Update dev-dependencies

Author: wooorm

lib/index.js

@@ -226,7 +226,7 @@ const own = {}.hasOwnProperty
  */
 export function sanitize(node, options) {
   /** @type {Nodes} */
-  let ctx = {type: 'root', children: []}
+  let result = {type: 'root', children: []}
 
   /** @type {State} */
   const state = {
@@ -238,16 +238,16 @@ export function sanitize(node, options) {
   if (replace) {
     if (Array.isArray(replace)) {
       if (replace.length === 1) {
-        ctx = replace[0]
+        result = replace[0]
       } else {
-        ctx.children = replace
+        result.children = replace
       }
     } else {
-      ctx = replace
+      result = replace
     }
   }
 
-  return ctx
+  return result
 }
 
 /**
@@ -356,7 +356,7 @@ function element(state, unsafe) {
   const content = /** @type {Array<ElementContent>} */ (
     children(state, unsafe.children)
   )
-  const props = properties(state, unsafe.properties)
+  const properties_ = properties(state, unsafe.properties)
 
   state.stack.pop()
 
@@ -395,7 +395,7 @@ function element(state, unsafe) {
   const node = {
     type: 'element',
     tagName: name,
-    properties: props,
+    properties: properties_,
     children: content
   }
 
@@ -501,17 +501,18 @@ function properties(state, properties) {
       : undefined
   const defaults =
     attributes && own.call(attributes, '*') ? attributes['*'] : undefined
-  const props = /** @type {Readonly<Record<string, Readonly<unknown>>>} */ (
-    properties && typeof properties === 'object' ? properties : {}
-  )
+  const properties_ =
+    /** @type {Readonly<Record<string, Readonly<unknown>>>} */ (
+      properties && typeof properties === 'object' ? properties : {}
+    )
   /** @type {Properties} */
   const result = {}
   /** @type {string} */
   let key
 
-  for (key in props) {
-    if (own.call(props, key)) {
-      const unsafe = props[key]
+  for (key in properties_) {
+    if (own.call(properties_, key)) {
+      const unsafe = properties_[key]
       let safe = propertyValue(
         state,
         findDefinition(specific, key),

package.json

@@ -36,28 +36,28 @@
   ],
   "dependencies": {
     "@types/hast": "^3.0.0",
-    "@ungap/structured-clone": "^1.2.0",
+    "@ungap/structured-clone": "^1.0.0",
     "unist-util-position": "^5.0.0"
   },
   "devDependencies": {
-    "@types/node": "^20.0.0",
-    "@types/ungap__structured-clone": "^0.3.0",
+    "@types/node": "^22.0.0",
+    "@types/ungap__structured-clone": "^1.0.0",
     "aria-attributes": "^2.0.0",
-    "c8": "^8.0.0",
+    "c8": "^10.0.0",
     "deepmerge": "^4.0.0",
     "hast-util-from-html": "^2.0.0",
     "hast-util-to-html": "^9.0.0",
-    "hastscript": "^8.0.0",
+    "hastscript": "^9.0.0",
     "html-element-attributes": "^3.0.0",
     "html-tag-names": "^2.0.0",
     "prettier": "^3.0.0",
-    "remark-cli": "^11.0.0",
-    "remark-preset-wooorm": "^9.0.0",
+    "remark-cli": "^12.0.0",
+    "remark-preset-wooorm": "^10.0.0",
     "type-coverage": "^2.0.0",
     "typescript": "^5.0.0",
     "unist-builder": "^4.0.0",
     "unist-util-visit": "^5.0.0",
-    "xo": "^0.56.0"
+    "xo": "^0.59.0"
   },
   "scripts": {
     "prepack": "npm run build && npm run format",
@@ -106,6 +106,7 @@
     "prettier": true,
     "rules": {
       "complexity": "off",
+      "logical-assignment-operators": "off",
       "unicorn/prefer-at": "off"
     }
   }

readme.md

@@ -12,20 +12,20 @@
 
 ## Contents
 
-*   [What is this?](#what-is-this)
-*   [When should I use this?](#when-should-i-use-this)
-*   [Install](#install)
-*   [Use](#use)
-*   [API](#api)
-    *   [`defaultSchema`](#defaultschema)
-    *   [`sanitize(tree[, options])`](#sanitizetree-options)
-    *   [`Schema`](#schema)
-*   [Types](#types)
-*   [Compatibility](#compatibility)
-*   [Security](#security)
-*   [Related](#related)
-*   [Contribute](#contribute)
-*   [License](#license)
+* [What is this?](#what-is-this)
+* [When should I use this?](#when-should-i-use-this)
+* [Install](#install)
+* [Use](#use)
+* [API](#api)
+  * [`defaultSchema`](#defaultschema)
+  * [`sanitize(tree[, options])`](#sanitizetree-options)
+  * [`Schema`](#schema)
+* [Types](#types)
+* [Compatibility](#compatibility)
+* [Security](#security)
+* [Related](#related)
+* [Contribute](#contribute)
+* [License](#license)
 
 ## What is this?
 
@@ -132,11 +132,11 @@ Sanitize a tree.
 
 ###### Parameters
 
-*   `tree` ([`Node`][node])
-    — unsafe tree
-*   `options` ([`Schema`][api-schema], default:
-    [`defaultSchema`][api-default-schema])
-    — configuration
+* `tree` ([`Node`][node])
+  — unsafe tree
+* `options` ([`Schema`][api-schema], default:
+  [`defaultSchema`][api-default-schema])
+  — configuration
 
 ###### Returns
 
@@ -386,8 +386,8 @@ be unsafe (but is fine if you do trust it).
 
 ## Related
 
-*   [`rehype-sanitize`](https://github.com/rehypejs/rehype-sanitize)
-    — rehype plugin
+* [`rehype-sanitize`](https://github.com/rehypejs/rehype-sanitize)
+  — rehype plugin
 
 ## Contribute
 

test/baseline.js

@@ -58,19 +58,19 @@ allAttributes = new Set([...allAttributes].sort())
 
 for (const name of htmlTagNames) {
   /** @type {Record<string, string>} */
-  const props = {}
+  const properties_ = {}
 
   for (const attribute of allAttributes) {
-    props[attribute] = 'x'
+    properties_[attribute] = 'x'
   }
 
-  delete props.type
+  delete properties_.type
 
   if (root.children.length > 0) {
     root.children.push({type: 'text', value: '\n\n'})
   }
 
-  let element = h(name, props, [])
+  let element = h(name, properties_, [])
 
   if (Object.hasOwn(schemaAncestors, name)) {
     const ancestor = schemaAncestors[name][0]
@@ -152,30 +152,30 @@ visit(tree, function (node) {
     )
 
     /** @type {string} */
-    let prop
+    let property
 
-    for (prop in node.properties) {
-      if (Object.hasOwn(node.properties, prop)) {
-        let value = node.properties[prop]
+    for (property in node.properties) {
+      if (Object.hasOwn(node.properties, property)) {
+        let value = node.properties[property]
 
-        if (prop === 'dir' && value === 'auto') {
+        if (property === 'dir' && value === 'auto') {
           continue
         }
 
         if (
           node.tagName === 'img' &&
-          prop === 'style' &&
+          property === 'style' &&
           value === 'max-width: 100%;'
         ) {
           continue
         }
 
-        propertyNamesSeen.add(prop)
+        propertyNamesSeen.add(property)
 
         assert(
-          entries.has(prop),
+          entries.has(property),
           'property `' +
-            prop +
+            property +
             '` was found in GH response (on `' +
             node.tagName +
             '`) but not defined in `schema.attributes` (global or specific to the element)'
@@ -187,9 +187,9 @@ visit(tree, function (node) {
 
         if (value === 'user-content-x') {
           assert(
-            schemaClobber.includes(prop),
+            schemaClobber.includes(property),
             'property `' +
-              prop +
+              property +
               '` was found in GH response (on `' +
               node.tagName +
               '`) with a clobber prefix, but not defined in `schema.clobber`'
@@ -204,36 +204,42 @@ visit(tree, function (node) {
           // Value GH sets it to with a clobber prefix.
           value === 'user-content-x' ||
           // Wrapper for images.
-          (node.tagName === 'a' && prop === 'target' && value === '_blank') ||
-          (node.tagName === 'a' && prop === 'rel' && value === 'noopener') ||
+          (node.tagName === 'a' &&
+            property === 'target' &&
+            value === '_blank') ||
+          (node.tagName === 'a' &&
+            property === 'rel' &&
+            value === 'noopener') ||
           // Footnotes.
           (node.tagName === 'a' &&
-            prop === 'ariaDescribedBy' &&
+            property === 'ariaDescribedBy' &&
             value === 'footnote-label') ||
           (node.tagName === 'a' &&
-            prop === 'href' &&
+            property === 'href' &&
             String(value).startsWith('x-')) ||
           (node.tagName === 'a' &&
-            prop === 'id' &&
+            property === 'id' &&
             String(value).startsWith('user-content-x-')) ||
           (node.tagName === 'a' &&
-            prop === 'className' &&
+            property === 'className' &&
             value === 'data-footnote-backref') ||
           (node.tagName === 'section' &&
-            prop === 'className' &&
+            property === 'className' &&
             value === 'footnotes') ||
           (node.tagName === 'h2' &&
-            prop === 'id' &&
+            property === 'id' &&
             (value === 'footnote-label' ||
               value === 'user-content-footnote-label')) ||
-          (node.tagName === 'h2' && prop === 'className' && value === 'sr-only')
+          (node.tagName === 'h2' &&
+            property === 'className' &&
+            value === 'sr-only')
         ) {
           continue
         }
 
         console.log(
           'Unexpected key `%s` (`%s`) on <%s>',
-          prop,
+          property,
           value,
           node.tagName
         )

test/index.js

@@ -192,12 +192,12 @@ test('`text`', async function (t) {
   })
 
   await t.test('should ignore `text` in `script` elements', async function () {
-    assert.equal(toHtml(sanitize(h('script', u('text', 'alert(1)')))), '')
+    assert.equal(toHtml(sanitize(h('script', {}, u('text', 'alert(1)')))), '')
   })
 
   await t.test('should show `text` in `style` elements', async function () {
     assert.equal(
-      toHtml(sanitize(h('style', u('text', 'alert(1)')))),
+      toHtml(sanitize(h('style', {}, u('text', 'alert(1)')))),
       'alert(1)'
     )
   })
@@ -236,7 +236,7 @@ test('`element`', async function (t) {
 
   await t.test('should ignore unknown elements', async function () {
     assert.deepEqual(
-      sanitize(h('unknown', u('text', 'alert(1)'))),
+      sanitize(h('unknown', {}, u('text', 'alert(1)'))),
       u('text', 'alert(1)')
     )
   })
@@ -860,36 +860,36 @@ function toString() {
 }
 
 /**
- * Test `valid` and `invalid` `url`s in `prop` on `tagName`.
+ * Test `valid` and `invalid` `url`s in `property` on `tagName`.
  *
  * @param {string} tagName
- * @param {string} prop
+ * @param {string} property
  * @param {{valid: Record<string, string>, invalid: Record<string, string>}} all
  */
-function testAllUrls(tagName, prop, all) {
-  testUrls(tagName, prop, all.valid, true)
-  testUrls(tagName, prop, all.invalid, false)
+function testAllUrls(tagName, property, all) {
+  testUrls(tagName, property, all.valid, true)
+  testUrls(tagName, property, all.invalid, false)
 }
 
 /**
- * Test `valid` `url`s in `prop` on `tagName`.
+ * Test `valid` `url`s in `property` on `tagName`.
  *
  * @param {string} tagName
- * @param {string} prop
+ * @param {string} property
  * @param {Record<string, string>} urls
  * @param {boolean} valid
  */
-function testUrls(tagName, prop, urls, valid) {
+function testUrls(tagName, property, urls, valid) {
   /** @type {string} */
   let name
 
   for (name in urls) {
     if (own.call(urls, name)) {
-      const props = {[prop]: urls[name]}
+      const properties_ = {[property]: urls[name]}
 
       assert.deepEqual(
-        sanitize(h(tagName, props)),
-        h(tagName, valid ? props : {}),
+        sanitize(h(tagName, properties_)),
+        h(tagName, valid ? properties_ : {}),
         'should ' + (valid ? 'allow' : 'clean') + ' ' + name
       )
     }