4ab90835cdfb57366c9588f3769ec08f3a68e4df - external/github.com/dart-lang/markdown

commit	4ab90835cdfb57366c9588f3769ec08f3a68e4df	[log] [tgz]
author	dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	Wed May 01 02:29:06 2024
committer	GitHub <noreply@github.com>	Wed May 01 02:29:06 2024
tree	4e808e9880b65cd94338295d83295a5299382480
parent	782b1803a29aa964410d93b4437d5d1efa47f6b4 [diff]

Bump dart-lang/setup-dart from 1.6.2 to 1.6.4 (#606)

Bumps [dart-lang/setup-dart](https://github.com/dart-lang/setup-dart) from 1.6.2 to 1.6.4.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a href="https://github.com/dart-lang/setup-dart/releases">dart-lang/setup-dart's releases</a>.</em></p>
<blockquote>
<h2>v1.6.4</h2>
<ul>
<li>Rebuild JS code to include changes from v1.6.3</li>
</ul>
<h2>v1.6.3</h2>
<ul>
<li>Roll <code>undici</code> dependency to address <a href="https://github.com/nodejs/undici/security/advisories/GHSA-m4v8-wqvr-p9f7">CVE-2024-30260</a> and <a href="https://github.com/nodejs/undici/security/advisories/GHSA-9qxr-qj54-h672">CVE-2024-30261</a>.</li>
</ul>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a href="https://github.com/dart-lang/setup-dart/blob/main/CHANGELOG.md">dart-lang/setup-dart's changelog</a>.</em></p>
<blockquote>
<h2>v1.6.4</h2>
<ul>
<li>Rebuild JS code.</li>
</ul>
<h2>v1.6.3</h2>
<ul>
<li>Roll <code>undici</code> dependency to address <a href="https://github.com/nodejs/undici/security/advisories/GHSA-m4v8-wqvr-p9f7">CVE-2024-30260</a> and <a href="https://github.com/nodejs/undici/security/advisories/GHSA-9qxr-qj54-h672">CVE-2024-30261</a>.</li>
</ul>
<h2>v1.6.2</h2>
<ul>
<li>Switch to running the workflow on <code>node20`` from </code>node16`. See also
<a href="https://github.blog/changelog/2023-09-22-github-actions-transitioning-from-node-16-to-node-20/">Transitioning from Node 16 to Node 20</a>.</li>
</ul>
<h2>v1.6.1</h2>
<ul>
<li>Updated the google storage url for <code>main</code> channel releases.</li>
</ul>
<h2>v1.6.0</h2>
<ul>
<li>Enable provisioning of the latest Dart SDK patch release by specifying just
the major and minor version (e.g. <code>3.2</code>).</li>
</ul>
<h2>v1.5.1</h2>
<ul>
<li>No longer test the <code>setup-dart</code> action on pre-2.12 SDKs.</li>
<li>Upgrade JS interop code to use extension types
(the new name for inline classes).</li>
<li>The upcoming rename of the <code>be</code> channel to <code>main</code> is now supported with
forward compatibility that switches when the rename happens.</li>
</ul>
<h2>v1.5.0</h2>
<ul>
<li>Re-wrote the implementation of the action into Dart.</li>
<li>Auto-detect the platform architecture (<code>x64</code>, <code>ia32</code>, <code>arm</code>, <code>arm64</code>).</li>
<li>Improved the caching and download resilience of the sdk.</li>
<li>Added a new action output: <code>dart-version</code> - the installed version of the sdk.</li>
</ul>
<h2>v1.4.0</h2>
<ul>
<li>Automatically create OIDC token for pub.dev.</li>
<li>Add a reusable workflow for publishing.</li>
</ul>
<h2>v1.3.0</h2>
<ul>
<li>The install location of the Dart SDK is now available</li>
</ul>
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a href="https://github.com/dart-lang/setup-dart/commit/f0ead981b4d9a35b37f30d36160575d60931ec30"><code>f0ead98</code></a> Rebuild JS code (<a href="https://redirect.github.com/dart-lang/setup-dart/issues/129">#129</a>)</li>
<li><a href="https://github.com/dart-lang/setup-dart/commit/65c82982aa686933bf10d50aced7a27b2b63f2a6"><code>65c8298</code></a> Update CHANGELOG.md (<a href="https://redirect.github.com/dart-lang/setup-dart/issues/128">#128</a>)</li>
<li><a href="https://github.com/dart-lang/setup-dart/commit/57338d64c065775c2cf86eaf665316ea44e0249d"><code>57338d6</code></a> Bump undici from 5.28.3 to 5.28.4 (<a href="https://redirect.github.com/dart-lang/setup-dart/issues/127">#127</a>)</li>
<li><a href="https://github.com/dart-lang/setup-dart/commit/05d3f5ec28dca4e3ae8991f2be7828a62942f8a8"><code>05d3f5e</code></a> Bump <code>@âactions/http-client</code> from 2.2.0 to 2.2.1 (<a href="https://redirect.github.com/dart-lang/setup-dart/issues/126">#126</a>)</li>
<li><a href="https://github.com/dart-lang/setup-dart/commit/b8c0b77d1f6fb52c5ddff2fc3da6cfa3f9585860"><code>b8c0b77</code></a> no longer specify the inline-class experiment flag (<a href="https://redirect.github.com/dart-lang/setup-dart/issues/125">#125</a>)</li>
<li><a href="https://github.com/dart-lang/setup-dart/commit/b9952d818df9b43bab696de0e1b7bbf09464a829"><code>b9952d8</code></a> Bump undici from 5.27.0 to 5.28.3 (<a href="https://redirect.github.com/dart-lang/setup-dart/issues/124">#124</a>)</li>
<li><a href="https://github.com/dart-lang/setup-dart/commit/9a6ee8904aa6a1fa76b02bb3e7b0ec30cddcaaac"><code>9a6ee89</code></a> Bump dart-lang/setup-dart from 1.6.0 to 1.6.2 (<a href="https://redirect.github.com/dart-lang/setup-dart/issues/123">#123</a>)</li>
<li>See full diff in <a href="https://github.com/dart-lang/setup-dart/compare/fedb1266e91cf51be2fdb382869461a434b920a3...f0ead981b4d9a35b37f30d36160575d60931ec30">compare view</a></li>
</ul>
</details>
<br />

[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=dart-lang/setup-dart&package-manager=github_actions&previous-version=1.6.2&new-version=1.6.4)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

</details>

2 files changed

tree: 4e808e9880b65cd94338295d83295a5299382480

README.md

A portable Markdown library written in Dart. It can parse Markdown into HTML on both the client and server.

Play with it at dart-lang.github.io/markdown.

Usage

import 'package:markdown/markdown.dart';

void main() {
  print(markdownToHtml('Hello *Markdown*'));
  //=> <p>Hello <em>Markdown</em></p>
}

Syntax extensions

A few Markdown extensions, beyond what was specified in the original Perl Markdown implementation, are supported. By default, the ones supported in CommonMark are enabled. Any individual extension can be enabled by specifying an Array of extension syntaxes in the blockSyntaxes or inlineSyntaxes argument of markdownToHtml.

The currently supported inline extension syntaxes are:

InlineHtmlSyntax() - approximately CommonMark's definition of “Raw HTML”.

The currently supported block extension syntaxes are:

const FencedCodeBlockSyntax() - Code blocks familiar to Pandoc and PHP Markdown Extra users.
const HeaderWithIdSyntax() - ATX-style headers have generated IDs, for link anchors (akin to Pandoc's auto_identifiers).
const SetextHeaderWithIdSyntax() - Setext-style headers have generated IDs for link anchors (akin to Pandoc's auto_identifiers).
const TableSyntax() - Table syntax familiar to GitHub, PHP Markdown Extra, and Pandoc users.

For example:

import 'package:markdown/markdown.dart';

void main() {
  print(markdownToHtml('Hello <span class="green">Markdown</span>',
      inlineSyntaxes: [InlineHtmlSyntax()]));
  //=> <p>Hello <span class="green">Markdown</span></p>
}

Extension sets

To make extension management easy, you can also just specify an extension set. Both markdownToHtml() and Document() accept an extensionSet named parameter. Currently, there are four pre-defined extension sets:

ExtensionSet.none includes no extensions. With no extensions, Markdown documents will be parsed with a default set of block and inline syntax parsers that closely match how the document might be parsed by the original Perl Markdown implementation.
ExtensionSet.commonMark includes two extensions in addition to the default parsers to bring the parsed output closer to the CommonMark specification:
- Block Syntax Parser
  - const FencedCodeBlockSyntax()
- Inline Syntax Parser
  - InlineHtmlSyntax()
ExtensionSet.gitHubFlavored includes five extensions in addition to the default parsers to bring the parsed output close to the GitHub Flavored Markdown specification:
- Block Syntax Parser
  - const FencedCodeBlockSyntax()
  - const TableSyntax()
- Inline Syntax Parser
  - InlineHtmlSyntax()
  - StrikethroughSyntax()
  - AutolinkExtensionSyntax()
ExtensionSet.gitHubWeb includes eight extensions. The same set of parsers use in the gitHubFlavored extension set with the addition of the block syntax parsers, HeaderWithIdSyntax and SetextHeaderWithIdSyntax, which add id attributes to headers and inline syntax parser, EmojiSyntax, for parsing GitHub style emoji characters:
- Block Syntax Parser
  - const FencedCodeBlockSyntax()
  - const HeaderWithIdSyntax(), which adds id attributes to ATX-style headers, for easy intra-document linking.
  - const SetextHeaderWithIdSyntax(), which adds id attributes to Setext-style headers, for easy intra-document linking.
  - const TableSyntax()
- Inline Syntax Parser
  - InlineHtmlSyntax()
  - StrikethroughSyntax()
  - EmojiSyntax()
  - AutolinkExtensionSyntax()

Custom syntax extensions

You can create and use your own syntaxes.

import 'package:markdown/markdown.dart';

void main() {
  var syntaxes = [TextSyntax('nyan', sub: '~=[,,_,,]:3')];
  print(markdownToHtml('nyan', inlineSyntaxes: syntaxes));
  //=> <p>~=[,,_,,]:3</p>
}

HTML sanitization

This package offers no features in the way of HTML sanitization. Read Estevão Soares dos Santos's great article, “Markdown's XSS Vulnerability (and how to mitigate it)”, to learn more.

The authors recommend that you perform any necessary sanitization on the resulting HTML, for example via dart:html's NodeValidator.

CommonMark compliance

This package contains a number of files in the tool directory for tracking compliance with CommonMark.

Updating CommonMark stats when changing the implementation

Update the library and test code, making sure that tests still pass.
Run dart run tool/stats.dart --update-files to update the per-test results tool/common_mark_stats.json and the test summary tool/common_mark_stats.txt.
Verify that more tests now pass – or at least, no more tests fail.
Make sure you include the updated stats files in your commit.

Updating the CommonMark test file for a spec update

Check out the CommonMark source. Make sure you checkout a major release.

Dump the test output overwriting the existing tests file.

> cd /path/to/common_mark_dir
> python3 test/spec_tests.py --dump-tests > \
  /path/to/markdown.dart/tool/common_mark_tests.json

Update the stats files as described above. Note any changes in the results.
Update any references to the existing spec by search for https://spec.commonmark.org/0.30/ in the repository. (Including this one.) Verify the updated links are still valid.
Commit changes, including a corresponding note in CHANGELOG.md.