🚨 Your current dependencies have known security vulnerabilities 🚨
This dependency update fixes known security vulnerabilities. Please see the details below and assess their impact carefully. We recommend to merge and deploy this as soon as possible!
Here is everything you need to know about this update. Please take a good look at what changed and the test results before merging this pull request.
Redcarpet is a Ruby library for Markdown processing. In Redcarpet before
version 3.5.1, there is an injection vulnerability which can enable a cross-site
scripting attack. In affected versions no HTML escaping was being performed when
processing quotes. This applies even when the :escape_html option was being used.
Consider <center> as a block-level element (See #702).
Properly provide a third argument to the table_cell callback indicating whether the current cell is part of the header or not.
The previous implementation with two parameters is still supported (See #604 and #605).
Fixes
Match fence char and length when matching closing fence in fenced code blocks (Fixes #208).
Fix anchor generation on titles with ampersands (Fixes #696).
This release mostly ships with bug fixes and tiny improvements.
Improvements
Avoid mutating the options hash passed to a render object (See #663).
Automatically enable the fenced_code_blocks option passing a HTML_TOC object to the Markdown object's constructor since some languages rely on the sharp to comment code (See #451).
Remove the rel and rev attributes from the output generated for footnotes as they don't pass the HTML 5 validation (See #536).
Allow passing Range objects to the nesting_level option to have a higher level of customization for table of contents (See #519):
Depfu will automatically keep this PR conflict-free, as long as you don't add any commits to this branch yourself. You can also trigger a rebase manually by commenting with @depfu rebase.
All Depfu comment commands
@depfu rebase
Rebases against your default branch and redoes this update
@depfu recreate
Recreates this PR, overwriting any edits that you've made to it
@depfu merge
Merges this PR once your tests are passing and conflicts are resolved
@depfu close
Closes this PR and deletes the branch
@depfu reopen
Restores the branch and reopens this PR (if it's closed)
@depfu pause
Ignores all future updates for this dependency and closes this PR
@depfu pause [minor|major]
Ignores all future minor/major updates for this dependency and closes this PR
@depfu resume
Future versions of this dependency will create PRs again (leaves this PR as is)
🚨 Your current dependencies have known security vulnerabilities 🚨
This dependency update fixes known security vulnerabilities. Please see the details below and assess their impact carefully. We recommend to merge and deploy this as soon as possible!
Here is everything you need to know about this update. Please take a good look at what changed and the test results before merging this pull request.
What changed?
✳️ redcarpet (3.4.0 → 3.6.0) · Repo · Changelog
Security Advisories 🚨
🚨 Injection/XSS in Redcarpet
Release Notes
3.6.0
3.5.1
3.5.0
Does any of this look wrong? Please let us know.
Commits
See the full diff on Github. The new version differs by 64 commits:
Redcarpet v3.6.0
Add a changelog entry for #721
Merge pull request #721 from casperisfine/ruby-3.2
Merge pull request #724 from amatsuda/test_files
Missing files in the gem package
Don't include test files in the gem package
Merge pull request #723 from amatsuda/https
GitHub is HTTPS by default
Undefine uneeded T_DATA allocators
Merge pull request #681 from orchitech/match-closing-fence-type-and-length
Merge branch 'master' into match-closing-fence-type-and-length
Add a changelog entry for #702
Merge pull request #702 from momijizukamori/block-elements
Add ins and del back to block list
Merge pull request #707 from vmg/fix-travis
Test against recent Ruby versions
Merge pull request #706 from vmg/fix-605
Remove Rubinius from our Travis build
Fix for Ruby 1.9.3
Provide the header bit in the `table_cell` callback
Fix anchor generation on titles with ampersands
Remove the version eye badge from the README
Merge pull request #699 from noraj/patch-1
Update list of HTML block elements + add source text to repo
add gem version badge
Fix a security issue using `:quote` with `:escape_html`
Match fence char and length when matching closing fence in fenced code blocks.
Redcarpet v3.5.0
Tiny follow-up to #663
Merge pull request #663 from maschwenk/dont-mutate-options
Add regression test
Don't mutated passed options
Fix a segfault with StripDown and the `:quote` option
Merge pull request #649 from rbalint/master
Merge pull request #650 from kolen/fix-warning-options-not-initialized
Fix "instance variable @options not initialized" warning
Merge pull request #651 from kolen/fix-travis-builds
Allow Travis build agains ruby-head to fail
Update Rubinius to 3.100 (where builtin test/unit is removed)
Limit version of rake (dev) (12.3 no longer supports Ruby 1.9)
Update Rubinius version on Travis (bundler/bundler#6163)
[CI] Test against new Ruby 2.5
Run redcarpet in redcarpet_bin_test with the interpreter the test started with
Merge pull request #647 from Davidslv/patch-1
Update README.markdown
Merge pull request #642 from schneems/schneems/codetriage-badge
[ci skip] Add CodeTriage badge
Merge pull request #626 from vmg/fix-issue-624
Fix single quotes next to links for SmartyPants
Merge pull request #620 from lnussbaum/master
Merge pull request #621 from joevandyk/patch-1
fix type in README.md
Fix hashes in test suite for 32b architectures
Update the Ruby versions on Travis
Merge pull request #611 from admhlt/patch-1
Fix block rendering
Remove some useless empty lines
Avoid requiring the top level file in the 'compat' file
Add some missing issues references
Remove the `rel` and `rev` attributes from footnotes
Tiny dependencies bump
Automatically enable the `fenced_code_blocks` option for HTML_TOC
Allow passing `Range` objects to the `nesting_level` option
Update the Travis configuration file
Depfu will automatically keep this PR conflict-free, as long as you don't add any commits to this branch yourself. You can also trigger a rebase manually by commenting with
@depfu rebase
.All Depfu comment commands