/core@7.28.5) + micromark: + specifier: 4.0.2 + version: 4.0.2 + micromark-extension-gfm: + specifier: ^3.0.0 + version: 3.0.0 msw: specifier: 2.12.7 version: 2.12.7(@types/node@24.10.4)(typescript@5.9.3) @@ -2520,6 +2526,9 @@ packages: '@types/d3@7.4.3': resolution: {integrity: sha512-lZXZ9ckh5R8uiFVt8ogUNf+pIrK4EsWrx2Np75WvF/eTpJ0FMHNhjXk8CKEx/+gpHbNQyJWehbFaTvqmHWB3ww==} + '@types/debug@4.1.12': + resolution: {integrity: sha512-vIChWdVG3LG1SMxEvI/AK+FWJthlrqlTu7fbrlywTkkaONwk/UAGaULXRlf8vkzFBLVm0zkMdCquhL5aOjhXPQ==} + '@types/deep-eql@4.0.2': resolution: {integrity: sha512-c9h9dVVMigMPc4bwTvC5dxqtqJZwQPePsWjPlpSOnojbor6pGqdk541lfA7AqFQr5pB1BRdq0juY9db81BwyFw==} @@ -2572,6 +2581,9 @@ packages: '@types/minimatch@3.0.5': resolution: {integrity: sha512-Klz949h02Gz2uZCMGwDUSDS1YBlTdDDgbWHi+81l29tQALUtvz4rAYi5uoVhE5Lagoq6DeqAUlbrHvW/mXDgdQ==} + '@types/ms@2.1.0': + resolution: {integrity: sha512-GsCCIZDE/p3i96vtEqx+7dBUGXrc7zeSK3wwPHIaRThS+9OhWIXRqzs4d6k1SVU8g91DrNRWxWUGhp5KXQb2VA==} + '@types/node@24.10.4': resolution: {integrity: sha512-vnDVpYPMzs4wunl27jHrfmwojOGKya0xyM3sH+UE5iv5uPS6vX7UIoh6m+vQc5LGBq52HBKPIn/zcSZVzeDEZg==} @@ -3545,6 +3557,9 @@ packages: change-case@5.4.4: resolution: {integrity: sha512-HRQyTk2/YPEkt9TnUPbOpr64Uw3KOicFWPVBb+xiHvd6eBx/qPr9xqfBFDT8P2vWsvvz4jbEkfDe71W3VyNu2w==} + character-entities@2.0.2: + resolution: {integrity: sha512-shx7oQ0Awen/BRIdkjkvz54PnEEI/EjwXDSIZp86/KKdbafHh1Df/RYGBhn4hbe2+uKC9FnT5UCEdyPz3ai9hQ==} + chardet@0.7.0: resolution: {integrity: sha512-mT8iDcrh03qDGRRmoA2hmBJnxpllMR+0/0qlzjqZES6NdiWDcZkCNAk4rPFZ9Q85r27unkiNNg8ZOiwZXBHwcA==} @@ -4372,6 +4387,9 @@ packages: decimal.js@10.6.0: resolution: {integrity: sha512-YpgQiITW3JXGntzdUmyUR1V812Hn8T1YVXhCu+wO3OpS4eU9l4YdD3qjyiKdV6mvV29zapkMeD390UVEf2lkUg==} + decode-named-character-reference@1.2.0: + resolution: {integrity: sha512-c6fcElNV6ShtZXmsgNgFFV5tVX2PaV4g+MOAkb8eXHvn6sryJBrZa9r0zV6+dtTyoCKxtDy5tyQ5ZwQuidtd+Q==} + decode-uri-component@0.2.2: resolution: {integrity: sha512-FqUYQ+8o158GyGTrMFJms9qh3CqTKvAqgqsTnkLI8sKu0028orqBhxNMFkFen0zGyg6epACD32pjVk58ngIErQ==} engines: {node: '>=0.10'} @@ -4484,6 +4502,9 @@ packages: devalue@5.6.1: resolution: {integrity: sha512-jDwizj+IlEZBunHcOuuFVBnIMPAEHvTsJj0BcIp94xYguLRVBcXO853px/MyIJvbVzWdsGvrRweIUWJw8hBP7A==} + devlop@1.1.0: + resolution: {integrity: sha512-RWmIqhcFf1lRYBvNmr7qTNuyCt/7/ns2jbpp1+PalgE/rDQcBT0fioSMUpJ93irlUhC5hrg4cYqe6U+0ImW0rA==} + diff@7.0.0: resolution: {integrity: sha512-PJWHUb1RFevKCwaFA9RlG5tCd+FO5iRh9A8HEtkmBH2Li03iJriB6m6JIN4rGz3K3JLawI7/veA1xzRKP6ISBw==} engines: {node: '>=0.3.1'} @@ -6641,6 +6662,87 @@ packages: resolution: {integrity: sha512-iclAHeNqNm68zFtnZ0e+1L2yUIdvzNoauKU4WBA3VvH/vPFieF7qfRlwUZU+DA9P9bPXIS90ulxoUoCH23sV2w==} engines: {node: '>= 0.6'} + micromark-core-commonmark@2.0.3: + resolution: {integrity: sha512-RDBrHEMSxVFLg6xvnXmb1Ayr2WzLAWjeSATAoxwKYJV94TeNavgoIdA0a9ytzDSVzBy2YKFK+emCPOEibLeCrg==} + + micromark-extension-gfm-autolink-literal@2.1.0: + resolution: {integrity: sha512-oOg7knzhicgQ3t4QCjCWgTmfNhvQbDDnJeVu9v81r7NltNCVmhPy1fJRX27pISafdjL+SVc4d3l48Gb6pbRypw==} + + micromark-extension-gfm-footnote@2.1.0: + resolution: {integrity: sha512-/yPhxI1ntnDNsiHtzLKYnE3vf9JZ6cAisqVDauhp4CEHxlb4uoOTxOCJ+9s51bIB8U1N1FJ1RXOKTIlD5B/gqw==} + + micromark-extension-gfm-strikethrough@2.1.0: + resolution: {integrity: sha512-ADVjpOOkjz1hhkZLlBiYA9cR2Anf8F4HqZUO6e5eDcPQd0Txw5fxLzzxnEkSkfnD0wziSGiv7sYhk/ktvbf1uw==} + + micromark-extension-gfm-table@2.1.1: + resolution: {integrity: sha512-t2OU/dXXioARrC6yWfJ4hqB7rct14e8f7m0cbI5hUmDyyIlwv5vEtooptH8INkbLzOatzKuVbQmAYcbWoyz6Dg==} + + micromark-extension-gfm-tagfilter@2.0.0: + resolution: {integrity: sha512-xHlTOmuCSotIA8TW1mDIM6X2O1SiX5P9IuDtqGonFhEK0qgRI4yeC6vMxEV2dgyr2TiD+2PQ10o+cOhdVAcwfg==} + + micromark-extension-gfm-task-list-item@2.1.0: + resolution: {integrity: sha512-qIBZhqxqI6fjLDYFTBIa4eivDMnP+OZqsNwmQ3xNLE4Cxwc+zfQEfbs6tzAo2Hjq+bh6q5F+Z8/cksrLFYWQQw==} + + micromark-extension-gfm@3.0.0: + resolution: {integrity: sha512-vsKArQsicm7t0z2GugkCKtZehqUm31oeGBV/KVSorWSy8ZlNAv7ytjFhvaryUiCUJYqs+NoE6AFhpQvBTM6Q4w==} + + micromark-factory-destination@2.0.1: + resolution: {integrity: sha512-Xe6rDdJlkmbFRExpTOmRj9N3MaWmbAgdpSrBQvCFqhezUn4AHqJHbaEnfbVYYiexVSs//tqOdY/DxhjdCiJnIA==} + + micromark-factory-label@2.0.1: + resolution: {integrity: sha512-VFMekyQExqIW7xIChcXn4ok29YE3rnuyveW3wZQWWqF4Nv9Wk5rgJ99KzPvHjkmPXF93FXIbBp6YdW3t71/7Vg==} + + micromark-factory-space@2.0.1: + resolution: {integrity: sha512-zRkxjtBxxLd2Sc0d+fbnEunsTj46SWXgXciZmHq0kDYGnck/ZSGj9/wULTV95uoeYiK5hRXP2mJ98Uo4cq/LQg==} + + micromark-factory-title@2.0.1: + resolution: {integrity: sha512-5bZ+3CjhAd9eChYTHsjy6TGxpOFSKgKKJPJxr293jTbfry2KDoWkhBb6TcPVB4NmzaPhMs1Frm9AZH7OD4Cjzw==} + + micromark-factory-whitespace@2.0.1: + resolution: {integrity: sha512-Ob0nuZ3PKt/n0hORHyvoD9uZhr+Za8sFoP+OnMcnWK5lngSzALgQYKMr9RJVOWLqQYuyn6ulqGWSXdwf6F80lQ==} + + micromark-util-character@2.1.1: + resolution: {integrity: sha512-wv8tdUTJ3thSFFFJKtpYKOYiGP2+v96Hvk4Tu8KpCAsTMs6yi+nVmGh1syvSCsaxz45J6Jbw+9DD6g97+NV67Q==} + + micromark-util-chunked@2.0.1: + resolution: {integrity: sha512-QUNFEOPELfmvv+4xiNg2sRYeS/P84pTW0TCgP5zc9FpXetHY0ab7SxKyAQCNCc1eK0459uoLI1y5oO5Vc1dbhA==} + + micromark-util-classify-character@2.0.1: + resolution: {integrity: sha512-K0kHzM6afW/MbeWYWLjoHQv1sgg2Q9EccHEDzSkxiP/EaagNzCm7T/WMKZ3rjMbvIpvBiZgwR3dKMygtA4mG1Q==} + + micromark-util-combine-extensions@2.0.1: + resolution: {integrity: sha512-OnAnH8Ujmy59JcyZw8JSbK9cGpdVY44NKgSM7E9Eh7DiLS2E9RNQf0dONaGDzEG9yjEl5hcqeIsj4hfRkLH/Bg==} + + micromark-util-decode-numeric-character-reference@2.0.2: + resolution: {integrity: sha512-ccUbYk6CwVdkmCQMyr64dXz42EfHGkPQlBj5p7YVGzq8I7CtjXZJrubAYezf7Rp+bjPseiROqe7G6foFd+lEuw==} + + micromark-util-encode@2.0.1: + resolution: {integrity: sha512-c3cVx2y4KqUnwopcO9b/SCdo2O67LwJJ/UyqGfbigahfegL9myoEFoDYZgkT7f36T0bLrM9hZTAaAyH+PCAXjw==} + + micromark-util-html-tag-name@2.0.1: + resolution: {integrity: sha512-2cNEiYDhCWKI+Gs9T0Tiysk136SnR13hhO8yW6BGNyhOC4qYFnwF1nKfD3HFAIXA5c45RrIG1ub11GiXeYd1xA==} + + micromark-util-normalize-identifier@2.0.1: + resolution: {integrity: sha512-sxPqmo70LyARJs0w2UclACPUUEqltCkJ6PhKdMIDuJ3gSf/Q+/GIe3WKl0Ijb/GyH9lOpUkRAO2wp0GVkLvS9Q==} + + micromark-util-resolve-all@2.0.1: + resolution: {integrity: sha512-VdQyxFWFT2/FGJgwQnJYbe1jjQoNTS4RjglmSjTUlpUMa95Htx9NHeYW4rGDJzbjvCsl9eLjMQwGeElsqmzcHg==} + + micromark-util-sanitize-uri@2.0.1: + resolution: {integrity: sha512-9N9IomZ/YuGGZZmQec1MbgxtlgougxTodVwDzzEouPKo3qFWvymFHWcnDi2vzV1ff6kas9ucW+o3yzJK9YB1AQ==} + + micromark-util-subtokenize@2.1.0: + resolution: {integrity: sha512-XQLu552iSctvnEcgXw6+Sx75GflAPNED1qx7eBJ+wydBb2KCbRZe+NwvIEEMM83uml1+2WSXpBAcp9IUCgCYWA==} + + micromark-util-symbol@2.0.1: + resolution: {integrity: sha512-vs5t8Apaud9N28kgCrRUdEed4UJ+wWNvicHLPxCa9ENlYuAY31M0ETy5y1vA33YoNPDFTghEbnh6efaE8h4x0Q==} + + micromark-util-types@2.0.2: + resolution: {integrity: sha512-Yw0ECSpJoViF1qTU4DC6NwtC4aWGt1EkzaQB8KPPyCRR8z9TWeV0HbEFGTO+ZY1wB22zmxnJqhPyTpOVCpeHTA==} + + micromark@4.0.2: + resolution: {integrity: sha512-zpe98Q6kvavpCr1NPVSCMebCKfD7CA2NqZ+rykeNhONIJBpc1tFKt9hucLGwha3jNTNI8lHpctWJWoimVF4PfA==} + micromatch@3.1.10: resolution: {integrity: sha512-MWikgl9n9M3w+bpsY3He8L+w9eF9338xRl8IAO5viDizwSzziFEyUzo2xrrloB64ADbTf8uA8vRqqttDTOmccg==} engines: {node: '>=0.10.0'} @@ -12318,6 +12420,10 @@ snapshots: '@types/d3-transition': 3.0.9 '@types/d3-zoom': 3.0.8 + '@types/debug@4.1.12': + dependencies: + '@types/ms': 2.1.0 + '@types/deep-eql@4.0.2': {} '@types/eslint-scope@3.7.7': @@ -12379,6 +12485,8 @@ snapshots: '@types/minimatch@3.0.5': {} + '@types/ms@2.1.0': {} + '@types/node@24.10.4': dependencies: undici-types: 7.16.0 @@ -13801,6 +13909,8 @@ snapshots: change-case@5.4.4: {} + character-entities@2.0.2: {} + chardet@0.7.0: {} chardet@2.1.1: {} @@ -14483,6 +14593,10 @@ snapshots: decimal.js@10.6.0: {} + decode-named-character-reference@1.2.0: + dependencies: + character-entities: 2.0.2 + decode-uri-component@0.2.2: {} decorator-transforms@1.2.1(@babel/core@7.28.5): @@ -14577,6 +14691,10 @@ snapshots: devalue@5.6.1: {} + devlop@1.1.0: + dependencies: + dequal: 2.0.3 + diff@7.0.0: {} dir-glob@3.0.1: @@ -17717,6 +17835,190 @@ snapshots: methods@1.1.2: {} + micromark-core-commonmark@2.0.3: + dependencies: + decode-named-character-reference: 1.2.0 + devlop: 1.1.0 + micromark-factory-destination: 2.0.1 + micromark-factory-label: 2.0.1 + micromark-factory-space: 2.0.1 + micromark-factory-title: 2.0.1 + micromark-factory-whitespace: 2.0.1 + micromark-util-character: 2.1.1 + micromark-util-chunked: 2.0.1 + micromark-util-classify-character: 2.0.1 + micromark-util-html-tag-name: 2.0.1 + micromark-util-normalize-identifier: 2.0.1 + micromark-util-resolve-all: 2.0.1 + micromark-util-subtokenize: 2.1.0 + micromark-util-symbol: 2.0.1 + micromark-util-types: 2.0.2 + + micromark-extension-gfm-autolink-literal@2.1.0: + dependencies: + micromark-util-character: 2.1.1 + micromark-util-sanitize-uri: 2.0.1 + micromark-util-symbol: 2.0.1 + micromark-util-types: 2.0.2 + + micromark-extension-gfm-footnote@2.1.0: + dependencies: + devlop: 1.1.0 + micromark-core-commonmark: 2.0.3 + micromark-factory-space: 2.0.1 + micromark-util-character: 2.1.1 + micromark-util-normalize-identifier: 2.0.1 + micromark-util-sanitize-uri: 2.0.1 + micromark-util-symbol: 2.0.1 + micromark-util-types: 2.0.2 + + micromark-extension-gfm-strikethrough@2.1.0: + dependencies: + devlop: 1.1.0 + micromark-util-chunked: 2.0.1 + micromark-util-classify-character: 2.0.1 + micromark-util-resolve-all: 2.0.1 + micromark-util-symbol: 2.0.1 + micromark-util-types: 2.0.2 + + micromark-extension-gfm-table@2.1.1: + dependencies: + devlop: 1.1.0 + micromark-factory-space: 2.0.1 + micromark-util-character: 2.1.1 + micromark-util-symbol: 2.0.1 + micromark-util-types: 2.0.2 + + micromark-extension-gfm-tagfilter@2.0.0: + dependencies: + micromark-util-types: 2.0.2 + + micromark-extension-gfm-task-list-item@2.1.0: + dependencies: + devlop: 1.1.0 + micromark-factory-space: 2.0.1 + micromark-util-character: 2.1.1 + micromark-util-symbol: 2.0.1 + micromark-util-types: 2.0.2 + + micromark-extension-gfm@3.0.0: + dependencies: + micromark-extension-gfm-autolink-literal: 2.1.0 + micromark-extension-gfm-footnote: 2.1.0 + micromark-extension-gfm-strikethrough: 2.1.0 + micromark-extension-gfm-table: 2.1.1 + micromark-extension-gfm-tagfilter: 2.0.0 + micromark-extension-gfm-task-list-item: 2.1.0 + micromark-util-combine-extensions: 2.0.1 + micromark-util-types: 2.0.2 + + micromark-factory-destination@2.0.1: + dependencies: + micromark-util-character: 2.1.1 + micromark-util-symbol: 2.0.1 + micromark-util-types: 2.0.2 + + micromark-factory-label@2.0.1: + dependencies: + devlop: 1.1.0 + micromark-util-character: 2.1.1 + micromark-util-symbol: 2.0.1 + micromark-util-types: 2.0.2 + + micromark-factory-space@2.0.1: + dependencies: + micromark-util-character: 2.1.1 + micromark-util-types: 2.0.2 + + micromark-factory-title@2.0.1: + dependencies: + micromark-factory-space: 2.0.1 + micromark-util-character: 2.1.1 + micromark-util-symbol: 2.0.1 + micromark-util-types: 2.0.2 + + micromark-factory-whitespace@2.0.1: + dependencies: + micromark-factory-space: 2.0.1 + micromark-util-character: 2.1.1 + micromark-util-symbol: 2.0.1 + micromark-util-types: 2.0.2 + + micromark-util-character@2.1.1: + dependencies: + micromark-util-symbol: 2.0.1 + micromark-util-types: 2.0.2 + + micromark-util-chunked@2.0.1: + dependencies: + micromark-util-symbol: 2.0.1 + + micromark-util-classify-character@2.0.1: + dependencies: + micromark-util-character: 2.1.1 + micromark-util-symbol: 2.0.1 + micromark-util-types: 2.0.2 + + micromark-util-combine-extensions@2.0.1: + dependencies: + micromark-util-chunked: 2.0.1 + micromark-util-types: 2.0.2 + + micromark-util-decode-numeric-character-reference@2.0.2: + dependencies: + micromark-util-symbol: 2.0.1 + + micromark-util-encode@2.0.1: {} + + micromark-util-html-tag-name@2.0.1: {} + + micromark-util-normalize-identifier@2.0.1: + dependencies: + micromark-util-symbol: 2.0.1 + + micromark-util-resolve-all@2.0.1: + dependencies: + micromark-util-types: 2.0.2 + + micromark-util-sanitize-uri@2.0.1: + dependencies: + micromark-util-character: 2.1.1 + micromark-util-encode: 2.0.1 + micromark-util-symbol: 2.0.1 + + micromark-util-subtokenize@2.1.0: + dependencies: + devlop: 1.1.0 + micromark-util-chunked: 2.0.1 + micromark-util-symbol: 2.0.1 + micromark-util-types: 2.0.2 + + micromark-util-symbol@2.0.1: {} + + micromark-util-types@2.0.2: {} + + micromark@4.0.2: + dependencies: + '@types/debug': 4.1.12 + debug: 4.4.3(supports-color@8.1.1) + decode-named-character-reference: 1.2.0 + devlop: 1.1.0 + micromark-core-commonmark: 2.0.3 + micromark-factory-space: 2.0.1 + micromark-util-character: 2.1.1 + micromark-util-chunked: 2.0.1 + micromark-util-combine-extensions: 2.0.1 + micromark-util-decode-numeric-character-reference: 2.0.2 + micromark-util-encode: 2.0.1 + micromark-util-normalize-identifier: 2.0.1 + micromark-util-resolve-all: 2.0.1 + micromark-util-sanitize-uri: 2.0.1 + micromark-util-subtokenize: 2.1.0 + micromark-util-symbol: 2.0.1 + micromark-util-types: 2.0.2 + transitivePeerDependencies: + - supports-color + micromatch@3.1.10: dependencies: arr-diff: 4.0.0