search

gjtorikian / commonmarker

Ruby wrapper for the comrak (CommonMark parser) Rust crate
MIT License
416 stars 80 forks source link

Update GFM release to `0.29.0.gfm.2` #148

Closed phillmv closed 2 years ago

phillmv commented 2 years ago

Hey @gjtorikian!

We just pushed a new release to cmark-gfm, and it'd be cool to be able to use it in commonmarker. Looking over at the changes introduced, looks like we'll also be including changes introduced0.29.0.gfm.1, which fixes a security vulnerability.

I generated this PR via the following:

$ git clone --recurse-submodules git@github.com:gjtorikian/commonmarker.git
$ git checkout -b update-to-0290gfm2
  # first, comment out the `git pull` line in ./script/update_submodules,
  # cos I'm referencing a tag & it gave an error
$ ./script/update_submodules 0.29.0.gfm.2
$ git remote add phillmv git@github.com:phillmv/commonmarker.git
$ git push phillmv update-to-0290gfm2

and then opened this PR.

Skimming the diff, this seems to have worked just fine and dandy; all the footnote changes I've worked in have made it in.

In addition, it looks like:

are associated with this pull request https://github.com/github/cmark-gfm/commit/85d895289c5ab67f988ca659493a64abb5fec7b4

Thanks for taking a look!

edit: I realized that of course there was a footnotes test. I fixed the output check for .to_html/render_html but figured that updating the HtmlRenderer could be left outside of the scope of this PR.

I also took the liberty of bumping the version to 0.23.2, on the assumption that there is no major API change from commonmarker's POV.

gjtorikian commented 2 years ago

Wow, sweet--thank you very much.

@phillmv Since presumably GitHub still uses this, do you want write access to this repo and the gem?

phillmv commented 2 years ago

@gjtorikian thank you! much obliged.

@phillmv Since presumably GitHub still uses this, do you want write access to this repo and the gem?

Sure, I'll take it. Here's my newly created rubygems account.

This is where I confess I that I did most of this work in my free time, and that whoever will worry about this in the future will probably not be me. In the long term, we'll have to do something so no one has to bother y'all to get releases out, but in the short term giving me write access will paper over any gaps.

Thanks again, @gjtorikian & @kivikakk!

Ps. I've put in a note re: sponsorship but alas i haven't control of the purse strings.

digitalmoksha commented 2 years ago

Cool, thanks @phillmv and @gjtorikian! Any possibility of pushing a new version of the gem?

phillmv commented 2 years ago

@digitalmoksha I thought @gjtorikian just pushed it? see 0.23.2 -> https://rubygems.org/gems/commonmarker/versions/0.23.2

digitalmoksha commented 2 years ago

@phillmv yep your'e right 🤦 I was looking at the Releases page

Perfect, thanks!

gjtorikian commented 2 years ago

Ps. I've put in a note re: sponsorship but alas i haven't control of the purse strings.

Well, thank you for trying. <3