8a480f3f05dd29534d01df4b7fb20c5de1eda188 - markdown

commit	8a480f3f05dd29534d01df4b7fb20c5de1eda188	[log] [tgz]
author	dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	Mon Apr 01 02:50:20 2024 +0000
committer	GitHub <noreply@github.com>	Mon Apr 01 02:50:20 2024 +0000
tree	b18755d350950252b5db7d55a9f7a6b1a2b697a1
parent	8d07abc6bce001b000097eca35c2f5e37538702a [diff]

Bump actions/checkout from 4.1.1 to 4.1.2 (#604)

Bumps [actions/checkout](https://github.com/actions/checkout) from 4.1.1 to 4.1.2.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a href="https://github.com/actions/checkout/releases">actions/checkout's releases</a>.</em></p>
<blockquote>
<h2>v4.1.2</h2>
<p>We are investigating the following issue with this release and have rolled-back the <code>v4</code> tag to point to <code>v4.1.1</code></p>
<ul>
<li><code>sparse-checkout</code> is not available on git versions prior to 2.27.0 (see <a href="https://redirect.github.com/actions/checkout/issues/1651">actions/checkout#1651</a>)</li>
</ul>
<h2>What's Changed</h2>
<ul>
<li>Fix: Disable sparse checkout whenever <code>sparse-checkout</code> option is not present <a href="https://github.com/dscho"><code>@âdscho</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1598">actions/checkout#1598</a></li>
<li>Bump tough-cookie from 4.0.0 to 4.1.3 by <a href="https://github.com/dependabot"><code>@âdependabot</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1406">actions/checkout#1406</a></li>
<li>Bump <code>@âbabel/traverse</code> from 7.20.5 to 7.24.0 by <a href="https://github.com/dependabot"><code>@âdependabot</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1642">actions/checkout#1642</a></li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a href="https://github.com/jww3"><code>@âjww3</code></a> made their first contribution in <a href="https://redirect.github.com/actions/checkout/pull/1616">actions/checkout#1616</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a href="https://github.com/actions/checkout/compare/v4.1.1...v4.1.2">https://github.com/actions/checkout/compare/v4.1.1...v4.1.2</a></p>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a href="https://github.com/actions/checkout/blob/main/CHANGELOG.md">actions/checkout's changelog</a>.</em></p>
<blockquote>
<h1>Changelog</h1>
<h2>v4.1.2</h2>
<ul>
<li>Fix: Disable sparse checkout whenever <code>sparse-checkout</code> option is not present <a href="https://github.com/dscho"><code>@âdscho</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1598">actions/checkout#1598</a></li>
</ul>
<h2>v4.1.1</h2>
<ul>
<li>Correct link to GitHub Docs by <a href="https://github.com/peterbe"><code>@âpeterbe</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1511">actions/checkout#1511</a></li>
<li>Link to release page from what's new section by <a href="https://github.com/cory-miller"><code>@âcory-miller</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1514">actions/checkout#1514</a></li>
</ul>
<h2>v4.1.0</h2>
<ul>
<li><a href="https://redirect.github.com/actions/checkout/pull/1396">Add support for partial checkout filters</a></li>
</ul>
<h2>v4.0.0</h2>
<ul>
<li><a href="https://redirect.github.com/actions/checkout/pull/1067">Support fetching without the --progress option</a></li>
<li><a href="https://redirect.github.com/actions/checkout/pull/1436">Update to node20</a></li>
</ul>
<h2>v3.6.0</h2>
<ul>
<li><a href="https://redirect.github.com/actions/checkout/pull/1377">Fix: Mark test scripts with Bash'isms to be run via Bash</a></li>
<li><a href="https://redirect.github.com/actions/checkout/pull/579">Add option to fetch tags even if fetch-depth &gt; 0</a></li>
</ul>
<h2>v3.5.3</h2>
<ul>
<li><a href="https://redirect.github.com/actions/checkout/pull/1196">Fix: Checkout fail in self-hosted runners when faulty submodule are checked-in</a></li>
<li><a href="https://redirect.github.com/actions/checkout/pull/1287">Fix typos found by codespell</a></li>
<li><a href="https://redirect.github.com/actions/checkout/pull/1369">Add support for sparse checkouts</a></li>
</ul>
<h2>v3.5.2</h2>
<ul>
<li><a href="https://redirect.github.com/actions/checkout/pull/1289">Fix api endpoint for GHES</a></li>
</ul>
<h2>v3.5.1</h2>
<ul>
<li><a href="https://redirect.github.com/actions/checkout/pull/1246">Fix slow checkout on Windows</a></li>
</ul>
<h2>v3.5.0</h2>
<ul>
<li><a href="https://redirect.github.com/actions/checkout/pull/1237">Add new public key for known_hosts</a></li>
</ul>
<h2>v3.4.0</h2>
<ul>
<li><a href="https://redirect.github.com/actions/checkout/pull/1209">Upgrade codeql actions to v2</a></li>
<li><a href="https://redirect.github.com/actions/checkout/pull/1210">Upgrade dependencies</a></li>
<li><a href="https://redirect.github.com/actions/checkout/pull/1225">Upgrade <code>@âactions/io</code></a></li>
</ul>
<h2>v3.3.0</h2>
<ul>
<li><a href="https://redirect.github.com/actions/checkout/pull/1045">Implement branch list using callbacks from exec function</a></li>
<li><a href="https://redirect.github.com/actions/checkout/pull/1050">Add in explicit reference to private checkout options</a></li>
<li>[Fix comment typos (that got added in <a href="https://redirect.github.com/actions/checkout/issues/770">#770</a>)](<a href="https://redirect.github.com/actions/checkout/pull/1057">actions/checkout#1057</a>)</li>
</ul>
<h2>v3.2.0</h2>
<ul>
<li><a href="https://redirect.github.com/actions/checkout/pull/942">Add GitHub Action to perform release</a></li>
<li><a href="https://redirect.github.com/actions/checkout/pull/967">Fix status badge</a></li>
<li><a href="https://redirect.github.com/actions/checkout/pull/1002">Replace datadog/squid with ubuntu/squid Docker image</a></li>
<li><a href="https://redirect.github.com/actions/checkout/pull/964">Wrap pipeline commands for submoduleForeach in quotes</a></li>
<li><a href="https://redirect.github.com/actions/checkout/pull/1029">Update <code>@âactions/io</code> to 1.1.2</a></li>
</ul>
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a href="https://github.com/actions/checkout/commit/9bb56186c3b09b4f86b1c65136769dd318469633"><code>9bb5618</code></a> Prep for release of  v4.1.2  (<a href="https://redirect.github.com/actions/checkout/issues/1649">#1649</a>)</li>
<li><a href="https://github.com/actions/checkout/commit/8eb1f6a495037164bea451156472f35fdd6bafc0"><code>8eb1f6a</code></a> Bump <code>@âbabel/traverse</code> from 7.20.5 to 7.24.0 (<a href="https://redirect.github.com/actions/checkout/issues/1642">#1642</a>)</li>
<li><a href="https://github.com/actions/checkout/commit/556e4c3cb0b8b54b734286d5439adadcb0a8cb92"><code>556e4c3</code></a> Bump tough-cookie from 4.0.0 to 4.1.3 (<a href="https://redirect.github.com/actions/checkout/issues/1406">#1406</a>)</li>
<li><a href="https://github.com/actions/checkout/commit/b32f140b0c872d58512e0a66172253c302617b90"><code>b32f140</code></a> Warn on attempts to publish <code>test-ubuntu-git</code> from non-main branch. (<a href="https://redirect.github.com/actions/checkout/issues/1623">#1623</a>)</li>
<li><a href="https://github.com/actions/checkout/commit/2650dbd060003e3b5ae211e4358852f336b682a7"><code>2650dbd</code></a> Give <code>test-ubuntu-git</code> its own <code>README</code> (<a href="https://redirect.github.com/actions/checkout/issues/1620">#1620</a>)</li>
<li><a href="https://github.com/actions/checkout/commit/aadec899646c8e0f34c52d9219c2faac36626b55"><code>aadec89</code></a> Explicitly disable sparse checkout unless asked for (<a href="https://redirect.github.com/actions/checkout/issues/1598">#1598</a>)</li>
<li><a href="https://github.com/actions/checkout/commit/df0bcddf6d6823307c716b56a7ef9c3b25078874"><code>df0bcdd</code></a> Refine workflow for generating <code>test-ubuntu-git</code> (<a href="https://redirect.github.com/actions/checkout/issues/1617">#1617</a>)</li>
<li><a href="https://github.com/actions/checkout/commit/473055ba18d6d2da209cd46110aadb9275e3194e"><code>473055b</code></a> Create <code>test-ubuntu-git</code> Docker Container for Proxy Tests (<a href="https://redirect.github.com/actions/checkout/issues/1616">#1616</a>)</li>
<li>See full diff in <a href="https://github.com/actions/checkout/compare/b4ffde65f46336ab88eb53be808477a3936bae11...9bb56186c3b09b4f86b1c65136769dd318469633">compare view</a></li>
</ul>
</details>
<br />

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=actions/checkout&package-manager=github_actions&previous-version=4.1.1&new-version=4.1.2)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

</details>

3 files changed

tree: b18755d350950252b5db7d55a9f7a6b1a2b697a1

README.md

A portable Markdown library written in Dart. It can parse Markdown into HTML on both the client and server.

Play with it at dart-lang.github.io/markdown.

Usage

import 'package:markdown/markdown.dart';

void main() {
  print(markdownToHtml('Hello *Markdown*'));
  //=> <p>Hello <em>Markdown</em></p>
}

Syntax extensions

A few Markdown extensions, beyond what was specified in the original Perl Markdown implementation, are supported. By default, the ones supported in CommonMark are enabled. Any individual extension can be enabled by specifying an Array of extension syntaxes in the blockSyntaxes or inlineSyntaxes argument of markdownToHtml.

The currently supported inline extension syntaxes are:

InlineHtmlSyntax() - approximately CommonMark's definition of “Raw HTML”.

The currently supported block extension syntaxes are:

const FencedCodeBlockSyntax() - Code blocks familiar to Pandoc and PHP Markdown Extra users.
const HeaderWithIdSyntax() - ATX-style headers have generated IDs, for link anchors (akin to Pandoc's auto_identifiers).
const SetextHeaderWithIdSyntax() - Setext-style headers have generated IDs for link anchors (akin to Pandoc's auto_identifiers).
const TableSyntax() - Table syntax familiar to GitHub, PHP Markdown Extra, and Pandoc users.

For example:

import 'package:markdown/markdown.dart';

void main() {
  print(markdownToHtml('Hello <span class="green">Markdown</span>',
      inlineSyntaxes: [InlineHtmlSyntax()]));
  //=> <p>Hello <span class="green">Markdown</span></p>
}

Extension sets

To make extension management easy, you can also just specify an extension set. Both markdownToHtml() and Document() accept an extensionSet named parameter. Currently, there are four pre-defined extension sets:

ExtensionSet.none includes no extensions. With no extensions, Markdown documents will be parsed with a default set of block and inline syntax parsers that closely match how the document might be parsed by the original Perl Markdown implementation.
ExtensionSet.commonMark includes two extensions in addition to the default parsers to bring the parsed output closer to the CommonMark specification:
- Block Syntax Parser
  - const FencedCodeBlockSyntax()
- Inline Syntax Parser
  - InlineHtmlSyntax()
ExtensionSet.gitHubFlavored includes five extensions in addition to the default parsers to bring the parsed output close to the GitHub Flavored Markdown specification:
- Block Syntax Parser
  - const FencedCodeBlockSyntax()
  - const TableSyntax()
- Inline Syntax Parser
  - InlineHtmlSyntax()
  - StrikethroughSyntax()
  - AutolinkExtensionSyntax()
ExtensionSet.gitHubWeb includes eight extensions. The same set of parsers use in the gitHubFlavored extension set with the addition of the block syntax parsers, HeaderWithIdSyntax and SetextHeaderWithIdSyntax, which add id attributes to headers and inline syntax parser, EmojiSyntax, for parsing GitHub style emoji characters:
- Block Syntax Parser
  - const FencedCodeBlockSyntax()
  - const HeaderWithIdSyntax(), which adds id attributes to ATX-style headers, for easy intra-document linking.
  - const SetextHeaderWithIdSyntax(), which adds id attributes to Setext-style headers, for easy intra-document linking.
  - const TableSyntax()
- Inline Syntax Parser
  - InlineHtmlSyntax()
  - StrikethroughSyntax()
  - EmojiSyntax()
  - AutolinkExtensionSyntax()

Custom syntax extensions

You can create and use your own syntaxes.

import 'package:markdown/markdown.dart';

void main() {
  var syntaxes = [TextSyntax('nyan', sub: '~=[,,_,,]:3')];
  print(markdownToHtml('nyan', inlineSyntaxes: syntaxes));
  //=> <p>~=[,,_,,]:3</p>
}

HTML sanitization

This package offers no features in the way of HTML sanitization. Read Estevão Soares dos Santos's great article, “Markdown's XSS Vulnerability (and how to mitigate it)”, to learn more.

The authors recommend that you perform any necessary sanitization on the resulting HTML, for example via dart:html's NodeValidator.

CommonMark compliance

This package contains a number of files in the tool directory for tracking compliance with CommonMark.

Updating CommonMark stats when changing the implementation

Update the library and test code, making sure that tests still pass.
Run dart run tool/stats.dart --update-files to update the per-test results tool/common_mark_stats.json and the test summary tool/common_mark_stats.txt.
Verify that more tests now pass – or at least, no more tests fail.
Make sure you include the updated stats files in your commit.

Updating the CommonMark test file for a spec update

Check out the CommonMark source. Make sure you checkout a major release.

Dump the test output overwriting the existing tests file.

> cd /path/to/common_mark_dir
> python3 test/spec_tests.py --dump-tests > \
  /path/to/markdown.dart/tool/common_mark_tests.json

Update the stats files as described above. Note any changes in the results.
Update any references to the existing spec by search for https://spec.commonmark.org/0.30/ in the repository. (Including this one.) Verify the updated links are still valid.
Commit changes, including a corresponding note in CHANGELOG.md.