SECURITY: it was possible to smuggle unsafe URLs --- like javascript: ones --- even without using the "unsafe" mode of operation. Thanks to Sam Sanoop (snoopysecurity) for reporting.
Recognise tables without a preceding newline. (#183)
SECURITY: we were matching unsafe URL prefixes, such as data: or javascript:, in a case-sensitive manner. This meant prefixes like Data: were untouched. Please upgrade as soon as possible. (Kouhei Morita)
Add support for ignoring front matter. (#170, Eitan Mosenkis.)
Two new binaries are added to each release: aarch64-apple-darwin and x86_64-unknown-freebsd.
Add support for a config file for CLI use. (#157, with thanks to AJ ONeal.)
Note the Windows binary includes commit fd39797e0f2e4cd29fa10bbab18f2e11de3189e9 ahead of this tag. The aarch64 build is still not tested on actual hardware.
SECURITY: it was possible to smuggle unsafe URLs --- like javascript: ones
--- even without using the "unsafe" mode of operation. Thanks to Sam Sanoop
(snoopysecurity) for reporting.
Recognise tables without a preceding newline. (#183)
SECURITY: we were matching unsafe URL prefixes, such as data: or
javascript:, in a case-sensitive manner. This meant prefixes like Data:
were untouched. Please upgrade as soon as possible. (Kouhei Morita)
Add support for ignoring front matter. (#170, Eitan Mosenkis.)
0.9.0
0.8.2 was a semver-breaking change, so we're now bumping to 0.9.0. Some
tests have been added to catch this in future.
Allow image/ prefix on data URIs. (#169, Daniel Sorichetti)
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
- `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language
- `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language
- `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language
- `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language
You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/rust-dev-tools/cargo-src/network/alerts).
Bumps comrak from 0.2.14 to 0.10.1.
Release notes
Sourced from comrak's releases.
... (truncated)
Changelog
Sourced from comrak's changelog.
... (truncated)
Commits
1544795
0.10.118b65da
Merge branch 'security-ampersand'b72340c
SECURITY: escape ampersands in hrefs6d6b772
Merge pull request #184 from kivikakk/update-readme-in-rustf91e6f7
examples: document, update CI8c9e7d4
update-readme: use Comrak as an example of Markdown editinge5bf257
0.10.1-rc.1dda08d4
Merge pull request #183 from kivikakk/recog-table-without-emptyd20870b
table: recognise without empty line165dac7
test: add failing test for table after no newlineDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase
.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) - `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language - `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language - `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language - `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/rust-dev-tools/cargo-src/network/alerts).