Skip to content

chore(deps): bump comrak from 0.39.0 to 0.44.0 in /backend#165

Closed
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/cargo/backend/comrak-0.44.0
Closed

chore(deps): bump comrak from 0.39.0 to 0.44.0 in /backend#165
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/cargo/backend/comrak-0.44.0

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot bot commented on behalf of github Oct 20, 2025

Bumps comrak from 0.39.0 to 0.44.0.

Release notes

Sourced from comrak's releases.

v0.44.0

Parser changes:

  • Autolink validation is now stricter in the default mode, to maintain conformance with the GitHub Flavored Markdown autolinks extension spec. Those parses which previously worked but no longer do --- such as http://localhost (!), www.com (!?), or https:// (!?!) --- are now part of the relaxed_autolinks option. See more discussion in the PR. (by @​chamlis in kivikakk/comrak#618)

New APIs:

  • You can write footnotes with their body inline by enabling the inline_footnotes extension and using the syntax ^[footnote content] (by @​sheremetyev in kivikakk/comrak#619)

New Contributors

Diff: kivikakk/comrak@v0.43.0...v0.44.0

v0.43.0

Parser changes:

  • superscript or subscript extensions only: punctuation following a superscript or subscript delimiter no longer disqualifies the delimiter from being considered left-flanking, such that e^-i^ and n~-i~ now parse as superscript or subscript respectively (by @​kivikakk in kivikakk/comrak#593)

Changed APIs:

  • html::format_document, xml::format_document, cm::format_document and friends now take an std::fmt::Write as their output argument, instead of an std::io::Write, to avoid revalidating UTF-8 (by @​kivikakk in kivikakk/comrak#601)
  • bin: allow --header-ids '' for prefix-less headers (by @​kivikakk in kivikakk/comrak#610)

New APIs:

Documentation updates:

Diff: kivikakk/comrak@v0.42.0...v0.43.0

v0.42.0

New APIs:

  • cm::escape_inline (aliased at crate level as escape_commonmark_inline) is added; escapes input text suitable for inclusion in a CommonMark document where regular inline processing takes place. (by @​kivikakk in kivikakk/comrak#602)
  • cm::escape_link_destination (aliased at crate level as escape_commonmark_link_destination) is added; escapes input URL suitable for use as a link destination in a CommonMark document. (by @​kivikakk in kivikakk/comrak#605)

Changed APIs:

  • html::collect_text now returns a String. html::collect_text_append is added if you still want to start with your own (String) buffer. (by @​kivikakk in kivikakk/comrak#600)
    • There was no particular reason for this populating a Vec<u8> instead of a String; it was just old.
  • Anchorizer::anchorizer now takes &str instead of a String. (by @​kivikakk in kivikakk/comrak#603)
    • As above.

... (truncated)

Changelog

Sourced from comrak's changelog.

[v0.44.0] - 2025-10-14

Parser changes:

  • Autolink validation is now stricter in the default mode, to maintain conformance with the GitHub Flavored Markdown autolinks extension spec. Those parses which previously worked but no longer do --- such as http://localhost (!), www.com (!?), or https:// (!?!) --- are now part of the relaxed_autolinks option. See more discussion in the PR. (by @​chamlis in kivikakk/comrak#618)

New APIs:

  • You can write footnotes with their body inline by enabling the inline_footnotes extension and using the syntax ^[footnote content] (by @​sheremetyev in kivikakk/comrak#619)

New Contributors

Diff: kivikakk/comrak@v0.43.0...v0.44.0

[v0.43.0] - 2025-09-29

Parser changes:

  • superscript or subscript extensions only: punctuation following a superscript or subscript delimiter no longer disqualifies the delimiter from being considered left-flanking, such that e^-i^ and n~-i~ now parse as superscript or subscript respectively (by @​kivikakk in kivikakk/comrak#593)

Changed APIs:

  • html::format_document, xml::format_document, cm::format_document and friends now take an std::fmt::Write as their output argument, instead of an std::io::Write, to avoid revalidating UTF-8 (by @​kivikakk in kivikakk/comrak#601)
  • bin: allow --header-ids '' for prefix-less headers (by @​kivikakk in kivikakk/comrak#610)

New APIs:

Documentation updates:

Diff: kivikakk/comrak@v0.42.0...v0.43.0

[v0.42.0] - 2025-09-24

New APIs:

  • cm::escape_inline (aliased at crate level as escape_commonmark_inline) is added; escapes input text suitable for inclusion in a CommonMark document where regular inline processing takes place. (by @​kivikakk in kivikakk/comrak#602)
  • cm::escape_link_destination (aliased at crate level as

... (truncated)

Commits
  • 98cc53c Merge pull request #620 from kivikakk/release/v0.44.0
  • 97120bb README.md: add inline footnotes.
  • 5aaa77c CHANGELOG.md: finish 0.44.0.
  • 6ae0593 CHANGELOG.md: add generated portion.
  • db11c54 Cargo.toml: v0.44.0.
  • 4ef75c9 Merge pull request #618 from chamlis/stricter-autolinks
  • 0453ccd autolink: skip checking "://", known to be good.
  • b20703c cibuild: use relaxed-autolinks.
  • 4231bbf don't rely on relaxed in baseline autolink sourcepos test.
  • 4a5472b Be stricter about non-relaxed autolinks
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot
chore(deps): bump comrak from 0.39.0 to 0.44.0 in /backend
ba34778 
Bumps [comrak](https://github.com/kivikakk/comrak) from 0.39.0 to 0.44.0.
- [Release notes](https://github.com/kivikakk/comrak/releases)
- [Changelog](https://github.com/kivikakk/comrak/blob/main/CHANGELOG.md)
- [Commits](kivikakk/comrak@v0.39.0...v0.44.0)

---
updated-dependencies:
- dependency-name: comrak
  dependency-version: 0.44.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file rust Pull requests that update rust code labels Oct 20, 2025
@dependabot dependabot bot mentioned this pull request Oct 20, 2025
Closed
greptile-apps[bot]
greptile-apps bot reviewed Oct 20, 2025
View reviewed changes
Copy link
Copy Markdown
Contributor

@greptile-apps greptile-apps bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Greptile Overview

Greptile Summary

This PR bumps the comrak Markdown parser from 0.39.0 to0.44.0 in the Rust backend. The upgrade spans five minor versions and includes a breaking API change where format_document functions now accept std::fmt::Write instead of std::io::Write. Since Atuin Desktop doesn't directly call these formatting APIs and uses comrak primarily for markdown parsing in the runbook system, the impact should be minimal. The upgrade also tightens autolink validation to conform with GitHub Flavored Markdown spec and adds inline footnote support.

Important Files Changed

Changed Files
Filename Score Overview
backend/Cargo.toml 3/5 Bumps comrak dependency from 0.39.0 to 0.44.0 with breaking API changes in format functions

Confidence Score: 3/5

The main risk is the breaking API change in v0.43.0 where format_document signatures changed from std::io::Write to std::fmt::Write. A codebase search would confirm whether Atuin directly calls html::format_document, xml::format_document, or cm::format_document. If these aren't used, the upgrade is safe. The stricter autolink validation could also affect runbook rendering if users have markdown with patterns like http://localhost or www.com without TLDs, though these would now require the relaxed_autolinks option to parse.

1 file reviewed, no comments

Edit Code Review Agent Settings | Greptile

@dependabot @github
Copy link
Copy Markdown
Contributor Author

dependabot bot commented on behalf of github Oct 27, 2025

Superseded by #184.

@dependabot dependabot bot closed this Oct 27, 2025
@dependabot dependabot bot deleted the dependabot/cargo/backend/comrak-0.44.0 branch October 27, 2025 11:44
@github-actions github-actions bot locked and limited conversation to collaborators Oct 27, 2025
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Reviewers

@greptile-apps greptile-apps[bot] greptile-apps[bot] left review comments

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file rust Pull requests that update rust code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants