0.17.0

What's Changed

This contains some breaking changes from an API point of view, but output is largely unchanged. Spec compliance is improved, and benchmark runtime is over 20% faster.

• SECURITY: GHSA-8hqf-xjwp-p67v / Quadratic runtime when parsing Markdown (GHSL-2023-047)
  • A variety of quadratic runtime issues that could lead to DoS were reported and addressed.
  • We replaced pest with an re2c-based scanner.
• SECURITY: GHSA-xxmq-4vph-956w / Excessive output when parsing Markdown (GHSL-2023-048)
  • Reference output is limited to 100Kb.
• SECURITY: GHSA-5r3x-p7xx-x6q5 / Attacker controlled data in AST nodes is not validated (GHSL-2023-049)
  • AST nodes no longer store raw Vec<u8>s, and instead store Strings.
• Various API points were cleaned up.
• Comrak now targets Rust 2018.
• Add footnote attributes that mirror cmark-gfm by @digitalmoksha in #273
• Add support for full_info_string render option by @digitalmoksha in #276
• chore: improve debug performance by @conradludgate in #283

Many thanks to @philipturnbull and @darakian of the GitHub Security Lab for bringing these issues to my attention and detailing the reproduction steps for each case.

New Contributors

• @digitalmoksha made their first contribution in #273
• @conradludgate made their first contribution in #283

Full Changelog: 0.16.0...0.17.0