fix: Bump higlightjs to v10

[Romakita]

Hello team,

I added support of the highlight.js v10 to solve the following issue: #14

I added also the github action configuration to run unit test, because travis is very slow!

Github action result: https://github.com/Romakita/helper-markdown/actions/runs/523090163

See you
Romain

[joshgoebel]

At a glance if all the tests still pass and the coverage is reasonable I'd say this was an easy upgrade and assume the integration is pretty usual. Glad to see this.

[Romakita]

Hello @almeidap @hariadi @jonschlinkert
Can you merge this PR please :)?

[rootwork]

Another request to please merge this so we can finally be done with #14 and the security vulnerability.

Anything depending on helper-markdown has included a depreciation notice on npm/yarn install since Nov. 2020: highlightjs/highlight.js#2882 (comment)

[joshgoebel]

Highlight.js version 11 was just released.

[eduwardo]

Verion 9 of Highlight.js has reached EOL.  It will no longer
  be supported or receive security updates in the future.
  Please upgrade to version 10 or encourage your indirect
  dependencies to do so.

Can this pull be merged? @jonschlinkert @almeidap

[joshgoebel]

FYI: The v10 series is no longer supported and has been superseded by the very stable v11 series.

[Romakita]

@doowb @joshgoebel are you able to merge this PR?

[joshgoebel]

I'm just the maintainer of Highlight.js, I have no involvement with helpers... I'd this point I'd say this library appears unmaintained... as v9 and v10 are BOTH no longer supported versions...

[Romakita]

@joshgoebel sorry, just a mistake when I mentionned the people.
@jonschlinkert @doowb Have you a time time on the right buton please ^^ or tell us how we can help you on this task.
Personnally I won’t update this PR if you are not able to help us…

[rootwork]

This package hasn't been updated in 5+ years, so at this point I assume it's unmaintained.

Open-source maintainers don't owe us anything of course, but if they do read this it would be helpful to officially mark this as unmaintained (and maybe archive the repo) so it's clear there won't be any further development or security updates.

[Romakita]

The problem is this package is used by another module maintained by your team.

https://github.com/helpers/handlebars-helpers/blob/master/package.json#L8

I understand your point - because I’m also maintainer - maintain packages up to date is complicated.

If you archive this repository it must be the same for all repositories maintained in this organism. Especially for this package:

https://github.com/helpers/handlebars-helpers/blob/master/package.json#L8

Another solution is to add people to help you, for the security update.
One question: the module release on npm is automatic or not?

Also, move all repository in one mono-repository using NPM or Yarn will help you and future contributor/maintainer for any update. I can help you for that :)

See you
Romain

[rootwork]

True, but handlebars-helpers hasn't been updated in 4+ years so I'd say it's probably unmaintained too. I used to use it (that's how, like you, I ended up on this issue) but migrated away from it for this reason. FWIW it's pretty easy to pull whatever functions you need out of it and set them up directly in your own code.

[Romakita]

@rootwork You've right, it's easy and I'm not really concerned by this package. The problem is about the security warning discussed here #14. If you use the handlebar-helpers, you'll have the security warning even if you don't use handlebars-markdown.

it's a shame to see that the PRs proposed by the community are no longer merged... We can help @jonschlinkert @doowb for that... if they take the time to answer :)