Update raml-1-parser to newer version

[danielwpz]

raml-1-parser older than 1.1.40 is using marked older than 0.3.7, which has a vulnerability that could enable XSS attack. (markedjs/marked#844).

We are not directly affected by this bug and the latest raml-1-parser has removed marked from their dependencies. But it is worthy to bump the version so that we are specifically using a newer dependency.

[coveralls]

Coverage remained the same at 97.25% when pulling 4ecc22f on marked into 3db55eb on master.

[jstoiko]

@danielwpz: this dependency is referenced using caret ranges. Also, as I pointed out in my PR on the parser, the marked dependency is not used anywhere in the code of the parser, it is used for documentation generation purpose only.

Thanks for the PR anyway, we'll merge it whenever we release a new version of Osprey.

[danielwpz]

@jstoiko hey thanks for the timely reply! In practice, you're absolutely right, but using a vulnerable dependency will prevent osprey from passing lots of security scanning. Since we are aware of this, there is no reason why not just update the dep :)

[jstoiko]

Not sure what "security scanning" you are referring to but if I install Osprey now, it does install [email protected] and doesn't even install marked since it was removed from the dependencies of the RAML parser. That's the benefit of using caret ranges to define dependencies.

$ npm I osprey
+ [email protected]
added 205 packages in 8.683s

$ npm list | grep raml-1-parser
  ├─┬ [email protected]

$ npm list | grep marked