Update Mistune and add escape parameter

[Bass-03]

I noticed mistune was pinned to version 0.8.4, I updated it to v 3.0.1 (which covers https://github.com/iamjackg/md2cf/pull/81 and https://github.com/iamjackg/md2cf/issues/82 ((sorry))), all tests passing too.

While at it, I added the escape parameter mentioned on https://github.com/iamjackg/md2cf/issues/34, which enables the rendering of quotes and other symbols instead of html escaped symbols. I added that to the library but not to the CLI, the default is to not escape HTML stuff.

My main goal is to be able to get unescaped HTML, mainly for linking other confluence pages and maybe adding macros as mentioned on https://github.com/iamjackg/md2cf/issues/34, But I though the new Mistune could handle it, let's see if that works.

[schneiderl]

Hey @Bass-03 Thanks a lot for this.

@iamjackg Any way we can get this merged upstream and released?

In Mistune through 2.0.2, there is a Regular Expression Denial of Service (ReDoS) flaw. From CVE-2022-34749:

In mistune through 2.0.2, support of inline markup is implemented by using regular expressions that can involve a high amount of backtracking on certain edge cases. This behavior is commonly named catastrophic backtracking.

[schneiderl]

Thank you both for looking into this.

And thank you @iamjackg for the tool, it is very helpful 😄

[schneiderl]

Hey @iamjackg @Bass-03

Any updates on this? I'm happy to hop in and make any changes if necessary.

[Bass-03]

hey @schneiderl I think I did all changes needed, we are waiting for review