Bump comrak from 0.44.0 to 0.46.0

[dependabot]

Bumps comrak from 0.44.0 to 0.46.0.

Release notes

Sourced from comrak's releases.

v0.46.0

Please note the MSRV has been bumped from 1.65 to 1.70; see the pull request for more details. It's a kind of sticky and awkward situation — thanks to the inevitability of Progress — with no particularly clean solution. (wherein telling GCC 15 users "sorry it just won't build from source for you without messing with dependencies" is not a solution.)

Security:

• Footnote resolution no longer recurses over the document tree; on documents with deeply nested elements, this could cause a stack overflow, with resultant denial of service. (by @​kivikakk in kivikakk/comrak#659)
• Inline footnotes are restricted to a depth of 5 for similar reasons. An iterative rewrite here to avoid a limit is possible, but for now I'm hoping we can all pretend to be responsible adult human beings and limit our recursive inline footnote usage accordingly. (PRs welcome tho, non-human users are very welcome!) (by @​kivikakk in kivikakk/comrak#659)

Parser changes:

• U+2069 POP DIRECTIONAL ISOLATE will be treated as terminating an autolink, rather than included as part of the link, making autolinks much easier to use correctly in RTL text. (by @​SethFalco in kivikakk/comrak#654)
• HTML start condition 4 is correctly detected when non-capital letters follow "<!". (by @​kivikakk in kivikakk/comrak#658)

New APIs:

• Discord-style subtext support is added as the subtext extension. (by @​Kuuuube in kivikakk/comrak#648, kivikakk/comrak#650)

Bug fixes:

• Source position information is corrected for description lists, HTML blocks, multiline block quotes, links with newlines following the destination, tables with leading indentation, and escaped character spans. (by @​Martin005 in kivikakk/comrak#646, kivikakk/comrak#651, kivikakk/comrak#652, kivikakk/comrak#653, kivikakk/comrak#656, kivikakk/comrak#657)
• escaped_char_span users can now successfully format to CommonMark with debug assertions enabled. These ASTs previously did not validate, which currently is enabled experimentally only in CommonMark output in debug. (by @​kivikakk in kivikakk/comrak#659)

Build changes:

• Comrak's MSRV is bumped from 1.65 to 1.70. (by @​kivikakk in kivikakk/comrak#649)

New Contributors

• @​Martin005 made their first contribution in kivikakk/comrak#646
• @​Kuuuube made their first contribution in kivikakk/comrak#648
• @​SethFalco made their first contribution in kivikakk/comrak#654

Diff: kivikakk/comrak@v0.45.0...v0.46.0

v0.45.0

Welcome to v0.45.0! This is a big update, much of them part of from rc.1 from last week. More context on the size of the update in the changelog there.

The biggest library user-facing changes are ergonomic: Node<'a> instead of &'a AstNode<'a>, is nice, and so likewise node.data() instead of node.data.borrow(). They're small, but I appreciate them a lot in my own work.

You'll also notice more bovine creatures in the Comrak pasture: there's a few Cow<str> instead of String, such as in NodeValue::Text. At most an extra .into() will be required; take note if you use any 'static str, as they'll no longer need to be heap-allocated. Some Boxes have been added, too, to reduce the size of every NodeValue. Let the types guide you.

Other than this, the options have been put in their own module (comrak::options), and a lot of things generally cleaned up. Read below for all the deets! Here's the final performance comparison to v0.44.0 on aarch64:

Benchmark 1: ./bench.sh ./comrak-0.44.0
  Time (mean ± σ):      88.1 ms ±   1.9 ms    [User: 71.2 ms, System: 17.8 ms]
  Range (min … max):    86.2 ms …  93.2 ms    31 runs
Benchmark 2: ./bench.sh ./comrak-0.45.0
Time (mean ± σ):      67.0 ms ±   1.2 ms    [User: 51.2 ms, System: 17.0 ms]
</tr></table>

... (truncated)

Changelog

Sourced from comrak's changelog.

[v0.46.0] - 2025-10-28

Please note the MSRV has been bumped from 1.65 to 1.70; see the pull request for more details. It's a kind of sticky and awkward situation — thanks to the inevitability of Progress — with no particularly clean solution. (wherein telling GCC 15 users "sorry it just won't build from source for you without messing with dependencies" is not a solution.)

Security:

• Footnote resolution no longer recurses over the document tree; on documents with deeply nested elements, this could cause a stack overflow, with resultant denial of service. (by @​kivikakk in kivikakk/comrak#659)
• Inline footnotes are restricted to a depth of 5 for similar reasons. An iterative rewrite here to avoid a limit is possible, but for now I'm hoping we can all pretend to be responsible adult human beings and limit our recursive inline footnote usage accordingly. (PRs welcome tho, non-human users are very welcome!) (by @​kivikakk in kivikakk/comrak#659)

Parser changes:

• U+2069 POP DIRECTIONAL ISOLATE will be treated as terminating an autolink, rather than included as part of the link, making autolinks much easier to use correctly in RTL text. (by @​SethFalco in kivikakk/comrak#654)
• HTML start condition 4 is correctly detected when non-capital letters follow "<!". (by @​kivikakk in kivikakk/comrak#658)

New APIs:

• Discord-style subtext support is added as the subtext extension. (by @​Kuuuube in kivikakk/comrak#648, kivikakk/comrak#650)

Bug fixes:

• Source position information is corrected for description lists, HTML blocks, multiline block quotes, links with newlines following the destination, tables with leading indentation, and escaped character spans. (by @​Martin005 in kivikakk/comrak#646, kivikakk/comrak#651, kivikakk/comrak#652, kivikakk/comrak#653, kivikakk/comrak#656, kivikakk/comrak#657)
• escaped_char_span users can now successfully format to CommonMark with debug assertions enabled. These ASTs previously did not validate, which currently is enabled experimentally only in CommonMark output in debug. (by @​kivikakk in kivikakk/comrak#659)

Build changes:

• Comrak's MSRV is bumped from 1.65 to 1.70. (by @​kivikakk in kivikakk/comrak#649)

New Contributors

• @​Martin005 made their first contribution in kivikakk/comrak#646
• @​Kuuuube made their first contribution in kivikakk/comrak#648
• @​SethFalco made their first contribution in kivikakk/comrak#654

Diff: kivikakk/comrak@v0.45.0...v0.46.0

[v0.45.0] - 2025-10-23

Welcome to v0.45.0! This is a big update, much of them part of from rc.1 from last week. More context on the size of the update in the changelog there.

The biggest library user-facing changes are ergonomic: Node<'a> instead of &'a AstNode<'a>, is nice, and so likewise node.data() instead of node.data.borrow(). They're small, but I appreciate them a lot in my own work.

You'll also notice more bovine creatures in the Comrak pasture: there's a few Cow<str> instead of String, such as in NodeValue::Text. At most an extra .into() will be required; take note if you use any 'static str, as they'll no longer need to be heap-allocated. Some Boxes have been added, too, to reduce the size of every NodeValue. Let the types guide you.

Other than this, the options have been put in their own module (comrak::options), and a lot of things generally cleaned up. Read below for all the deets! Here's the final performance comparison to v0.44.0 on aarch64:

Benchmark 1: ./bench.sh ./comrak-0.44.0
  Time (mean ± σ):      88.1 ms ±   1.9 ms    [User: 71.2 ms, System: 17.8 ms]
  Range (min … max):    86.2 ms …  93.2 ms    31 runs
</tr></table> 

... (truncated)

Commits

• 7b1dcd7 Merge pull request #660 from kivikakk/release/v0.46.0
• ebb934d CHANGELOG: finish 0.46.0.
• c408c21 CHANGELOG.md: add generated portion.
• 24b9b06 Cargo.toml: v0.46.0.
• bf5b1f4 Merge pull request #659 from kivikakk/push-svmnlupttupv
• c034931 CHANGELOG.
• 945a7af restrict inline footnote recursion depth.
• 63ee728 add pretty_assertions.
• 2ac4fc0 new kind of pathology just dropped.
• f570a0d remove unnecessary refcells.
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[gjtorikian]

Weirdly, something about OpenSSL is breaking in Ruby 3.4 (but not ruby-head...?).

Either way, I am not cutting a new release for this, because ignore_setext has moved from render to parse, and that's a breaking change. I have other ideas to change the API of this Ruby gem, but I can roll all of these into the next major release. Hopefully by then the OpenSSL issue will be solved! 🙏