Skip to content

Bump comrak from 0.43.0 to 0.47.0 in /autorust #704

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

Bump comrak from 0.43.0 to 0.47.0 in /autorust #704

wants to merge 1 commit into from
+44 −21

Conversation

@dependabot
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Nov 3, 2025

Bumps comrak from 0.43.0 to 0.47.0.

Release notes

Sourced from comrak's releases.

v0.47.0

Martin Chrástek has fixed all known sourcepos issues in Comrak, while closing a number of other bugs at the same time! I'm so happy.

New APIs:

Bug fixes:

Build changes:

Diff: kivikakk/comrak@v0.46.0...v0.47.0

v0.46.0

Please note the MSRV has been bumped from 1.65 to 1.70; see the pull request for more details. It's a kind of sticky and awkward situation — thanks to the inevitability of Progress — with no particularly clean solution. (wherein telling GCC 15 users "sorry it just won't build from source for you without messing with dependencies" is not a solution.)

Security:

  • Footnote resolution no longer recurses over the document tree; on documents with deeply nested elements, this could cause a stack overflow, with resultant denial of service. (by @​kivikakk in kivikakk/comrak#659)
  • Inline footnotes are restricted to a depth of 5 for similar reasons. An iterative rewrite here to avoid a limit is possible, but for now I'm hoping we can all pretend to be responsible adult human beings and limit our recursive inline footnote usage accordingly. (PRs welcome tho, non-human users are very welcome!) (by @​kivikakk in kivikakk/comrak#659)

Parser changes:

  • U+2069 POP DIRECTIONAL ISOLATE will be treated as terminating an autolink, rather than included as part of the link, making autolinks much easier to use correctly in RTL text. (by @​SethFalco in kivikakk/comrak#654)
  • HTML start condition 4 is correctly detected when non-capital letters follow "<!". (by @​kivikakk in kivikakk/comrak#658)

New APIs:

Bug fixes:

Build changes:

New Contributors

... (truncated)

Changelog

Sourced from comrak's changelog.

[v0.47.0] - 2025-10-30

Martin Chrástek has fixed all known sourcepos issues in Comrak, while closing a number of other bugs at the same time! I'm so happy.

New APIs:

Bug fixes:

Build changes:

Diff: kivikakk/comrak@v0.46.0...v0.47.0

[v0.46.0] - 2025-10-28

Please note the MSRV has been bumped from 1.65 to 1.70; see the pull request for more details. It's a kind of sticky and awkward situation — thanks to the inevitability of Progress — with no particularly clean solution. (wherein telling GCC 15 users "sorry it just won't build from source for you without messing with dependencies" is not a solution.)

Security:

  • Footnote resolution no longer recurses over the document tree; on documents with deeply nested elements, this could cause a stack overflow, with resultant denial of service. (by @​kivikakk in kivikakk/comrak#659)
  • Inline footnotes are restricted to a depth of 5 for similar reasons. An iterative rewrite here to avoid a limit is possible, but for now I'm hoping we can all pretend to be responsible adult human beings and limit our recursive inline footnote usage accordingly. (PRs welcome tho, non-human users are very welcome!) (by @​kivikakk in kivikakk/comrak#659)

Parser changes:

  • U+2069 POP DIRECTIONAL ISOLATE will be treated as terminating an autolink, rather than included as part of the link, making autolinks much easier to use correctly in RTL text. (by @​SethFalco in kivikakk/comrak#654)
  • HTML start condition 4 is correctly detected when non-capital letters follow "<!". (by @​kivikakk in kivikakk/comrak#658)

New APIs:

Bug fixes:

Build changes:

New Contributors

... (truncated)

Commits
  • 4997b3f CHANGELOG: fix diff link.
  • 1daa361 Merge pull request #668 from kivikakk/release/v0.46.1
  • cb37c2c this had better be 0.47.0, since we add fields to structs.
  • e7da3d0 CHANGELOG.md: finish 0.46.1.
  • 8e5a89f CHANGELOG.md: add generated portion.
  • d167b22 Merge pull request #667 from kivikakk/push-znrpromoowkm
  • ee2e451 Cargo.toml: v0.46.1.
  • 7a48ba1 remove unneeded collect.
  • 0430af5 Merge pull request #666 from Martin005/fix-list-sourcepos
  • f6f0bea fix: Incorrect sourcepos for lists and its children
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot
Bump comrak from 0.43.0 to 0.47.0 in /autorust
bb1e40d 
Bumps [comrak](https://github.com/kivikakk/comrak) from 0.43.0 to 0.47.0.
- [Release notes](https://github.com/kivikakk/comrak/releases)
- [Changelog](https://github.com/kivikakk/comrak/blob/main/CHANGELOG.md)
- [Commits](kivikakk/comrak@v0.43.0...v0.47.0)

---
updated-dependencies:
- dependency-name: comrak
  dependency-version: 0.47.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file rust Pull requests that update rust code labels Nov 3, 2025
@dependabot dependabot bot mentioned this pull request Nov 3, 2025
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file rust Pull requests that update rust code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant