Bump comrak from 0.9.0 to 0.12.1

[dependabot]

Bumps comrak from 0.9.0 to 0.12.1.

Release notes

Sourced from comrak's releases.

0.12.0

Changes since last release (kivikakk/comrak@0.11.0...0.12.0)

• Add pluggable syntax highlighting, and default implementation with syntect. (Daniel Simon, #194)

On crates.io: https://crates.io/crates/comrak/0.12.0

0.11.0

Changes since last release (kivikakk/comrak@0.10.1...0.11.0)

• Allow short URLs even with non-empty path. (#191, Bernard Teo)
• Expose NodeCode struct in AST. (#192, Vojtech Kral)

On crates.io: https://crates.io/crates/comrak/0.11.0

0.10.1

Changes since last release (kivikakk/comrak@0.10.0...0.10.1)

• SECURITY: it was possible to smuggle unsafe URLs --- like javascript: ones --- even without using the "unsafe" mode of operation. Thanks to Sam Sanoop (snoopysecurity) for reporting.
• Recognise tables without a preceding newline. (#183)

On crates.io: https://crates.io/crates/comrak/0.10.1

0.10.1-rc.1

Interim crate release for rust-lang/crates.io#3501. See #182, #183.

0.10.0

Changes since last release (kivikakk/comrak@0.9.1...0.10.0)

• 0.9.1 was a semver-breaking change.
• Add -o/--output CLI option. (#177)

0.9.1

Changes since last release (kivikakk/comrak@0.9.0...0.9.1)

• SECURITY: we were matching unsafe URL prefixes, such as data: or javascript:, in a case-sensitive manner. This meant prefixes like Data: were untouched. Please upgrade as soon as possible. (Kouhei Morita)
• Add support for ignoring front matter. (#170, Eitan Mosenkis.)

Two new binaries are added to each release: aarch64-apple-darwin and x86_64-unknown-freebsd.

Changelog

Sourced from comrak's changelog.

0.12.1

• Only load syntax and theme sets once, on Syntect plugin instantiation. (#197)
• Match syntax highlighting language names more loosely. (#198)

0.12.0

• Add pluggable syntax highlighting, and default implementation with syntect. (Daniel Simon, #194)

0.11.0

• Allow short URLs even with non-empty path. (#191, Bernard Teo)
• Expose NodeCode struct in AST. (#192, Vojtech Kral)

0.10.1

• SECURITY: it was possible to smuggle unsafe URLs --- like javascript: ones --- even without using the "unsafe" mode of operation. Thanks to Sam Sanoop (snoopysecurity) for reporting.
• Recognise tables without a preceding newline. (#183)

0.10.0

• 0.9.1 was a semver-breaking change.
• Add -o/--output CLI option. (#177)

0.9.1

• SECURITY: we were matching unsafe URL prefixes, such as data: or javascript:, in a case-sensitive manner. This meant prefixes like Data: were untouched. Please upgrade as soon as possible. (Kouhei Morita)
• Add support for ignoring front matter. (#170, Eitan Mosenkis.)

Commits

• 407c943 0.12.1
• 49d1ad9 Merge pull request #198 from kivikakk/syntect-find-by-token
• 8517ddf syntect: find by token
• e01f0a8 Merge pull request #197 from kivikakk/load-syntax-set-once-per-plugin
• 48ca9fe cargo fmt
• 0d2a29a syntect: load ThemeSet once too
• f7b207e syntect: load SyntaxSet once per plugin instantiation
• 9b6c260 readme: pulldown-cmark has had spec compliance for a while
• 1aed380 release-raven: getting the gnu toolchain working too hard
• 87a05f7 RELEASE_CHECKLIST: document which shell to use on Windows
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[dependabot]

Superseded by #15.