Py-gfm

Latest version: v2.0.0

Safety actively analyzes 693883 Python packages for vulnerabilities to keep your Python projects secure.

Scan your dependencies

Page 1 of 6

2.0.0

Not secure
* Bump Markdown version to ≥3.3 and Python version to ≥3.8.

1.0.2

Not secure
* Remove LICENSE from the package files to prevent issue 23.

1.0.1

Not secure
* Fix compatibility for Markdown 3.3.1 and up.

1.0.0

Not secure
This major revision **is not backward compatible** and introduces **subtle rendering diffs**.

* Replace Markdown < 3.0 support with Markdown >= 3.0 support.
* Drop support for Python 2 since Markdown >= 3.2 [drops it](https://python-markdown.github.io/change_log/release-3.2/) too.
* Remove support for space links (space between `[text]` and `(url)`) that does not seem to be supported in upstream GFM anymore.
* Refactor code syntax highlighting support. Module `hidden_hilite` is removed. This introduces minor HTML structure changes (new `<code>` tags and different `class=`) for both indented and fenced code blocks.
* *Meta*: continuous integration (CI) for testing is now handled by GitHub Actions instead of Travis.

0.29.0

* Update spec to 0.29.
* Make rendering safe by default (239, 273).
Adds `CMARK_OPT_UNSAFE` and make `CMARK_OPT_SAFE` a no-op (for API
compatibility). The new default behavior is to suppress raw HTML and
potentially dangerous links. The `CMARK_OPT_UNSAFE` option has to be set
explicitly to prevent this.
**NOTE:** This change will require modifications in bindings for cmark
and in most libraries and programs that use cmark.
Borrows heavily from kivikakk's patch in github/cmark-gfm123.
* Add sourcepos info for inlines (Yuki Izumi).
* Disallow more than 32 nested balanced parens in a link (Yuki Izumi).
* Resolve link references before creating setext header.
A setext header line after a link reference should not
create a header, according to the spec.
* commonmark renderer: improve escaping.
URL-escape special characters when escape mode is URL, and not otherwise.
Entity-escape control characters (< 0x20) in non-literal escape modes.
* render: only emit actual newline when escape mode is LITERAL.
For markdown content, e.g., in other contexts we want some
kind of escaping, not a literal newline.
* Update code span normalization to conform with spec change.
* Allow empty `<>` link destination in reference link.
* Remove leftover includes of `memory.h` (290).
* A link destination can't start with `<` unless it is
an angle-bracket link that also ends with `>` (289).
(If your URL really starts with `<`, URL-escape it.)
* Allow internal delimiter runs to match if both have lengths that are
multiples of 3. See commonmark/commonmark528.
* Include `references.h` in `parser.h` (287).
* Fix `[link](<foo\>)`.
* Use hand-rolled scanner for thematic break (see 284).
Keep track of the last position where a thematic break
failed to match on a line, to avoid rescanning unnecessarily.
* Rename `ends_with_blank_line` with `S_` prefix.
* Add `CMARK_NODE__LAST_LINE_CHECKED` flag (284).
Use this to avoid unnecessary recursion in `ends_with_blank_line`.
* In `ends_with_blank_line`, call `S_set_last_line_blank`
to avoid unnecessary repetition (284). Once we settle whether a list
item ends in a blank line, we don't need to revisit this in considering
parent list items.
* Disallow unescaped `(` in parenthesized link title.
* Copy line/col info straight from opener/closer (Ashe Connor).
We can't rely on anything in `subj` since it's been modified while parsing
the subject and could represent line info from a future line. This is
simple and works.
* `render.c`: reset `last_breakable` after cr. Fixes jgm/pandoc5033.
* Fix a typo in `houdini_href_e.c` (Felix Yan).
* commonmark writer: use `~~~` fences if info string contains backtick.
This is needed for round-trip tests.
* Update scanners for new info string rules.
* Add XSLT stylesheet to convert cmark XML back to Commonmark
(Nick Wellnhofer, 264). Initial version of an XSLT stylesheet that
converts the XML format produced by `cmark -t xml` back to Commonmark.
* Check for whitespace before reference title (263).
* Bump CMake to version 3 (Jonathan Müller).
* Build: Remove deprecated call to `add_compiler_export_flags()`
(Jonathan Müller). It is deprecated in CMake 3.0, the replacement is to
set the `CXX_VISIBILITY_PRESET` (or in our case `C_VISIBILITY_PRESET`) and
`VISIBILITY_INLINES_HIDDEN` properties of the target. We're already
setting them by setting the CMake variables anyway, so the call can be
removed.
* Build: only attempt to install MSVC system libraries on Windows
(Saleem Abdulrasool). Newer versions of CMake attempt to query the system
for information about the VS 2017 installation. Unfortunately, this query
fails on non-Windows systems when cross-compiling:
`cmake_host_system_information does not recognize <key> VS_15_DIR`.
CMake will not find these system libraries on non-Windows hosts anyways,
and we were silencing the warnings, so simply omit the installation when
cross-compiling to Windows.
* Simplify code normalization, in line with spec change.
* Implement code span spec changes. These affect both parsing and writing
commonmark.
* Add link parsing corner cases to regressions (Ashe Connor).
* Add `xml:space="preserve"` in XML output when appropriate
(Nguyễn Thái Ngọc Duy).
(For text, code, code_block, html_inline and html_block tags.)
* Removed meta from list of block tags. Added regression test.
See commonmark/CommonMark527.
* `entity_tests.py` - omit noisy success output.
* `pathological_tests.py`: make tests run faster.
Commented out the (already ignored) "many references" test, which
times out. Reduced the iterations for a couple other tests.
* `pathological_tests.py`: added test for deeply nested lists.
* Optimize `S_find_first_nonspace`. We were needlessly redoing things we'd
already done. Now we skip the work if the first nonspace is greater than
the current offset. This fixes pathological slowdown with deeply nested
lists (255). For N = 3000, the time goes from over 17s to about 0.7s.
Thanks to Martin Mitas for diagnosing the problem.
* Allow spaces in link destination delimited with pointy brackets.
* Adjust max length of decimal/numeric entities.
See commonmark/CommonMark487.
* Fix inline raw HTML parsing.
This fixes a recently added failing spec test case. Previously spaces
were being allowed in unquoted attribute values; no we forbid them.
* Don't allow list markers to be indented >= 4 spaces.
See commonmark/CommonMark497.
* Check for empty buffer when rendering (Phil Turnbull).
For empty documents, `->size` is zero so
`renderer.buffer->ptr[renderer.buffer->size - 1]` will cause an
out-of-bounds read. Empty buffers always point to the global
`cmark_strbuf__initbuf` buffer so we read `cmark_strbuf__initbuf[-1]`.
* Also run API tests with `CMARK_SHARED=OFF` (Nick Wellnhofer).
* Rename roundtrip and entity tests (Nick Wellnhofer).
Rename the tests to reflect that they use the library, not the
executable.
* Generate export header for static-only build (247, Nick Wellnhofer).
* Fuzz width parameter too (Phil Turnbull). Allow the `width` parameter to
be generated too so we get better fuzz-coverage.
* Don't discard empty fuzz test-cases (Phil Turnbull). We currently discard
fuzz test-cases that are empty but empty inputs are valid markdown. This
improves the fuzzing coverage slightly.
* Fixed exit code for pathological tests.
* Add allowed failures to `pathological_tests.py`.
This allows us to include tests that we don't yet know how to pass.
* Add timeout to `pathological_tests.py`.
Tests must complete in 8 seconds or are errors.
* Add more pathological tests (Martin Mitas).
These tests target the issues 214, 218, 220.
* Use pledge(2) on OpenBSD (Ashe Connor).
* Update the Racket wrapper (Eli Barzilay).
* Makefile: For afl target, don't build tests.

[0.28.3.gfm.20]

* Add tasklist extension implementation (Watson1978, 94).

[0.28.3.gfm.19]

* Prevent out-of-bound memory access in strikethrough matcher (Xavier Décoret, 124).
* Limit recursion in autolink extension (Xavier Décoret, 125).
* Add plaintext rendering for footnotes (Xavier Décoret, 126).

[0.28.3.gfm.18]

* Match strikethrough more strictly (120).
* Default to safe operation (123).

[0.28.3.gfm.17]

* Allow extension to provide opaque allocation function (Nicolás Ojeda
Bär, 89).
* Upstream optimisations and fixes.
* Extensions can add custom XML attributes (116).
* Support for GFM extensions in cmark XML to CommonMark XSLT converter
(Maëlle Salmon, 117).

[0.28.3.gfm.16]

* Do not percent-encode tildes (~) in HTML attribute values (110).
* Fix footnote references in tables (112).

[0.28.3.gfm.15]

* Escape non-strikethrough tildes (~) in commonmark output (John MacFarlane, 106).
* Cosmetic fix to table HTML output (John MacFarlane, 105).
* Use two tildes for strikethrough CommonMark output (John MacFarlane, 104).
* Normalised header and define names (109).

[0.28.3.gfm.14]

* Added a plaintext renderer for strikethrough nodes.

[0.28.3.gfm.13]

* Footnote rendering bugfix (Michael Camilleri, 90).
* Debian packaging (Joachim Nilsson, 97).
* Add CMARK_OPT_STRIKETHROUGH_DOUBLE_TILDE for redcarpet compatibility.
* Add CMARK_OPT_TABLE_PREFER_STYLE_ATTRIBUTES (FUJI Goro, 86, 87).
* Fix pathological nested list parsing (Phil Turnbull, 95).
* Expose more of the extension APIs (Minghao Liu, 96).
* Add python example which uses extensions (Greg Stein, 102).
* Add CMARK_OPT_FULL_INFO_STRING (Mike Kavouras, 103).

[0.28.3.gfm.12]

* Various security and bug fixes.

0.28.3

* Include GNUInstallDirs in src/CMakeLists.txt (Nick Wellnhofer, 240).
This fixes build problems on some cmake versions (241).

Page 1 of 6

© 2025 Safety CLI Cybersecurity Inc. All Rights Reserved.