Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

chore(deps-dev): bump commonmark from 0.28.1 to 0.29.1 #72

Closed

Conversation

dependabot-preview[bot]
Copy link

Bumps commonmark from 0.28.1 to 0.29.1.

Release notes

Sourced from commonmark's releases.

commonmark.js 0.29.1

  • Export Renderer (#162, Federico Ramirez). Export the Renderer class so consumers can use it as a base class for their own custom Renderer's. [API change]
  • Fix end source position for fenced code and raw HTML (#141).
  • Ensure that \ is treated as punctuation character (#161).
  • Remove redundant token from reHtmlBlockOpen (Vas Sudanagunta).
  • Remove unused variable reWhitespace.
  • Don't decode url before encoding it again (Daniel Berndt).
  • Don't allow link destinations with unbalanced unescaped parens (#177).
  • Don't put quote delims on stack if not --smart.
  • Don't add to delim stack if !can_open && !can_close (#172).
  • Remove no longer used argument to escapeXml (#169, Robin Stocker).
  • Avoid numerical conversion for file names in argv (#164, Alex Kocharin).
  • Adapt existing encoding-based regression test and add %25-based regression test (Daniel Berndt).
  • Add pathological test for #172 illustrating quadratic time bug.
  • Fix pathological case commonmark/cmark#178.
  • Add pathological test for cmark#178.
  • Dingus: remove debugging console.log.
  • Sync .editorconfig indent_size to actual (#178, Vas Sudanagunta).
  • Add lint rule for unused variables
  • Apply npm audit suggestions.
  • Fixed invalid package.json dependency entries (Vas Sudanagunta).

commonmark.js 0.29.0

  • Update spec to 0.29.
  • Fix parsing of setext headers after reference link definitions.
  • Fix code span normalization to conform to spec change.
  • Allow empty destinations in link refs. See commonmark/commonmark#172.
  • Update link destination parsing.
  • dingus: add dependency version requirements (#159, Vas Sudanagunta). Dingus was rendering incorrectly with Bootstrap 4. Added a bower.json which requires Bootstrap, jQuery and Lodash with major version equal to what's currently live. Likewise the minimum patch version.
  • package.json: Add version for bower in devDependencies.
  • package.json - use ^ operator for versions.
  • Allow internal delim runs to match if both have lengths that are multiples of 3. See commonmark/commonmark#528.
  • Remove now unused 'preserve_entities' option on escapeXml. This was formerly used (incorrectly) in the HTML renderer. It isn't needed any more. [API change]
  • html renderer: Don't preserve entities when rendering href, src, title, info string. This gives rise to double-encoding errors, when the original markdown is e.g. :, since the commonmark reader already unescapes entities. Thanks to Sebastiaan Knijnenburg for noticing this.
  • More efficient checking for loose lists. This fixes a case like commonmark/cmark#284.
  • Disallow unescaped ( in parenthesized link title.
  • Add pathological test (Parsing '[ (]([ (]([ (]([ (](...' takes quadratic time commonmark/cmark#285).
  • Comment out failing pathological test for now.
  • Add pathological tests for #157.
  • Fix two exponential regex backtracking vulnerabilities (#157, Anders Kaseorg). ESCAPED_CHAR already matches \\, so matching it again in another alternative was causing exponential complexity explosion. This makes the following behavior changes: [foo\\\] is no longer incorrectly accepted as a link reference. <foo\> is no longer incorrectly accepted as an angle-bracketed link destination.
  • package.json: require lodash >= 4.17.11.
  • Require cached-path-relative >= 1.0.2. This fixes a security vulnerability, but it's only in the dev dependencies.
  • Update fenced block parsing for spec change.
  • Require space before title in reference link. See commonmark/cmark#263.
  • Update code span normalization for spec change.
  • Removed meta from list of block tags. See commonmark/CommonMark#527.
... (truncated)
Changelog

Sourced from commonmark's changelog.

[0.29.1]

  • Export Renderer (#162, Federico Ramirez). Export the Renderer class so consumers can use it as a base class for their own custom Renderer's. [API change]
  • Fix end source position for fenced code and raw HTML (#141).
  • Ensure that \ is treated as punctuation character (#161).
  • Remove redundant token from reHtmlBlockOpen (Vas Sudanagunta).
  • Remove unused variable reWhitespace.
  • Don't decode url before encoding it again (Daniel Berndt).
  • Don't allow link destinations with unbalanced unescaped parens (#177).
  • Don't put quote delims on stack if not --smart.
  • Don't add to delim stack if !can_open && !can_close (#172).
  • Remove no longer used argument to escapeXml (#169, Robin Stocker).
  • Avoid numerical conversion for file names in argv (#164, Alex Kocharin).
  • Adapt existing encoding-based regression test and add %25-based regression test (Daniel Berndt).
  • Add pathological test for #172 illustrating quadratic time bug.
  • Fix pathological case commonmark/cmark#178.
  • Add pathological test for cmark#178.
  • Dingus: remove debugging console.log.
  • Sync .editorconfig indent_size to actual (#178, Vas Sudanagunta).
  • Add lint rule for unused variables
  • Apply npm audit suggestions.
  • Fixed invalid package.json dependency entries (Vas Sudanagunta).

[0.29.0]

  • Update spec to 0.29.
  • Fix parsing of setext headers after reference link definitions.
  • Fix code span normalization to conform to spec change.
  • Allow empty destinations in link refs. See commonmark/commonmark#172.
  • Update link destination parsing.
  • dingus: add dependency version requirements (#159, Vas Sudanagunta). Dingus was rendering incorrectly with Bootstrap 4. Added a bower.json which requires Bootstrap, jQuery and Lodash with major version equal to what's currently live. Likewise the minimum patch version.
  • package.json: Add version for bower in devDependencies.
  • package.json - use ^ operator for versions.
  • Allow internal delim runs to match if both have lengths that are multiples of 3. See commonmark/commonmark#528.
  • Remove now unused 'preserve_entities' option on escapeXml. This was formerly used (incorrectly) in the HTML renderer. It isn't needed any more. [API change]
  • html renderer: Don't preserve entities when rendering href, src, title, info string. This gives rise to double-encoding errors, when the original markdown is e.g. &amp;colon;, since the commonmark reader already unescapes entities. Thanks to Sebastiaan Knijnenburg for noticing this.
  • More efficient checking for loose lists.
... (truncated)
Commits
  • 2feaec3 New dist.
  • b916820 Bump version to 0.29.1.
  • 1f5a827 Fix end source position for fenced code and raw HTML.
  • 94ad030 Apply npm audit suggestions.
  • 3465f27 Fixed invalid package.json dependency entries.
  • 0a304ac Merge pull request #181 from vassudanagunta/tiny-patch
  • aee219e Remove unused variable reWhitespace.
  • 5c5623a Add lint rule for unused variables
  • cd03322 Merge pull request #179 from danielberndt/patch-1
  • edd1f4a do not require decode, as it's not needed any more
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
  • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
  • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
  • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language
  • @dependabot badge me will comment on this PR with code to add a "Dependabot enabled" badge to your readme

Additionally, you can set the following in your Dependabot dashboard:

  • Update frequency (including time of day and day of week)
  • Pull request limits (per update run and/or open at any time)
  • Out-of-range updates (receive only lockfile updates, if desired)
  • Security updates (receive only security updates, if desired)

@dependabot-preview dependabot-preview bot added the dependencies Pull requests that update a dependency file label Jan 10, 2020
@dependabot-preview
Copy link
Author

Superseded by #158.

@dependabot-preview dependabot-preview bot deleted the dependabot/npm_and_yarn/commonmark-0.29.1 branch September 11, 2020 05:01
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
dependencies Pull requests that update a dependency file
Projects
None yet
Development

Successfully merging this pull request may close these issues.

0 participants