Update commonmark 0.27.0 → 0.31.0 (major)

[depfu]

Here is everything you need to know about this upgrade. Please take a good look at what changed and the test results before merging this pull request.

What changed?

✳️ commonmark (0.27.0 → 0.31.0) · Repo · Changelog

Release Notes

0.31.0

• Update to 0.31 spec.txt.
• Treat unicode symbols like punctuation for purposes of flankingness.
  This updates the library to conform to the 0.31 spec.
• Do not process &-entities that don't end in ; (#278, Michael Howell).
• Html renderer: don't add language- to code block class
  if the info string already starts with language- (#277).
• Fix pathological regex for HTML comments (#273).
• Track underscore bottom separately mod 3, like asterisk (Michael Howell).
• Fix list tightness (taku0).
• Fix "CommomMark" typo (#270, Martin Geisler).
• Declarations do not need a space, per the spec (commonmark/cmark#456).
• Allow <!doctype to be case-insensitive.
• Fix HTML comment regex.
• Fix HTML comment regex to conform to commonmark/commonmark-spec#713.
• Fix a pathological performance case in link titles.
  Thanks to Stefan Dobre for reporting.
• Allow closing fence to be followed by tabs (#258).
• Replace deprecated String.prototype.substr() (#254, CommanderRoot).
• Fix bug with reference link normalization. We were only collapsing the
  first group of consecutive whitespace, not following ones.

0.30.0

• Update tests to 0.30 spec.txt.
• Fix commonmark/cmark#383. Our optimization for emphasis parsing
  was flawed, leading to some corner cases where nested emphasis was
  parsed incorrectly.
• Allow user to specify a function to escape the output (#217, newfivefour).
• Simplify reThematicBreak.
• Fix documentation for node.listType (TheWastl). The parser produces
  lowercase strings, but the README said the strings are capitalized.
• Fix handling of type 7 HTML blocks (#213).
  They can't interrupt paragraphs (even with laziness).
• Fix link label normalization with backslash before newline (#211).
• Only match punctuation at the beginning of the string (Vladimir Pouzanov).
  This makes the punctuation use match reUnicodeWhitespaceChar usage
  in scanDelims. It's effectively a no-op, as char_after is expected
  to only contain a single character anyways.
• Recognize '01' as start number 1 (#207).
• Use rollup --banner to include license info.
• Remove dist files from the repository. Instead we now generate them
  with pretest and prepublish scripts.
• Simplify dingus Makefile.
• Fix an iframe loading timing issue in the dingus (icyrockcom).
  Closes commonmark/commonmark-spec-web#15.

0.29.3

• Fix some rough edges around ES modules (Kyle E. Mitchell)
  (#195, #201, #203):
  • Set module types via package.json files in subdirectories.
    A number of JavaScript files were rewritten as ES
    Modules, but their extensions remained .js. That
    extension is ambiguous to newer version of the Node.js
    runtime, which can load both CommonJS modules and ES
    Modules. To fix this, we add package.json files with
    type properties to the various subdirectories. Setting
    type to "module" tells Node.js to interpret .js
    files in that directory and below as ES Modules.
    Otherwise, Node.js falls back on the package.json at
    root, which currently sets type to "commonjs".
  • Make benchmark and test use commonjs again.
  • bin: remove use of ESM and use require('../').
    Node.js version 14, which supports ES Modules without any flag or the
    esm package, is currently in long-term support. But a great many
    folks still run older version of Node.js that either don't support ES
    Modules at all or hide that support behind a feature flag.
  • Import specific functions from entities package.
  • Update "Basic Usage" comment in lib/index.js.
• Remove package-lock.json (Kyle E. Mitchell).
• Fix 'make test' target so that dist is built.
• reHtmlTag: don't use case-insensitive matching (#193).
  The spec specifies uppercase for declarations and CDATA.
• Handle piped input from stdin in windows. Use file descriptor 0
  instead of '/dev/stdin'. Note that this allows piping but doesn't
  handle the case where users run bin/commonmark and enter input
  directly. See #198 for some relevant discussion.
• Configure GitHub Actions to test on Node.js 14 and 15 (Kyle E. Mitchell).
• Allow EOL in processing instructions (#196).

0.29.2

• Use ES modules (Iddan Aaronsohn).
• Improve and simplify reference link normalization (#168).
  We now use the built in str.toLowerCase().toUpperCase(), which
  @rlidwka has shown does an accurate unicode case fold.
  This allows us to remove a huge lookup table and should
  both decrease the size of the library and speed things up.
• Fix end source position for nested or indented fenrced code blocks.
  Improves on earlier fix to #141, which only worked for code blocks
  flush with the left margin.
• Upgrade to entities 2.0+.
• Fix generation of dist files for dingus.
• Use esm for bin/commonmark, bench, test.
• Use rollup uglify plugin to create minified dist.
• Move dev dependencies to proper place in package.json.
• Use rollup instead of browserify (Iddan Aaronsohn).
• Reformat code with prettier (Iddan Aaronsohn).
• Replace travis CI with GitHub Actions CI.
• Bump versions of software to benchmark against.
• Change jgm/commonmark.js to commonmark/commonmark.js (#126).
• Security audit fixes.
• Remove obsolete spec2js.js script
• Remove test on node 9 and under. Only support actively maintained
  versions.
• Run npm lint in ci.

0.29.1

• Export Renderer (#162, Federico Ramirez). Export the Renderer
  class so consumers can use it as a base class for their own custom
  Renderer's. [API change]
• Fix end source position for fenced code and raw HTML (#141).
• Ensure that \ is treated as punctuation character (#161).
• Remove redundant token from reHtmlBlockOpen (Vas Sudanagunta).
• Remove unused variable reWhitespace.
• Don't decode url before encoding it again (Daniel Berndt).
• Don't allow link destinations with unbalanced unescaped parens (#177).
• Don't put quote delims on stack if not --smart.
• Don't add to delim stack if !can_open && !can_close (#172).
• Remove no longer used argument to escapeXml (#169, Robin Stocker).
• Avoid numerical conversion for file names in argv (#164, Alex Kocharin).
• Adapt existing encoding-based regression test and add %25-based
  regression test (Daniel Berndt).
• Add pathological test for #172 illustrating quadratic time bug.
• Fix pathological case commonmark/cmark#178.
• Add pathological test for cmark#178.
• Dingus: remove debugging console.log.
• Sync .editorconfig indent_size to actual (#178, Vas Sudanagunta).
• Add lint rule for unused variables
• Apply npm audit suggestions.
• Fixed invalid package.json dependency entries (Vas Sudanagunta).

0.29.0

• Update spec to 0.29.
• Fix parsing of setext headers after reference link definitions.
• Fix code span normalization to conform to spec change.
• Allow empty destinations in link refs. See Empty destinations in link references commonmark/commonmark-spec#172.
• Update link destination parsing.
• dingus: add dependency version requirements (#159, Vas Sudanagunta). Dingus was rendering incorrectly with Bootstrap 4. Added a bower.json which requires Bootstrap, jQuery and Lodash with major version equal to what's currently live. Likewise the minimum patch version.
• package.json: Add version for bower in devDependencies.
• package.json - use ^ operator for versions.
• Allow internal delim runs to match if both have lengths that are multiples of 3. See Interior strong+emph not parsed commonmark/commonmark-spec#528.
• Remove now unused 'preserve_entities' option on escapeXml. This was formerly used (incorrectly) in the HTML renderer. It isn't needed any more. [API change]
• html renderer: Don't preserve entities when rendering href, src, title, info string. This gives rise to double-encoding errors, when the original markdown is e.g. :, since the commonmark reader already unescapes entities. Thanks to Sebastiaan Knijnenburg for noticing this.
• More efficient checking for loose lists. This fixes a case like commonmark/cmark#284.
• Disallow unescaped ( in parenthesized link title.
• Add pathological test (commonmark/cmark#285).
• Comment out failing pathological test for now.
• Add pathological tests for #157.
• Fix two exponential regex backtracking vulnerabilities (#157, Anders Kaseorg). ESCAPED_CHAR already matches \\, so matching it again in another alternative was causing exponential complexity explosion. This makes the following behavior changes: [foo\\\] is no longer incorrectly accepted as a link reference. <foo\> is no longer incorrectly accepted as an angle-bracketed link destination.
• package.json: require lodash >= 4.17.11.
• Require cached-path-relative >= 1.0.2. This fixes a security vulnerability, but it's only in the dev dependencies.
• Update fenced block parsing for spec change.
• Require space before title in reference link. See commonmark/cmark#263.
• Update code span normalization for spec change.
• Removed meta from list of block tags. See commonmark/commonmark-spec#527.
• make dist: ensure that comment line is included in dist files (#144). Also change URL to CommonMark/commonmark.js.
• Use local development dependencies (#142, Lynn Kirby). Packages used during development are now listed in devDependencies of package.json. Makefiles are updated to use those local versions. References to manually installing packages are removed from README.md and bench/bench.js. The package-lock.json file used in newer NPM versions is also added.
• Allow spaces in pointy-bracket link destinations.
• Adjust max length for decimal/numeric entities. See commonmark/commonmark-spec#487.
• Don't allow escaped spaces in link destination. Closes commonmark/commonmark-spec#493.
• Don't allow list items that are indented >= 4 spaces. See commonmark/commonmark-spec#497.

Does any of this look wrong? Please let us know.

Commits

See the full diff on Github. The new version differs by more commits than we can show here.

↗️ entities (indirect, 1.1.2 → 3.0.1) · Repo

Release Notes

3.0.1

• Fixes an issue where some characters above the high surrogate plane would be considered as surrogate characters as well (#562) 769ce35

v3.0.0...v3.0.1

3.0.0

entities@3.0.0 features more configurable encode and decode functions and rewritten decode & encode functions, resulting in a huge speedup.

New Features:

• feat: Add new API for encode, decode functions 817ae67

You can now pass an object with additional configuration options to the exported encode and decode function. You can still use the relevant function directly, but this will make it easier to figure out what you want to do in the first place!

Refactors:

• refactor(encode): Use trie for encoding (#559) f6f7cd9
• refactor(decode): Use serialised binary trie for decoding (#556, #557) 267d32e c038c63

entities is now using tries for encoding and decoding entities. Especially when decoding, this leads to considerable performance improvements. The simple benchmark in scripts/benchmark.ts is useful for comparing the performance of these two versions:

Version	decode perf	encode perf	escape perf
3.0.0	1.418s	6.786s	2.196s
2.2.0	4.085s	14.842s	5.166s
Speedup	2.9x	2.1x	2.4x

Heroes of this release:

• @inikulin for his work on binary decoding tries for the parse5 project, which was the basis for the decode trie implemented in this project.
• @mdevils for being a great opponent in entity library performance. entities was the fastest library in the space for a while. The friendly competition was a great reason to come up with smarter algorithms to push the envelope just a bit further. Now entities is on top again, but we'll see how long that lasts!

2.2.0

• Add encodeNonAsciiHTML function 03b9143
  • Bit of a mouthful, but probably what most users expect; same as encodeHTML, but skips characters that are perfectly valid in ASCII and HTML.
• Add escapeUTF8 function 1ea2418
  • Useful for escaping content in a space-saving manner, when charsets aren't an issue.
• Use string codepoint methods when available 1e5aa22
  • Restores compatibility with Node < 4.
• Add doc comments for most methods, deprecate some methods 8b1bc21

v2.1.0...v2.2.0

2.1.0

• Minified built-in JSON maps (#305 by @fabiospampinato) 97ebff3
• chore(lint): Add eslint-plugin-node 714d70d

v2.0.3...v2.1.0

2.0.3

• Convert RegEx to ES5, restoring backwards compatibility (#212, by @manish-kothari)

Does any of this look wrong? Please let us know.

Commits

See the full diff on Github. The new version differs by more commits than we can show here.

↗️ string.prototype.repeat (indirect, 0.2.0 → 1.0.0) · Repo

Commits

See the full diff on Github. The new version differs by 11 commits:

• 1.0.0
• Merge pull request #8 from mathiasbynens/nr/es-shim-api
• Improve error messages
• Spaces to tabs
• Use `tape` in tests and run them on every Node.js version
• Update readme
• Test that it respects the es-shim-api interface
• [breaking] Implement the es-shim-api interface
• Update repo config files
• Test in Node.js v4.x.x
• Use HTTPS URLs where possible

🆕 array-buffer-byte-length (added, 1.0.1)

🆕 arraybuffer.prototype.slice (added, 1.0.3)

🆕 available-typed-arrays (added, 1.0.7)

🆕 call-bind (added, 1.0.7)

🆕 data-view-buffer (added, 1.0.1)

🆕 data-view-byte-length (added, 1.0.1)

🆕 data-view-byte-offset (added, 1.0.0)

🆕 define-data-property (added, 1.1.4)

🆕 define-properties (added, 1.2.1)

🆕 es-abstract (added, 1.23.3)

🆕 es-define-property (added, 1.0.0)

🆕 es-errors (added, 1.3.0)

🆕 es-object-atoms (added, 1.0.0)

🆕 es-set-tostringtag (added, 2.0.3)

🆕 es-to-primitive (added, 1.2.1)

🆕 for-each (added, 0.3.3)

🆕 function-bind (added, 1.1.2)

🆕 function.prototype.name (added, 1.1.6)

🆕 functions-have-names (added, 1.2.3)

🆕 get-intrinsic (added, 1.2.4)

🆕 get-symbol-description (added, 1.0.2)

🆕 globalthis (added, 1.0.4)

🆕 gopd (added, 1.0.1)

🆕 has-bigints (added, 1.0.2)

🆕 has-property-descriptors (added, 1.0.2)

🆕 has-proto (added, 1.0.3)

🆕 has-symbols (added, 1.0.3)

🆕 has-tostringtag (added, 1.0.2)

🆕 hasown (added, 2.0.2)

🆕 internal-slot (added, 1.0.7)

🆕 is-array-buffer (added, 3.0.4)

🆕 is-bigint (added, 1.0.4)

🆕 is-boolean-object (added, 1.1.2)

🆕 is-callable (added, 1.2.7)

🆕 is-data-view (added, 1.0.1)

🆕 is-date-object (added, 1.0.5)

🆕 is-negative-zero (added, 2.0.3)

🆕 is-number-object (added, 1.0.7)

🆕 is-regex (added, 1.1.4)

🆕 is-shared-array-buffer (added, 1.0.3)

🆕 is-string (added, 1.0.7)

🆕 is-symbol (added, 1.0.4)

🆕 is-typed-array (added, 1.1.13)

🆕 is-weakref (added, 1.0.2)

🆕 object-inspect (added, 1.13.1)

🆕 object-keys (added, 1.1.1)

🆕 object.assign (added, 4.1.5)

🆕 possible-typed-array-names (added, 1.0.0)

🆕 regexp.prototype.flags (added, 1.5.2)

🆕 safe-array-concat (added, 1.1.2)

🆕 safe-regex-test (added, 1.0.3)

🆕 set-function-length (added, 1.2.2)

🆕 set-function-name (added, 2.0.2)

🆕 side-channel (added, 1.0.6)

🆕 string.prototype.trim (added, 1.2.9)

🆕 string.prototype.trimend (added, 1.0.8)

🆕 string.prototype.trimstart (added, 1.0.8)

🆕 typed-array-buffer (added, 1.0.2)

🆕 typed-array-byte-length (added, 1.0.1)

🆕 typed-array-byte-offset (added, 1.0.2)

🆕 typed-array-length (added, 1.0.6)

🆕 unbox-primitive (added, 1.0.2)

🆕 which-boxed-primitive (added, 1.0.2)

🆕 which-typed-array (added, 1.1.15)

🗑️ string-width-cjs (removed)

🗑️ strip-ansi-cjs (removed)

🗑️ wrap-ansi-cjs (removed)

---

Depfu will automatically keep this PR conflict-free, as long as you don't add any commits to this branch yourself. You can also trigger a rebase manually by commenting with @depfu rebase.

All Depfu comment commands

@​depfu rebase

Rebases against your default branch and redoes this update

@​depfu recreate

Recreates this PR, overwriting any edits that you've made to it

@​depfu merge

Merges this PR once your tests are passing and conflicts are resolved

@​depfu cancel merge

Cancels automatic merging of this PR

@​depfu close

Closes this PR and deletes the branch

@​depfu reopen

Restores the branch and reopens this PR (if it's closed)

@​depfu pause

Ignores all future updates for this dependency and closes this PR

@​depfu pause [minor|major]

Ignores all future minor/major updates for this dependency and closes this PR

@​depfu resume

Future versions of this dependency will create PRs again (leaves this PR as is)