Switch to commonmark markdown

[jeroen]

The new version of commonmark uses the Github fork of the libcmark library, providing fast and standardized markdown rendering, including support for Github Flavored Markdown extensions (tables, autolinks, strikethough).

commonmark::markdown_html(md_text, extensions = c("table", "autolink"))
commonmark::markdown_latex(md_text, extensions = c("table", "autolink"))

Maybe it could be a better alternative to markdown::markdownToHTML.

[yihui]

Thanks for the suggestion! I'll take a look. I think the markdown package will be retired eventually.

[michaelquinn32]

Hi Yihui!

Could you please revisit this?

The markdown package relies on a version of sundown that is very old and no longer maintained. At Google, we're treating this as a security issue.

We're in a bit of a tough spot:

• sundown itself can be replaced by the currently-maintained hoedown, but it is a pretty big rewrite if we're going to do that: https://github.com/hoedown/hoedown
• Or we need to figure out how to remove the markdown package itself from knitr to use commonmark

Since both involve non-trivial amounts of work, it would be nice to know what approach you would prefer.

Best wishes, Michael

[yihui]

@michaelquinn32 Yes, I'll remove the dependency on markdown. It may take at least a couple of weeks. The trickiest thing will be package vignettes on CRAN. Due to the huge number of reverse dependencies of knitr, I'll have to be extremely cautious to make this transition. Thanks!

[michaelquinn32]

That's amazing to hear! Thank you.

Let me know if there's anything I can do to help you out.

[yihui]

Hi @michaelquinn32, I heard that you were planning to work on this issue by yourself, and I just want to let you know that we also plan to work on it on our end. I don't have an ETA yet, but my estimate is that it should be done in about two months. If this issue is urgent to you, please feel to let me know and we can certainly prioritize it. Thanks!

[michaelquinn32]

Thanks for the update!

There's no need to adjust your prioritization. I'll let you know how things go on my end, and I'm really looking forward to seeing this fixed!

[rickyars]

Following. I'm very interested in this change as markdown is GPL-2.

[yihui]

@rickyars Do you mean that you can't use packages licensed under GPL-2? I'm not entirely sure if I'll be able to change the license of the markdown package.

[rickyars]

Yes. We can't mix code that uses GPL-2 and GPL-3 if we plan to redistribute our work open source. Right now I have some Shiny apps that use knitr and the one piece I can't get around is its dependence on markdown. If you are removing markdown then the issue goes away. Maybe I misunderstood what was you meant when you said "I'll remove the dependency on markdown." Alternatively, have you considered switching to the rmarkdown package?

[yihui]

What I meant are:

1. markdown won't be a hard dependency of knitr in the future (will only be in Suggests instead of Depends).

2. markdown won't use the sundown C library.

It sounds like 1 will solve your problem?

[rickyars]

Yes, thank you!

[cderv]

Just for reference regarding ☝️

markdown won't be a hard dependency of knitr in the future (will only be in Suggests instead of Depends).

This is followed in https://github.com/yihui/knitr/issues/1864

[jeroen]

Cool. The commonmark package is now part of the r-lib organization: https://github.com/r-lib/commonmark

[yihui]

Although this is no longer tightly relevant to knitr, I've retired the C library sundown in markdown, and switched to commonmark as suggested. Thanks!

[github-actions[bot]]

This old thread has been automatically locked. If you think you have found something related to this, please open a new issue by following the issue guide (https://yihui.org/issue/), and link to this old issue if necessary.