commonmark.js 0.31.2

• Require minimist >= 1.2.8 (#290). See https://nvd.nist.gov/vuln/detail/CVE-2021-44906

commonmark 0.31.1

[0.31.1]

• Fix HTML comment parsing with - before closing -->
  (#285, Robin Stocker).
• Accept lowercase inline HTML declarations (Michael Howell).
• Fix title-related backtracking with empty string (#281,
  Michael Howell).
• Remove string.prototype.repeat polyfill (Steven).
• Remove source, add search to list of recognized block tags.
  (a spec 0.31 change we forgot in last release).

commonmark.js 0.31.0

• Update to 0.31 spec.txt.
• Treat unicode symbols like punctuation for purposes of flankingness.
  This updates the library to conform to the 0.31 spec.
• Do not process &-entities that don't end in ; (#278, Michael Howell).
• Html renderer: don't add language- to code block class
  if the info string already starts with language- (#277).
• Fix pathological regex for HTML comments (#273).
• Track underscore bottom separately mod 3, like asterisk (Michael Howell).
• Fix list tightness (taku0).
• Fix "CommomMark" typo (#270, Martin Geisler).
• Declarations do not need a space, per the spec (commonmark/cmark#456).
• Allow <!doctype to be case-insensitive.
• Fix HTML comment regex.
• Fix HTML comment regex to conform to commonmark/commonmark-spec#713.
• Fix a pathological performance case in link titles.
  Thanks to Stefan Dobre for reporting.
• Allow closing fence to be followed by tabs (#258).
• Replace deprecated String.prototype.substr() (#254, CommanderRoot).
• Fix bug with reference link normalization. We were only collapsing the
  first group of consecutive whitespace, not following ones.

commonmark.js 0.30.0

• Update tests to 0.30 spec.txt.
• Fix commonmark/cmark#383. Our optimization for emphasis parsing
  was flawed, leading to some corner cases where nested emphasis was
  parsed incorrectly.
• Allow user to specify a function to escape the output (#217, newfivefour).
• Simplify reThematicBreak.
• Fix documentation for node.listType (TheWastl). The parser produces
  lowercase strings, but the README said the strings are capitalized.
• Fix handling of type 7 HTML blocks (#213).
  They can't interrupt paragraphs (even with laziness).
• Fix link label normalization with backslash before newline (#211).
• Only match punctuation at the beginning of the string (Vladimir Pouzanov).
  This makes the punctuation use match reUnicodeWhitespaceChar usage
  in scanDelims. It's effectively a no-op, as char_after is expected
  to only contain a single character anyways.
• Recognize '01' as start number 1 (#207).
• Use rollup --banner to include license info.
• Remove dist files from the repository. Instead we now generate them
  with pretest and prepublish scripts.
• Simplify dingus Makefile.
• Fix an iframe loading timing issue in the dingus (icyrockcom).
  Closes commonmark/commonmark-spec-web#15.

commonmark.js 0.29.3

• Fix some rough edges around ES modules (Kyle E. Mitchell)
  (#195, #201, #203):
  • Set module types via package.json files in subdirectories.
    A number of JavaScript files were rewritten as ES
    Modules, but their extensions remained .js. That
    extension is ambiguous to newer version of the Node.js
    runtime, which can load both CommonJS modules and ES
    Modules. To fix this, we add package.json files with
    type properties to the various subdirectories. Setting
    type to "module" tells Node.js to interpret .js
    files in that directory and below as ES Modules.
    Otherwise, Node.js falls back on the package.json at
    root, which currently sets type to "commonjs".
  • Make benchmark and test use commonjs again.
  • bin: remove use of ESM and use require('../').
    Node.js version 14, which supports ES Modules without any flag or the
    esm package, is currently in long-term support. But a great many
    folks still run older version of Node.js that either don't support ES
    Modules at all or hide that support behind a feature flag.
  • Import specific functions from entities package.
  • Update "Basic Usage" comment in lib/index.js.
• Remove package-lock.json (Kyle E. Mitchell).
• Fix 'make test' target so that dist is built.
• reHtmlTag: don't use case-insensitive matching (#193).
  The spec specifies uppercase for declarations and CDATA.
• Handle piped input from stdin in windows. Use file descriptor 0
  instead of '/dev/stdin'. Note that this allows piping but doesn't
  handle the case where users run bin/commonmark and enter input
  directly. See #198 for some relevant discussion.
• Configure GitHub Actions to test on Node.js 14 and 15 (Kyle E. Mitchell).
• Allow EOL in processing instructions (#196).

commonmark 0.29.2

• Use ES modules (Iddan Aaronsohn).
• Improve and simplify reference link normalization (#168).
  We now use the built in str.toLowerCase().toUpperCase(), which
  @rlidwka has shown does an accurate unicode case fold.
  This allows us to remove a huge lookup table and should
  both decrease the size of the library and speed things up.
• Fix end source position for nested or indented fenrced code blocks.
  Improves on earlier fix to #141, which only worked for code blocks
  flush with the left margin.
• Upgrade to entities 2.0+.
• Fix generation of dist files for dingus.
• Use esm for bin/commonmark, bench, test.
• Use rollup uglify plugin to create minified dist.
• Move dev dependencies to proper place in package.json.
• Use rollup instead of browserify (Iddan Aaronsohn).
• Reformat code with prettier (Iddan Aaronsohn).
• Replace travis CI with GitHub Actions CI.
• Bump versions of software to benchmark against.
• Change jgm/commonmark.js to commonmark/commonmark.js (#126).
• Security audit fixes.
• Remove obsolete spec2js.js script
• Remove test on node 9 and under. Only support actively maintained
  versions.
• Run npm lint in ci.

commonmark.js 0.29.1

• Export Renderer (#162, Federico Ramirez). Export the Renderer
  class so consumers can use it as a base class for their own custom
  Renderer's. [API change]
• Fix end source position for fenced code and raw HTML (#141).
• Ensure that \ is treated as punctuation character (#161).
• Remove redundant token from reHtmlBlockOpen (Vas Sudanagunta).
• Remove unused variable reWhitespace.
• Don't decode url before encoding it again (Daniel Berndt).
• Don't allow link destinations with unbalanced unescaped parens (#177).
• Don't put quote delims on stack if not --smart.
• Don't add to delim stack if !can_open && !can_close (#172).
• Remove no longer used argument to escapeXml (#169, Robin Stocker).
• Avoid numerical conversion for file names in argv (#164, Alex Kocharin).
• Adapt existing encoding-based regression test and add %25-based
  regression test (Daniel Berndt).
• Add pathological test for #172 illustrating quadratic time bug.
• Fix pathological case commonmark/cmark#178.
• Add pathological test for cmark#178.
• Dingus: remove debugging console.log.
• Sync .editorconfig indent_size to actual (#178, Vas Sudanagunta).
• Add lint rule for unused variables
• Apply npm audit suggestions.
• Fixed invalid package.json dependency entries (Vas Sudanagunta).

commonmark.js 0.29.0

• Update spec to 0.29.
• Fix parsing of setext headers after reference link definitions.
• Fix code span normalization to conform to spec change.
• Allow empty destinations in link refs. See commonmark/commonmark-spec#172.
• Update link destination parsing.
• dingus: add dependency version requirements (#159, Vas Sudanagunta). Dingus was rendering incorrectly with Bootstrap 4. Added a bower.json which requires Bootstrap, jQuery and Lodash with major version equal to what's currently live. Likewise the minimum patch version.
• package.json: Add version for bower in devDependencies.
• package.json - use ^ operator for versions.
• Allow internal delim runs to match if both have lengths that are multiples of 3. See commonmark/commonmark-spec#528.
• Remove now unused 'preserve_entities' option on escapeXml. This was formerly used (incorrectly) in the HTML renderer. It isn't needed any more. [API change]
• html renderer: Don't preserve entities when rendering href, src, title, info string. This gives rise to double-encoding errors, when the original markdown is e.g. :, since the commonmark reader already unescapes entities. Thanks to Sebastiaan Knijnenburg for noticing this.
• More efficient checking for loose lists. This fixes a case like commonmark/cmark#284.
• Disallow unescaped ( in parenthesized link title.
• Add pathological test (commonmark/cmark#285).
• Comment out failing pathological test for now.
• Add pathological tests for #157.
• Fix two exponential regex backtracking vulnerabilities (#157, Anders Kaseorg). ESCAPED_CHAR already matches \\, so matching it again in another alternative was causing exponential complexity explosion. This makes the following behavior changes: [foo\\\] is no longer incorrectly accepted as a link reference. <foo\> is no longer incorrectly accepted as an angle-bracketed link destination.
• package.json: require lodash >= 4.17.11.
• Require cached-path-relative >= 1.0.2. This fixes a security vulnerability, but it's only in the dev dependencies.
• Update fenced block parsing for spec change.
• Require space before title in reference link. See commonmark/cmark#263.
• Update code span normalization for spec change.
• Removed meta from list of block tags. See commonmark/commonmark-spec#527.
• make dist: ensure that comment line is included in dist files (#144). Also change URL to CommonMark/commonmark.js.
• Use local development dependencies (#142, Lynn Kirby). Packages used during development are now listed in devDependencies of package.json. Makefiles are updated to use those local versions. References to manually installing packages are removed from README.md and bench/bench.js. The package-lock.json file used in newer NPM versions is also added.
• Allow spaces in pointy-bracket link destinations.
• Adjust max length for decimal/numeric entities. See commonmark/commonmark-spec#487.
• Don't allow escaped spaces in link destination. Closes commonmark/commonmark-spec#493.
• Don't allow list items that are indented >= 4 spaces. See commonmark/commonmark-spec#497.

commonmark.js 0.28.1

• Update changelog (omitted in 0.28.0 release)

commonmark.js 0.28.0

• Update spec to 0.28.

• Align punctuation regex with spec (#121). Previously some ASCII
  punctuation characters were not being counted, so ^_test_ came out
  without emphasis, for example.

• Simplified a logical test, making it closer to the wording of the spec.

• Don't parse reference def if last ] is escaped (#468).
  E.g.

  [\ ]
  
  [\]: test
  

• Dingus Makefile: remove ref to obsolete html.js.

• Removed obsolete lib/xml.js (replaced by lib/render/xml.js).

• Allow tabs before and after ATX closing header (Erik Edrosa).

• Change precedence of Strong/Emph when both nestings possible.
  This accommodates the spec change to rule 14.
  Note that commonmark.js was not previously in conformity
  with rule 14 for things like ***hi****.

• Calculate "mulitple of 3" for delim runs based on original number
  of delims, not the number remaining after some have been
  used.

• Make esc() method abstract and overridable (muji).

• README: update documentation for overriding softbreak and esc (#118).

• Remove old XMLRenderer implementation (muji).

• package.json: use shorter form for repository.

• Don't export version in lib/index.js.
  Instead, users can get version from package.json:
  require('commonmark/package.json').version.

• Removed remnants of old html renderer (#113).
  Now we use lib/renderer/html.js.

• Hand-rolled parser for link destinations.
  This allows nested parens, as now required by the spec.

• Fix regression test example (Colin O'Dell).

• dingus: Fixed iframe on load.