Update dependency

html-minifier <3.5.0 has ReDoS vulnerability https://snyk.io/test/npm/hexo-neat
2018-09-27 14:57:16 +09:30 · 2018-09-27 14:57:16 +09:30 · 2c9fc74660
parent 28969670e8
commit 2c9fc74660
5 changed files with 201 additions and 49 deletions
--- a/.gitignore
+++ b/.gitignore
@ -0,0 +1,4 @@
+.DS_Store
+node_modules/
+tmp/
+*.log
--- a/README.md
+++ b/README.md
@ -1,25 +1,24 @@
-# status
-[![npm version](https://badge.fury.io/js/hexo-neat.svg)](https://badge.fury.io/js/hexo-neat)
+# Hexo-yam

-# Hexo-neat
+> This project is based on [hexo-neat](https://github.com/rozbo/hexo-neat)
+Yet Another Minifier for Hexo.
+The original package has not been [updated](https://www.npmjs.com/package/hexo-neat) for a while. Its outdated dependencies suffer from minor [vulnerability](https://snyk.io/test/npm/hexo-neat).

-I want a profect page to show for my blog, so I made this.
-
-## Show
-[青枫浦](http://post.zz173.com)
+All the options are the same, so you can use this as a drop-in replacement.

 ## Installation
 ``` bash
-$ npm install hexo-neat --save
+$ npm install hexo-yam --save
 ```

-
-## Options
-To Enable Auto neat , you must config like this:
+## Usage
+To enable this plugin, insert the following to `_config.yml`:
 ``` yaml
 neat_enable: true
 ```
+For further customization, see below.

+## Options
 ``` yaml
 neat_html:
  enable: true
@ -29,6 +28,7 @@ neat_html:
 - **logger** - Print log switch. Defaults to `true`.
 - **exclude**: Exclude files
 **Note:** there are so many params please see '[HTMLMinifier](https://github.com/kangax/html-minifier)'
+
 ----------

 ``` yaml
@ -60,8 +60,9 @@ neat_js:
 - **exclude**: Exclude files


-## Thanks
-Say Very Thanks for this gays:
+## Credits
+All credits go to the following work:
+- [hexo-neat](https://github.com/rozbo/hexo-neat) by rozbo
 - neat html by [HTMLMinifier](https://github.com/kangax/html-minifier)
 - neat css  by [clean-css](https://github.com/jakubpawlowicz/clean-css)
 - neat js   by  [UglifyJS](http://lisperator.net/uglifyjs/)
--- a/lib/filter.js
+++ b/lib/filter.js
@ -28,11 +28,8 @@ function logic_html(str, data) {
    var saved = ((str.length - result.length) / str.length * 100).toFixed(2);
    if (options.logger) {
        var log = hexo.log || console.log;
-        log.log('neat the html: %s [ %s saved]', path, saved + '%');
+        log.log('Minify the html: %s [ %s saved]', path, saved + '%');
    }
-    var prefix = '<!-- build time:' + Date() + " -->";
-    var end = '<!-- rebuild by neat -->';
-    result = prefix + result + end;
    return result;
 };

@ -56,13 +53,10 @@ function logic_css(str, data) {
        new CleanCSS(options).minify(str, function (err, result) {
            if (err) return reject(err);
            var saved = ((str.length - result.styles.length) / str.length * 100).toFixed(2);
-            var prefix = '/* build time:' + Date().toLocaleString() + "*/\n";
-            var end = '\n/* rebuild by neat */';
-            var css_result = prefix + result.styles + end;
-            resolve(css_result);
+            resolve(result.styles);
            if (options.logger) {
                var log = hexo.log || console.log;
-                log.log('neat the css: %s [ %s saved]', path, saved + '%');
+                log.log('Minify the css: %s [ %s saved]', path, saved + '%');
            }
        });
    });
@ -84,16 +78,16 @@ function logic_js(str, data) {
        }
    }

+    //uglifyjs doesn't like 'enable' option
+    delete options.enable
    var result = UglifyJS.minify(str, options);
+    console.log(result.error);
    var saved = ((str.length - result.code.length) / str.length * 100).toFixed(2);
    if (options.logger) {
        var log = hexo.log || console.log;
-        log.log('neat the js: %s [ %s saved]', path, saved + '%');
+        log.log('Minify the js: %s [ %s saved]', path, saved + '%');
    }
-    var prefix = '// build time:' + Date().toLocaleString() + "\n";
-    var end = '\n//rebuild by neat ';
-    var js_result = prefix + result.code + end;
-    return js_result;
+    return result.code;
 }

 module.exports = {
--- a/package-lock.json
+++ b/package-lock.json
@ -0,0 +1,155 @@
+{
+  "name": "hexo-yam",
+  "version": "0.1.0",
+  "lockfileVersion": 1,
+  "requires": true,
+  "dependencies": {
+    "any-promise": {
+      "version": "1.3.0",
+      "resolved": "https://registry.npmjs.org/any-promise/-/any-promise-1.3.0.tgz",
+      "integrity": "sha1-q8av7tzqUugJzcA3au0845Y10X8="
+    },
+    "balanced-match": {
+      "version": "1.0.0",
+      "resolved": "https://registry.npmjs.org/balanced-match/-/balanced-match-1.0.0.tgz",
+      "integrity": "sha1-ibTRmasr7kneFk6gK4nORi1xt2c="
+    },
+    "bluebird": {
+      "version": "3.5.2",
+      "resolved": "https://registry.npmjs.org/bluebird/-/bluebird-3.5.2.tgz",
+      "integrity": "sha512-dhHTWMI7kMx5whMQntl7Vr9C6BvV10lFXDAasnqnrMYhXVCzzk6IO9Fo2L75jXHT07WrOngL1WDXOp+yYS91Yg=="
+    },
+    "brace-expansion": {
+      "version": "1.1.11",
+      "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-1.1.11.tgz",
+      "integrity": "sha512-iCuPHDFgrHX7H2vEI/5xpz07zSHB00TpugqhmYtVmMO6518mCuRMoOYFldEBl0g187ufozdaHgWKcYFb61qGiA==",
+      "requires": {
+        "balanced-match": "^1.0.0",
+        "concat-map": "0.0.1"
+      }
+    },
+    "camel-case": {
+      "version": "3.0.0",
+      "resolved": "https://registry.npmjs.org/camel-case/-/camel-case-3.0.0.tgz",
+      "integrity": "sha1-yjw2iKTpzzpM2nd9xNy8cTJJz3M=",
+      "requires": {
+        "no-case": "^2.2.0",
+        "upper-case": "^1.1.1"
+      }
+    },
+    "clean-css": {
+      "version": "4.2.1",
+      "resolved": "https://registry.npmjs.org/clean-css/-/clean-css-4.2.1.tgz",
+      "integrity": "sha512-4ZxI6dy4lrY6FHzfiy1aEOXgu4LIsW2MhwG0VBKdcoGoH/XLFgaHSdLTGr4O8Be6A8r3MOphEiI8Gc1n0ecf3g==",
+      "requires": {
+        "source-map": "~0.6.0"
+      }
+    },
+    "commander": {
+      "version": "2.17.1",
+      "resolved": "https://registry.npmjs.org/commander/-/commander-2.17.1.tgz",
+      "integrity": "sha512-wPMUt6FnH2yzG95SA6mzjQOEKUU3aLaDEmzs1ti+1E9h+CsrZghRlqEM/EJ4KscsQVG8uNN4uVreUeT8+drlgg=="
+    },
+    "concat-map": {
+      "version": "0.0.1",
+      "resolved": "https://registry.npmjs.org/concat-map/-/concat-map-0.0.1.tgz",
+      "integrity": "sha1-2Klr13/Wjfd5OnMDajug1UBdR3s="
+    },
+    "he": {
+      "version": "1.1.1",
+      "resolved": "https://registry.npmjs.org/he/-/he-1.1.1.tgz",
+      "integrity": "sha1-k0EP0hsAlzUVH4howvJx80J+I/0="
+    },
+    "html-minifier": {
+      "version": "3.5.20",
+      "resolved": "https://registry.npmjs.org/html-minifier/-/html-minifier-3.5.20.tgz",
+      "integrity": "sha512-ZmgNLaTp54+HFKkONyLFEfs5dd/ZOtlquKaTnqIWFmx3Av5zG6ZPcV2d0o9XM2fXOTxxIf6eDcwzFFotke/5zA==",
+      "requires": {
+        "camel-case": "3.0.x",
+        "clean-css": "4.2.x",
+        "commander": "2.17.x",
+        "he": "1.1.x",
+        "param-case": "2.1.x",
+        "relateurl": "0.2.x",
+        "uglify-js": "3.4.x"
+      },
+      "dependencies": {
+        "uglify-js": {
+          "version": "3.4.9",
+          "resolved": "https://registry.npmjs.org/uglify-js/-/uglify-js-3.4.9.tgz",
+          "integrity": "sha512-8CJsbKOtEbnJsTyv6LE6m6ZKniqMiFWmm9sRbopbkGs3gMPPfd3Fh8iIA4Ykv5MgaTbqHr4BaoGLJLZNhsrW1Q==",
+          "requires": {
+            "commander": "~2.17.1",
+            "source-map": "~0.6.1"
+          }
+        }
+      }
+    },
+    "lower-case": {
+      "version": "1.1.4",
+      "resolved": "https://registry.npmjs.org/lower-case/-/lower-case-1.1.4.tgz",
+      "integrity": "sha1-miyr0bno4K6ZOkv31YdcOcQujqw="
+    },
+    "minimatch": {
+      "version": "3.0.4",
+      "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-3.0.4.tgz",
+      "integrity": "sha512-yJHVQEhyqPLUTgt9B83PXu6W3rx4MvvHvSUvToogpwoGDOUQ+yDrR0HRot+yOCdCO7u4hX3pWft6kWBBcqh0UA==",
+      "requires": {
+        "brace-expansion": "^1.1.7"
+      }
+    },
+    "no-case": {
+      "version": "2.3.2",
+      "resolved": "https://registry.npmjs.org/no-case/-/no-case-2.3.2.tgz",
+      "integrity": "sha512-rmTZ9kz+f3rCvK2TD1Ue/oZlns7OGoIWP4fc3llxxRXlOkHKoWPPWJOfFYpITabSow43QJbRIoHQXtt10VldyQ==",
+      "requires": {
+        "lower-case": "^1.1.1"
+      }
+    },
+    "object-assign": {
+      "version": "4.1.1",
+      "resolved": "https://registry.npmjs.org/object-assign/-/object-assign-4.1.1.tgz",
+      "integrity": "sha1-IQmtx5ZYh8/AXLvUQsrIv7s2CGM="
+    },
+    "param-case": {
+      "version": "2.1.1",
+      "resolved": "https://registry.npmjs.org/param-case/-/param-case-2.1.1.tgz",
+      "integrity": "sha1-35T9jPZTHs915r75oIWPvHK+Ikc=",
+      "requires": {
+        "no-case": "^2.2.0"
+      }
+    },
+    "relateurl": {
+      "version": "0.2.7",
+      "resolved": "https://registry.npmjs.org/relateurl/-/relateurl-0.2.7.tgz",
+      "integrity": "sha1-VNvzd+UUQKypCkzSdGANP/LYiKk="
+    },
+    "source-map": {
+      "version": "0.6.1",
+      "resolved": "https://registry.npmjs.org/source-map/-/source-map-0.6.1.tgz",
+      "integrity": "sha512-UjgapumWlbMhkBgzT7Ykc5YXUT46F0iKu8SGXq0bcwP5dz/h0Plj6enJqjz1Zbq2l5WaqYnrVbwWOWMyF3F47g=="
+    },
+    "stream-to-array": {
+      "version": "2.3.0",
+      "resolved": "https://registry.npmjs.org/stream-to-array/-/stream-to-array-2.3.0.tgz",
+      "integrity": "sha1-u/azn19D7DC8cbq8s3VXrOzzQ1M=",
+      "requires": {
+        "any-promise": "^1.1.0"
+      }
+    },
+    "uglify-js": {
+      "version": "3.4.9",
+      "resolved": "https://registry.npmjs.org/uglify-js/-/uglify-js-3.4.9.tgz",
+      "integrity": "sha512-8CJsbKOtEbnJsTyv6LE6m6ZKniqMiFWmm9sRbopbkGs3gMPPfd3Fh8iIA4Ykv5MgaTbqHr4BaoGLJLZNhsrW1Q==",
+      "requires": {
+        "commander": "~2.17.1",
+        "source-map": "~0.6.1"
+      }
+    },
+    "upper-case": {
+      "version": "1.1.3",
+      "resolved": "https://registry.npmjs.org/upper-case/-/upper-case-1.1.3.tgz",
+      "integrity": "sha1-9rRQHC7EzdJrp4vnIilh3ndiFZg="
+    }
+  }
+}
--- a/package.json
+++ b/package.json
@ -1,37 +1,35 @@
 {
-  "author": {
-    "name": "rozbo"
+  "name": "hexo-yam",
+  "description": "Yet Another Minifier. Minify html, js and css",
+  "version": "0.1.0",
+  "readme": "README.md",
+  "main": "index.js",
+  "directories": {
+    "lib": "./lib"
  },
+  "engines": {
+    "node": ">= 8"
+  },
+  "author": "weyusi",
+  "license": "MIT",
  "repository": {
    "type": "git",
-    "url": "git@github.com:rozbo/hexo-neat.git"
+    "url": "https://github.com/weyusi/hexo-yam.git"
  },
  "dependencies": {
-    "bluebird": "^3.3.5",
-    "clean-css": ">2.0.0",
-    "html-minifier": "^2.1.2",
-    "minimatch": "^3.0.0",
-    "object-assign": "^4.1.0",
+    "bluebird": "^3.5.2",
+    "clean-css": "^4.2.1",
+    "html-minifier": "^3.5.20",
+    "minimatch": "^3.0.4",
+    "object-assign": "^4.1.1",
    "stream-to-array": "^2.3.0",
-    "uglify-js": "~2.6.2"
+    "uglify-js": "^3.4.9"
  },
-  "description": "auto Minify html、js、css and make it neat",
-  "devDependencies": {},
-  "directories": {},
  "keywords": [
    "html",
    "js",
    "css",
    "hexo",
    "minify"
-  ],
-  "license": "MIT",
-  "main": "index.js",
-  "name": "hexo-neat",
-  "optionalDependencies": {},
-  "readme": "ERROR: No README data found!",
-  "scripts": {
-    "test": "echo \"Error: no test specified\" && exit 1"
-  },
-  "version": "1.0.4"
+  ]
 }