用来显示 markdown 文档的,基于 gin 框架的, go 语言开发的博客

Bro Qiang 博客

示例: broqiang.com (个人博客,正在使用)

源码: github.com/broqiang/mdblog

提示

此项目已经由 dep 管理更换为 mod 管理

环境

  • 开发环境 Ubuntu 18.04

  • 服务器环境 CentOS 7.6

其他环境没有测试过,不确定是否兼容(如 Windows、MAC), 后面的所有步骤都假定是在 Linux(上面两种系统) 下完成。

快速使用

如果不需要自己编译,只是想要查看下效果,可以直接下载mdblog.tar.gz 这个我已经编译好了的版本到本地,然后执行:

tar xzvf mdblog.tar.gz
cd mdblog
./blog

./blog 之前需要先 配置 一下配置文件

然后浏览器访问 http://localhost:8091

即可查看效果,只需要在 resource/blog-docs 目录中放入 markdown 文件即可使用。

需要注意, markdown 文件必须放在 blog-docs 的二级目录下才会被解析,如: resources/blog-docs/linux

如果想要修改,或者查看源码,请继续往下看文档。

需求

  • go 语言为主的博客

  • 博客放在我自己服务器上

  • 博客展示的是 markdown 文档

  • 博客的原始文件( *.md 文件)放在 github 上,直接 github 直接更新文件,博客同步更新

按照上面的需求,最终就是一个静态动态结合的博客,完成后就是本博客了。 大体的思路是这样的,在 github 上创建一个专门用来保存 .md 文件的仓库 blog-docs, 将这个仓库 clone 到本博客项目的一个目录下(可以通过配置放在任意目录)。然后启动本博客系统,来解析 markdown 文本文件,用来展示。 当 blog-docs 文件仓库更新时,博客系统运行的内容自动更新。

依赖

Go 语言的依赖

  • go 版本是 go1.12 linux/amd64 , 其他版本未测试。

  • golang/dep 用来管理 go 中的依赖, 已经废除,采用 Go modules 来管理依赖

  • gin-gonic/gin 引擎及路由

  • BurntSushi/toml 用来处理 toml 格式的配置文件

  • russross/blackfriday 用来将 markdown 文本转换成 HTML 使用的是 1.5.2 版本。

  • microcosm-cc/bluemonday HTML清理程序, 配合 blackfriday 来处理 markdown 的转换。

前端的依赖

  • nodejs 因为前端 scss 和 js 的编译是依赖于这个

  • laravel-mix 相当于一个 webpack 的包装器,用来管理前端静态资源,以前用 Laravel 框架的时候觉得这个用来管理前端的内容很顺手,试了下,原来可以单独使用, 就用了。

  • jquery 因为 Bootstrap 依赖它。

  • bootstrap 前端框架,用于页面展示。

  • sindresorhus/github-markdown-css markdown 文档的样式使用的这个 css

  • highlightjs/highlight.js markdown 代码块高亮使用的此插件

  • 阿里矢量图标库 这个不错,按照需求定制,暂时我只用了 3 个图标

编译

编译需要编译两部分的内容,前端(webpack)和 Go 。

Go 编译

编译前要保证已经正确安装了 Go 环境,并配置好环境变量, GOROOT 和 GOPATH

安装 dep(已废弃)

这个是一个官方的依赖管理工作,见 https://github.com/golang/dep , 有详细的介绍和安装步骤。

安装

go get -u github.com/golang/dep/cmd/dep

然后执行下面命令,查看结果,如果有下面类似的结果证明安装成功

$ dep version
dep:
 version     : devel
 build date  :
 git hash    :
 go version  : go1.12
 go compiler : gc
 platform    : linux/amd64
 features    : ImportDuringSolve=false

安装博客

这是要指定目录,因为 GOPATH 的引入着这样做的,如果想要换成其他目录,需要同时修改包的导入路径。

# 创建项目保存的目录
mkdir $GOPATH/src/github.com/broqiang

# 进入到目录
cd $GOPATH/src/github.com/broqiang

# 下载项目
git clone https://github.com/BroQiang/mdblog.git

# 初始化项目(恢复依赖)
go mod tidy

PS: 如果 go mod 有包因为墙无法更新, 可以配置国内镜像,详细见 https://goproxy.cn

修改配置文件

需要将项目 mdblog 目录下的 config/config.example.toml 复制一份

cd yourpath/config
cp config.example.toml config.toml

然后根据需要修改下配置,在配置文件中有详细的注释,说明每一个配置是用来做什么的。

启动服务

go run 方式:

这种方式一般就是开发时候使用,编译后的文件会生成在临时目录,所以一些静态文件会找不到, 所以这里要传入一个参数,告诉程序项目根目录在哪里。

# 可以指定目录(要绝对路径),$(pwd) 就是当前所在目录的绝对路径
go run -root=$(pwd)

此时就可以访问了,如配置文件默认的 8091 端口,在浏览器访问 http://localhost:8091

go build 编译方式:

# 编译
go build blog.go

# 运行
./blog

# 或通过绝对路径运行
/yourpath/blog

使用编译后的二进制文件启动服务的话,默认的项目根目录就是可执行文件所在的目录,如果目录结构没有改变的话可以不用传入 -root 参数,如果改变了,静态文件和可执行文件不在相同的目录,仍然需要在启动的时候传入 -root= 参数。

前端资源编译

如果只是使用本博客,不需要自定义 css 和 js 等,可以略过此步骤。

编译前要保证已经安装了 npm 环境,因为 npm 有些慢,我使用的 yarn 来初始化前端依赖(npm 仍然需要安装)

这里使用了个 laravel-mix 来统一管理静态资源(个人觉得比较方便,不喜欢的可以随意替换)。

配置文件:

config/webpack.mix.js

这里也没做什么特殊的事情,就是将所有的 scss 和 js 分别打包成一个单一的文件

打包前的文件保存在 resources/assets , 分别存放了 scss 文件和 js 文件

编译后的文件存放在 resources/static 中,这个是项目真实使用的静态文件目录,对应的 http 方式的访问路径是 /public

markdown 文件配置

markdown 的一些初始配置保存在 config/categories.toml 中,这个主要用于配置顶部的菜单导航, 可以有链接和需要解析的 markdown 文件仓库的二级目录,详细规则查看配置文件中的注释,有详细的备注。

配置自动启动

在 Linux 下,可以将启动程序加入到 Systemd 中,就可以通过 systemctl 命令来管理服务,可以方便的启动或停止

编写一个脚本,将下面内容保存到 /lib/systemd/system 目录中, 例如

用 vim 打开 sudo vim /lib/systemd/system/mdblog.service ,此时默认是一个空文件(如果没有使用过), 写入:

[Unit]
Description=blog - This is BroQiang blog
Documentation=https://broqiang.com
After=network.target remote-fs.target nss-lookup.target

[Service]
Type=simple
ExecStart=/www/web/mdblog/blog
ExecReload=/bin/kill $MAINPID && /www/web/mdblog/blog
ExecStop=/bin/kill -s QUIT $MAINPID
Restart=always

[Install]
WantedBy=multi-user.target

注意里面的项目目录 /www/web/mdblog/blog 要替换成实际的项目目录

此版本还没有实现热启动,启动和停止都是强制的,后面会陆续实现(不过这是个静态的博客,暂时没有数据交互,冷启动貌似也没大问题)。

添加完成上面的脚本就可以通过 Systemd 服务来管理了。

# 启动服务
sudo systemctl start mdblog

# 停止服务
sudo systemctl stop mdblog

# 配置开机自动启动
sudo systemctl enable mdblog

# 取消开机自动启动
sudo systemctl disable mdblog

配置 Nginx 转发

如果服务器只有一个 Go 服务,完全不需要 Nginx 了, 直接在配置文件中将端口改成 80 就可以了。 (不支持 ssl , 也不计划支持,因为我自己实际使用是通过 Nginx 代理的,在 Nginx 中已经配置了证书)

在 Nginx 中添加一个虚拟主机(server 部分)

server {
    listen       443; # 如果没有使用 https 可以将此端口改成 80

    # 如果没有使用 https 可以将下面三行关于证书的配置删除
    ssl on;
    ssl_certificate /etc/letsencrypt/live/broqiang.com/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/broqiang.com/privkey.pem;

    server_name broqiang.com www.broqiang.com;

    # 下面的配置是将 www.broqiang.com 的请求 301 到 broqiang.com ,如果只有一个域名可以去掉下面 3 行
    if ($host = 'www.broqiang.com'){
            rewrite ^/(.*)$ https://broqiang.com/$1 permanent;
    }

    # 访问日志, 这里和 mdblog 启动一个即可,要想关闭的话 access_log off;
    access_log /www/webLogs/go-blog_access.log;

    location / {
        # 将请求转发到 mdblog ,根据实际的监听地址修改
        proxy_pass http://127.0.0.1:8091;
    }
}

配置 github 钩子

https://github.com/BroQiang/blog-docs 项目中添加一个 Webhooks, 配置下面内容:

  • Payload URL: https://broqiang.com/webhook

  • Content type: 选择 application/json

  • Secret: 自定义一个密钥,要和 config.toml 中的 secret 的值保持一直

钩子生效后, blog-docs 再 push 的时候 mdblog 就可以自动更新文档并显示了。

更新日志

2019-04-28

添加 github 钩子,自动同步 blog-docs 的文档

2020-02-26

好久没有更新了, 正好 ssl 证书到期了,阿里云又给我发来了网站备案的整改通知, github 没有发来了前端 js 的漏洞通知, 就一起解决了, 顺便将之前的替换 Go modules 部分的文档修改

  • footer 中整改备案跳转 www.beian.miit.gov.cn

  • 更新前端插件到最新(github 说有漏洞, 也没去仔细查看)

  • 更新 readme 文档

Owner
broqiang
一个不断学习中的程序员……
broqiang
Comments
  • Bump url-parse from 1.4.7 to 1.5.7

    Bump url-parse from 1.4.7 to 1.5.7

    Bumps url-parse from 1.4.7 to 1.5.7.

    Commits
    • 8b3f5f2 1.5.7
    • ef45a13 [fix] Readd the empty userinfo to url.href (#226)
    • 88df234 [doc] Add soft deprecation notice
    • 78e9f2f [security] Fix nits
    • e6fa434 [security] Add credits for incorrect handling of userinfo vulnerability
    • 4c9fa23 1.5.6
    • 7b0b8a6 Merge pull request #223 from unshiftio/fix/at-sign-handling-in-userinfo
    • e4a5807 1.5.5
    • 193b44b [minor] Simplify whitespace regex
    • 319851b [fix] Remove CR, HT, and LF
    • Additional commits viewable in compare view

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
    • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
    • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
    • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

    You can disable automated security fix PRs for this repo from the Security Alerts page.

  • Bump follow-redirects from 1.11.0 to 1.14.7

    Bump follow-redirects from 1.11.0 to 1.14.7

    Bumps follow-redirects from 1.11.0 to 1.14.7.

    Commits
    • 2ede36d Release version 1.14.7 of the npm package.
    • 8b347cb Drop Cookie header across domains.
    • 6f5029a Release version 1.14.6 of the npm package.
    • af706be Ignore null headers.
    • d01ab7a Release version 1.14.5 of the npm package.
    • 40052ea Make compatible with Node 17.
    • 86f7572 Fix: clear internal timer on request abort to avoid leakage
    • 2e1eaf0 Keep Authorization header on subdomain redirects.
    • 2ad9e82 Carry over Host header on relative redirects (#172)
    • 77e2a58 Release version 1.14.4 of the npm package.
    • Additional commits viewable in compare view

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
    • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
    • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
    • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

    You can disable automated security fix PRs for this repo from the Security Alerts page.

  • Bump github.com/microcosm-cc/bluemonday from 1.0.2 to 1.0.16

    Bump github.com/microcosm-cc/bluemonday from 1.0.2 to 1.0.16

    Bumps github.com/microcosm-cc/bluemonday from 1.0.2 to 1.0.16.

    Release notes

    Sourced from github.com/microcosm-cc/bluemonday's releases.

    Prevent a HTML sanitization vulnerability

    CVE-2021-42576

    A vulnerability was discovered by https://github.com/TomAnthony https://www.tomanthony.co.uk/ which allowed the contents of a style tag to be leaked unsanitized by bluemonday into the HTML output. Further it was demonstrated that if the form elements select and option were allowed by the policy that this could result in a successful XSS.

    You would only be vulnerable to if if you allowed style, select and option in your HTML sanitization policy:

    p := bluemonday.NewPolicy()
    p.AllowElements("style","select")
    html := p.Sanitize(`<select><option><style><script>alert(1)</script>`)
    fmt.Println(html)
    

    bluemonday very strongly recommends not allowing the style element in a policy. It is fundamentally unsafe as we do not have a CSS sanitizer and the content is passed through unmodified.

    bluemonday has been updated to explicitly suppress style and script elements by default even if you do allow them by policy as these are considered unsafe. If you have a use-case for using bluemonday whilst trusting the input then you can assert this via p.AllowUnsafe(true) which will let style and script through if the policy also allows them.

    Note: the policies shipped with bluemonday are not vulnerable to this.

    Fix XSS vulnerability in HTML attribute parsing

    A well crafted HTML attribute had the potential to evade sanitization due to incorrect escaping of the attribute whilst serializing it.

    This version resolves that issue. In doing so it will also correctly use &amp; to separate query string values in URLs within HTML attributes (href, src, ...).

    Add SanitizeReaderToWriter(r io.Reader, w io.Writer)

    No release notes provided.

    Policies that accept regexps for matching are now additive

    Thanks to @​KN4CK3R for the contribution of a PR that results in multiple Matching() policies on the same attr and element no longer clobber the previous regexps.

    Improve data-uri base64 handling, and improve docs structure

    No release notes provided.

    Improve support for links on all elements

    Originally I had only concentrated the link validation on the elements that were safe to link. However people do want to allow some unsafe elements and yet still have the benefits of link validation and sanitization, i.e. allow iframe but still have the src safely validated... these changes allow that.

    Additionally I have added tests showing how AllowSchemesWithCustomPolicy can be used to globally allow only links to certain domains, and a test that shows how to apply the AllowAttributes().Matching().OnElements to only allow a given domain on specific elements (i.e. only allow an iframe if is is a YouTube embed).

    AllowComments

    Adds a new func to allow HTML comments to be allowed. But does not allow CDATA comments which will be treated as plain HTML comments.

    Also updates the readme, and the versions of the dependencies that have also updated.

    Update x/net to latest version

    As per https://nvd.nist.gov/vuln/detail/CVE-2020-28852

    Restore support for go < 1.10

    No release notes provided.

    ... (truncated)

    Commits
    • c788a2a Prevent a HTML sanitization vulnerability
    • 13d1799 go fmt with go 1.17
    • cada0f0 Merge pull request #128 from 6543-forks/ci-enforce-code-format
    • 7e9370a CI.restart()
    • be04ac9 enforce "lf" line ending
    • 9926455 Add "Check Code Formation" step to CI
    • 1b5510c add "fmt-check" make target
    • 1a86fcd go mod tidy && go fmt
    • f0057e2 Fix escaping of HTML attributes
    • c0a6f20 Spelling mistakes and whitespace are OK
    • Additional commits viewable in compare view

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
    • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
    • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
    • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

    You can disable automated security fix PRs for this repo from the Security Alerts page.

  • Bump url-parse from 1.4.7 to 1.5.3

    Bump url-parse from 1.4.7 to 1.5.3

    Bumps url-parse from 1.4.7 to 1.5.3.

    Commits
    • ad44493 [dist] 1.5.3
    • c798461 [fix] Fix host parsing for file URLs (#210)
    • 201034b [dist] 1.5.2
    • 2d9ac2c [fix] Sanitize only special URLs (#209)
    • fb128af [fix] Use 'null' as origin for non special URLs
    • fed6d9e [fix] Add a leading slash only if the URL is special
    • 94872e7 [fix] Do not incorrectly set the slashes property to true
    • 81ab967 [fix] Ignore slashes after the protocol for special URLs
    • ee22050 [ci] Use GitHub Actions
    • d2979b5 [fix] Special case the file: protocol (#204)
    • Additional commits viewable in compare view

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
    • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
    • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
    • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

    You can disable automated security fix PRs for this repo from the Security Alerts page.

  • Bump url-parse from 1.4.7 to 1.5.1

    Bump url-parse from 1.4.7 to 1.5.1

    Bumps url-parse from 1.4.7 to 1.5.1.

    Commits

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
    • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
    • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
    • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

    You can disable automated security fix PRs for this repo from the Security Alerts page.

  • Bump highlight.js from 9.18.1 to 10.1.2

    Bump highlight.js from 9.18.1 to 10.1.2

    Bumps highlight.js from 9.18.1 to 10.1.2.

    Release notes

    Sourced from highlight.js's releases.

    10.1.2

    Fixes:

    • fix(night) Prevent object prototype values from being returned by getLanguage (#2636) night

    10.1.1

    Fixes:

    • Resolve issue on Node 6 due to dangling comma (#2608) [Edwin Hoogerbeets][]
    • Resolve index.d.ts is not a module error (#2603) [Josh Goebel][]

    10.1.0

    Just your typical minor release. Plenty of fixes and enhancements, few new themes.

    Some deprecations language maintainers might want to pay attention to:

    • htmlbars grammar is now deprecated. Use handlebars instead. (#2344) [Nils Knappmeier][]
    • when using highlightBlock result.re deprecated. Use result.relevance instead. (#2552) [Josh Goebel][]
    • ditto for result.second_best.re => result.second_best.relevance (#2552)
    • lexemes is now deprecated in favor of keywords.$pattern key (#2519) [Josh Goebel][]
    • endSameAsBegin is now deprecated. (#2261) [Josh Goebel][]

    10.0.2

    Fixes a serious potential freeze/infinite loop issue. Everyone on version 10 should upgrade.

    • Remove support for AMD module loading, which never truly worked properly anyways.

    10.0.1

    Fixes: sublanguage with no rule matches causes text to disappear in final output. (#2506).

    10.0.0

    Welcome to version 10.0. This a major release and therefore will contain breaking changes.

    Breaking Changes

    Our normal minor releases try to never break anything, holding all breaking changes for major releases. We tried to squeeze in as many as we could this time so that after 10.0 ships we'll be back to quiet sailing for a while before we need to push version 11. That said, we're very conservative about what we consider a breaking change.

    i.e., if there it could possibly break things for anyone, it's typically a breaking change. The fact is a vast majority of users should upgrade and probably not notice any changes at all.

    See VERSION_10_BREAKING_CHANGES.md for a comprehensive list of breaking changes, but here is a summary... if you use:

    Core highlight.js lib on the client (with no extra CDN languages)

    Just keep doing that.

    • If you're using darkula.css, you'll need to change that to darcula.css

    ... (truncated)

    Changelog

    Sourced from highlight.js's changelog.

    Version 10.1.2

    Fixes:

    • fix(night) Prevent object prototype values from being returned by getLanguage (#2636) night

    Version 10.1.1

    Fixes:

    Version 10.1.0

    New themes:

    • NNFX and NNFX-dark by [Jim Mason][]
    • lioshi by [lioshi][]

    Parser Engine:

    • (parser) Now escapes quotes in text content when escaping HTML (#2564) Josh Goebel
    • (parser) Adds keywords.$pattern key to grammar definitions (#2519) Josh Goebel
    • (parser) Adds SHEBANG utility mode Josh Goebel
    • (parser) Adds registerAliases method (#2540) [Taufik Nurrohman][]
    • (enh) Added on:begin callback for modes (#2261) Josh Goebel
    • (enh) Added on:end callback for modes (#2261) Josh Goebel
    • (enh) Added ability to programatically ignore begin and end matches (#2261) Josh Goebel
    • (enh) Added END_SAME_AS_BEGIN mode to replace endSameAsBegin parser attribute (#2261) Josh Goebel
    • (fix) fixMarkup would rarely destroy markup when useBR was enabled (#2532) Josh Goebel

    Deprecations:

    • htmlbars grammar is now deprecated. Use handlebars instead. (#2344) [Nils Knappmeier][]
    • when using highlightBlock result.re deprecated. Use result.relevance instead. (#2552) Josh Goebel
    • ditto for result.second_best.re => result.second_best.relevance (#2552)
    • lexemes is now deprecated in favor of keywords.$pattern key (#2519) Josh Goebel
    • endSameAsBegin is now deprecated. (#2261) Josh Goebel

    Language Improvements:

    • fix(groovy) strings are not allowed inside ternary clauses (#2217) Josh Goebel

    ... (truncated)

    Commits
    • edd73d2 bump v10.1.2
    • 7241013 (parser) use null prototype objects for languages/aliases (#2636)
    • 93fd0d7 bump v10.1.1; (chore) add changelog for 10.1.1
    • c5783d2 (chore) clean up types just a little
    • a4ee4e4 (chore) declare ambient modules for lib/core & languges
    • 0656588 (chore) removed dangling comma (#2612)
    • b1bce6e (chore) more import below metadata comment
    • 74de6ea (chore) bump copyright
    • b2d19b0 bump v10.1.0
    • 84f7fa3 (chore) upgrade some dev stuff to newer versions
    • Additional commits viewable in compare view
    Maintainer changes

    This version was pushed to npm by isagalaev, a new releaser for highlight.js since your current version.


    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
    • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
    • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
    • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

    You can disable automated security fix PRs for this repo from the Security Alerts page.

  • Bump elliptic from 6.5.2 to 6.5.3

    Bump elliptic from 6.5.2 to 6.5.3

    Bumps elliptic from 6.5.2 to 6.5.3.

    Commits

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
    • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
    • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
    • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

    You can disable automated security fix PRs for this repo from the Security Alerts page.

  • Bump lodash from 4.17.15 to 4.17.19

    Bump lodash from 4.17.15 to 4.17.19

    Bumps lodash from 4.17.15 to 4.17.19.

    Release notes

    Sourced from lodash's releases.

    4.17.16

    Commits
    Maintainer changes

    This version was pushed to npm by mathias, a new releaser for lodash since your current version.


    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
    • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
    • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
    • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

    You can disable automated security fix PRs for this repo from the Security Alerts page.

  • Bump lodash from 4.17.11 to 4.17.14

    Bump lodash from 4.17.11 to 4.17.14

    Bumps lodash from 4.17.11 to 4.17.14.

    Commits

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot ignore this [patch|minor|major] version will close this PR and stop Dependabot creating any more for this minor/major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
    • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
    • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
    • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

    You can disable automated security fix PRs for this repo from the Security Alerts page.

  • Bump websocket-extensions from 0.1.3 to 0.1.4

    Bump websocket-extensions from 0.1.3 to 0.1.4

    Bumps websocket-extensions from 0.1.3 to 0.1.4.

    Changelog

    Sourced from websocket-extensions's changelog.

    0.1.4 / 2020-06-02

    • Remove a ReDoS vulnerability in the header parser (CVE-2020-7662, reported by Robert McLaughlin)
    • Change license from MIT to Apache 2.0
    Commits
    • 8efd0cd Bump version to 0.1.4
    • 3dad4ad Remove ReDoS vulnerability in the Sec-WebSocket-Extensions header parser
    • 4a76c75 Add Node versions 13 and 14 on Travis
    • 44a677a Formatting change: {...} should have spaces inside the braces
    • f6c50ab Let npm reformat package.json
    • 2d211f3 Change markdown formatting of docs.
    • 0b62083 Update Travis target versions.
    • 729a465 Switch license to Apache 2.0.
    • See full diff in compare view

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
    • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
    • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
    • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

    You can disable automated security fix PRs for this repo from the Security Alerts page.

  • Bump jquery from 3.4.1 to 3.5.0

    Bump jquery from 3.4.1 to 3.5.0

    Bumps jquery from 3.4.1 to 3.5.0.

    Commits
    • 7a0a850 3.5.0
    • 8570a08 Release: Update AUTHORS.txt
    • da3dd85 Ajax: Do not execute scripts for unsuccessful HTTP responses
    • 065143c Ajax: Overwrite s.contentType with content-type header value, if any
    • 1a4f10d Tests: Blacklist one focusin test in IE
    • 9e15d6b Event: Use only one focusin/out handler per matching window & document
    • 966a709 Manipulation: Skip the select wrapper for <option> outside of IE 9
    • 1d61fd9 Manipulation: Make jQuery.htmlPrefilter an identity function
    • 04bf577 Selector: Update Sizzle from 2.3.4 to 2.3.5
    • 7506c9c Build: Resolve Travis config warnings
    • Additional commits viewable in compare view
    Maintainer changes

    This version was pushed to npm by mgol, a new releaser for jquery since your current version.


    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
    • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
    • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
    • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

    You can disable automated security fix PRs for this repo from the Security Alerts page.

  • Bump express from 4.17.1 to 4.18.2

    Bump express from 4.17.1 to 4.18.2

    Bumps express from 4.17.1 to 4.18.2.

    Release notes

    Sourced from express's releases.

    4.18.2

    4.18.1

    • Fix hanging on large stack of sync routes

    4.18.0

    ... (truncated)

    Changelog

    Sourced from express's changelog.

    4.18.2 / 2022-10-08

    4.18.1 / 2022-04-29

    • Fix hanging on large stack of sync routes

    4.18.0 / 2022-04-25

    ... (truncated)

    Commits

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
    • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
    • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
    • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

    You can disable automated security fix PRs for this repo from the Security Alerts page.

  • Bump qs and express

    Bump qs and express

    Bumps qs and express. These dependencies needed to be updated together. Updates qs from 6.7.0 to 6.11.0

    Changelog

    Sourced from qs's changelog.

    6.11.0

    • [New] [Fix] stringify: revert 0e903c0; add commaRoundTrip option (#442)
    • [readme] fix version badge

    6.10.5

    • [Fix] stringify: with arrayFormat: comma, properly include an explicit [] on a single-item array (#434)

    6.10.4

    • [Fix] stringify: with arrayFormat: comma, include an explicit [] on a single-item array (#441)
    • [meta] use npmignore to autogenerate an npmignore file
    • [Dev Deps] update eslint, @ljharb/eslint-config, aud, has-symbol, object-inspect, tape

    6.10.3

    • [Fix] parse: ignore __proto__ keys (#428)
    • [Robustness] stringify: avoid relying on a global undefined (#427)
    • [actions] reuse common workflows
    • [Dev Deps] update eslint, @ljharb/eslint-config, object-inspect, tape

    6.10.2

    • [Fix] stringify: actually fix cyclic references (#426)
    • [Fix] stringify: avoid encoding arrayformat comma when encodeValuesOnly = true (#424)
    • [readme] remove travis badge; add github actions/codecov badges; update URLs
    • [Docs] add note and links for coercing primitive values (#408)
    • [actions] update codecov uploader
    • [actions] update workflows
    • [Tests] clean up stringify tests slightly
    • [Dev Deps] update eslint, @ljharb/eslint-config, aud, object-inspect, safe-publish-latest, tape

    6.10.1

    • [Fix] stringify: avoid exception on repeated object values (#402)

    6.10.0

    • [New] stringify: throw on cycles, instead of an infinite loop (#395, #394, #393)
    • [New] parse: add allowSparse option for collapsing arrays with missing indices (#312)
    • [meta] fix README.md (#399)
    • [meta] only run npm run dist in publish, not install
    • [Dev Deps] update eslint, @ljharb/eslint-config, aud, has-symbols, tape
    • [Tests] fix tests on node v0.6
    • [Tests] use ljharb/actions/node/install instead of ljharb/actions/node/run
    • [Tests] Revert "[meta] ignore eclint transitive audit warning"

    6.9.7

    • [Fix] parse: ignore __proto__ keys (#428)
    • [Fix] stringify: avoid encoding arrayformat comma when encodeValuesOnly = true (#424)
    • [Robustness] stringify: avoid relying on a global undefined (#427)
    • [readme] remove travis badge; add github actions/codecov badges; update URLs
    • [Docs] add note and links for coercing primitive values (#408)
    • [Tests] clean up stringify tests slightly
    • [meta] fix README.md (#399)
    • Revert "[meta] ignore eclint transitive audit warning"

    ... (truncated)

    Commits
    • 56763c1 v6.11.0
    • ddd3e29 [readme] fix version badge
    • c313472 [New] [Fix] stringify: revert 0e903c0; add commaRoundTrip option
    • 95bc018 v6.10.5
    • 0e903c0 [Fix] stringify: with arrayFormat: comma, properly include an explicit `[...
    • ba9703c v6.10.4
    • 4e44019 [Fix] stringify: with arrayFormat: comma, include an explicit [] on a s...
    • 113b990 [Dev Deps] update object-inspect
    • c77f38f [Dev Deps] update eslint, @ljharb/eslint-config, aud, has-symbol, tape
    • 2cf45b2 [meta] use npmignore to autogenerate an npmignore file
    • Additional commits viewable in compare view

    Updates express from 4.17.1 to 4.18.2

    Release notes

    Sourced from express's releases.

    4.18.2

    4.18.1

    • Fix hanging on large stack of sync routes

    4.18.0

    ... (truncated)

    Changelog

    Sourced from express's changelog.

    4.18.2 / 2022-10-08

    4.18.1 / 2022-04-29

    • Fix hanging on large stack of sync routes

    4.18.0 / 2022-04-25

    ... (truncated)

    Commits

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
    • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
    • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
    • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

    You can disable automated security fix PRs for this repo from the Security Alerts page.

  • Bump decode-uri-component from 0.2.0 to 0.2.2

    Bump decode-uri-component from 0.2.0 to 0.2.2

    Bumps decode-uri-component from 0.2.0 to 0.2.2.

    Release notes

    Sourced from decode-uri-component's releases.

    v0.2.2

    • Prevent overwriting previously decoded tokens 980e0bf

    https://github.com/SamVerschueren/decode-uri-component/compare/v0.2.1...v0.2.2

    v0.2.1

    • Switch to GitHub workflows 76abc93
    • Fix issue where decode throws - fixes #6 746ca5d
    • Update license (#1) 486d7e2
    • Tidelift tasks a650457
    • Meta tweaks 66e1c28

    https://github.com/SamVerschueren/decode-uri-component/compare/v0.2.0...v0.2.1

    Commits

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
    • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
    • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
    • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

    You can disable automated security fix PRs for this repo from the Security Alerts page.

  • Bump loader-utils and webpack-cli

    Bump loader-utils and webpack-cli

    Bumps loader-utils and webpack-cli. These dependencies needed to be updated together. Updates loader-utils from 1.4.0 to 1.4.2

    Release notes

    Sourced from loader-utils's releases.

    v1.4.2

    1.4.2 (2022-11-11)

    Bug Fixes

    v1.4.1

    1.4.1 (2022-11-07)

    Bug Fixes

    Changelog

    Sourced from loader-utils's changelog.

    1.4.2 (2022-11-11)

    Bug Fixes

    1.4.1 (2022-11-07)

    Bug Fixes

    Commits

    Updates webpack-cli from 3.3.11 to 3.3.12

    Changelog

    Sourced from webpack-cli's changelog.

    3.3.12 (2020-06-03)

    Full Changelog

    Commits
    Maintainer changes

    This version was pushed to npm by evilebottnawi, a new releaser for webpack-cli since your current version.


    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
    • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
    • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
    • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

    You can disable automated security fix PRs for this repo from the Security Alerts page.

  • Bump eventsource from 1.0.7 to 1.1.1

    Bump eventsource from 1.0.7 to 1.1.1

    Bumps eventsource from 1.0.7 to 1.1.1.

    Changelog

    Sourced from eventsource's changelog.

    1.1.1

    • Do not include authorization and cookie headers on redirect to different origin (#273 Espen Hovlandsdal)

    1.1.0

    • Improve performance for large messages across many chunks (#130 Trent Willis)
    • Add createConnection option for http or https requests (#120 Vasily Lavrov)
    • Support HTTP 302 redirects (#116 Ryan Bonte)
    • Prevent sequential errors from attempting multiple reconnections (#125 David Patty)
    • Add new to correct test (#111 Stéphane Alnet)
    • Fix reconnections attempts now happen more than once (#136 Icy Fish)
    Commits
    • aa7a408 1.1.1
    • 56d489e chore: rebuild polyfill
    • 4a951e5 docs: update history for 1.1.1
    • f9f6416 fix: strip sensitive headers on redirect to different origin
    • 9dd0687 1.1.0
    • 49497ba Update history for 1.1.0 (#146)
    • 3a38537 Update history for #136
    • 46fe04e Merge pull request #136 from icy-fish/master
    • 9a4190f Fix issue: reconnection only happends for 1 time after connection drops
    • 61e1b19 test: destroy both proxied request and response on close
    • Additional commits viewable in compare view

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
    • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
    • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
    • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

    You can disable automated security fix PRs for this repo from the Security Alerts page.

Swagger + Gin = SwaGin, a web framework based on Gin and Swagger
Swagger + Gin = SwaGin, a web framework based on Gin and Swagger

Swagger + Gin = SwaGin Introduction SwaGin is a web framework based on Gin and Swagger, which wraps Gin and provides built-in swagger api docs and req

Dec 30, 2022
Swagger + Gin = SwaGin, a web framework based on Gin and Swagger
Swagger + Gin = SwaGin, a web framework based on Gin and Swagger

Swagger + Gin = SwaGin Introduction SwaGin is a web framework based on Gin and Swagger, which wraps Gin and provides built-in swagger api docs and req

Dec 30, 2022
Gin is a HTTP web framework written in Go (Golang).
Gin is a HTTP web framework written in Go (Golang).

Gin is a HTTP web framework written in Go (Golang). It features a Martini-like API with much better performance -- up to 40 times faster. If you need smashing performance, get yourself some Gin.

Jan 3, 2023
golang crud restful api with gorm , gin and mysql DB

crud restful api with golang , gorm , gin and mysql this api does a simple CRUD operations on a single table mysql Database . this is build on top off

Feb 26, 2022
Opinionated Go starter with gin for REST API, logrus for logging, viper for config with added graceful shutdown

go-gin-starter An opinionated starter for Go Backend projects using: gin-gonic/gin as the REST framework logrus for logging viper for configs Docker f

Dec 2, 2022
Rocinante is a gin inspired web framework built on top of net/http.

Rocinante Rocinante is a gin inspired web framework built on top of net/http. ⚙️ Installation $ go get -u github.com/fskanokano/rocinante-go ⚡️ Quicks

Jul 27, 2021
The jin is a simplified version of the gin web framework that can help you quickly understand the core principles of a web framework.

jin About The jin is a simplified version of the gin web framework that can help you quickly understand the core principles of a web framework. If thi

Jul 14, 2022
Template/Starter code for Go application with Gin, System Tray, Gorm, Air, Swagger, JWT

gin-systray-starter Starter code for Go application with Gin, System Tray, Gorm, Air, Swagger, JWT systray, https://github.com/getlantern/systray gin,

Sep 16, 2022
go gin rest api

go-gin-rest-api-f1 go-gin-rest-api Tutorial from: https://golang.org/doc/tutorial/web-service-gin I just used F1 Drivers. go get . to get gin go run .

Oct 20, 2021
Example Golang API backend rest implementation mini project Point Of Sale using Gin Framework and Gorm ORM Database.

Example Golang API backend rest implementation mini project Point Of Sale using Gin Framework and Gorm ORM Database.

Dec 23, 2022
A gin-like simple golang web framework.

webgo A gin-like simple golang web framework.

Aug 24, 2022
Building basic API with go, gin and gorm

Project Description Terima kasih sudah berkunjung ke halaman repositori ini, repositori ini berisi basic RESTFUL API dengan menggunakan teknologi seba

Nov 20, 2021
A gin-like simple golang web framework.

A gin-like simple golang web framework.

Aug 24, 2022
GOLF(Go Light Filter), golf dependents Gorm and Gin.

GOLF (WIP) GOLF(Go Light Filter), golf dependents Gorm and Gin. golf can help you build model query as fast as,build model query like Django Rest Fram

Dec 12, 2021
Timeout handler for http request in Gin framework

Middleware to Handle Request Timeout in Gin Installation Installation go get github.com/s-wijaya/gin-timeout Import it in your code: import ( // o

Dec 14, 2021
Gin middleware/handler to enable CORS support.

wcors Gin middleware/handler to enable CORS support. Usage Start using it Download and install it: go get github.com/wyy-go/wcors Import it in your co

Jan 8, 2022
Percobaan membuat API dengan Golang menggunakan web framework Gin dan Swagger docs.
Percobaan membuat API dengan Golang menggunakan web framework Gin dan Swagger docs.

Percobaan Gin Framework Percobaan membuat API dengan bahasa Go-lang. Tech Stack Gin - Web framework Gin Swaggo - Swagger Docs integration for Gin web

Feb 11, 2022
Gin-errorhandling - Gin Error Handling Middleware is a middleware for the popular Gin framework

Gin Error Handling Middleware Gin Error Handling Middleware is a middleware for

Sep 19, 2022
🚩 TOC, zero configuration table of content generator for Markdown files, create table of contents from any Markdown file with ease.
🚩 TOC, zero configuration table of content generator for Markdown files, create table of contents from any Markdown file with ease.

toc toc TOC, table of content generator for Markdown files Table of Contents Table of Contents Usage Installation Packages Arch Linux Homebrew Docker

Dec 29, 2022
Markdown - Markdown converter for golang

markdown ?? Talks ?? Join ?? Youtube ❤️ Sponsor Install via nami nami install ma

Jun 2, 2022