-
Notifications
You must be signed in to change notification settings - Fork 82
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
m2r haven't been updated in years #123
Comments
This comment has been minimized.
This comment has been minimized.
Using |
In miyakogi/m2r#60 (comment) |
m2r is unmaintained [0]. It relies on mistune, but is not compatible with mistune versions >= 2.0 [1]. This makes it impossible to update mistune, even though there is a CVE in the package [2]. Switch to sphinx-mdinclude instead. There is also m2r2, but it is not a suitable alternative because they simply force the use of an older mistune version. [0] sphinx-contrib#123 [1] miyakogi/m2r#66 [2] GHSA-fw3v-x4f2-v673 [3] CrossNox/m2r2#43
m2r is unmaintained [0]. It relies on mistune, but is not compatible with mistune versions >= 2.0 [1]. This makes it impossible to update mistune, even though there is a CVE in the old versions of the package [2]. Switch to sphinx-mdinclude instead. There is also m2r2, but it is not a suitable alternative because they simply force the use of an older mistune version [3]. [0] sphinx-contrib#123 [1] miyakogi/m2r#66 [2] GHSA-fw3v-x4f2-v673 [3] CrossNox/m2r2#43
Sphinxcontrib-openapi relies on m2r. But m2r is unmaintained [0]. It relies on mistune, but is not compatible with mistune versions >= 2.0 [1]. This makes it impossible to update mistune, even though there is a CVE in the old versions of the package [2]. Switch to sphinx-mdinclude instead. There is also m2r2, but it is not a suitable alternative because they simply force the use of an older mistune version [3]. [0] sphinx-contrib/openapi#123 [1] miyakogi/m2r#66 [2] GHSA-fw3v-x4f2-v673 [3] CrossNox/m2r2#43 Signed-off-by: Quentin Monnet <[email protected]>
Sphinxcontrib-openapi relies on m2r. But m2r is unmaintained [0]. It relies on mistune, but is not compatible with mistune versions >= 2.0 [1]. This makes it impossible to update mistune, even though there is a CVE in the old versions of the package [2]. Switch to sphinx-mdinclude instead. There is also m2r2, but it is not a suitable alternative because they simply force the use of an older mistune version [3]. [0] sphinx-contrib/openapi#123 [1] miyakogi/m2r#66 [2] GHSA-fw3v-x4f2-v673 [3] CrossNox/m2r2#43 Signed-off-by: Quentin Monnet <[email protected]>
[ upstream commit 4f893e8 ] Sphinxcontrib-openapi relies on m2r. But m2r is unmaintained [0]. It relies on mistune, but is not compatible with mistune versions >= 2.0 [1]. This makes it impossible to update mistune, even though there is a CVE in the old versions of the package [2]. Switch to sphinx-mdinclude instead. There is also m2r2, but it is not a suitable alternative because they simply force the use of an older mistune version [3]. [0] sphinx-contrib/openapi#123 [1] miyakogi/m2r#66 [2] GHSA-fw3v-x4f2-v673 [3] CrossNox/m2r2#43 Signed-off-by: Quentin Monnet <[email protected]> Signed-off-by: Tobias Klauser <[email protected]>
[ upstream commit 4f893e8 ] Sphinxcontrib-openapi relies on m2r. But m2r is unmaintained [0]. It relies on mistune, but is not compatible with mistune versions >= 2.0 [1]. This makes it impossible to update mistune, even though there is a CVE in the old versions of the package [2]. Switch to sphinx-mdinclude instead. There is also m2r2, but it is not a suitable alternative because they simply force the use of an older mistune version [3]. [0] sphinx-contrib/openapi#123 [1] miyakogi/m2r#66 [2] GHSA-fw3v-x4f2-v673 [3] CrossNox/m2r2#43 Signed-off-by: Quentin Monnet <[email protected]> Signed-off-by: Tobias Klauser <[email protected]>
@qmonnet just saw that you fixed the issue in a branch of your fork. Any chance you would be willing to maintain that fork any further? would be highly appreciated to have a solution publicly available that does not rely on pinning the mistune version |
Sorry, I don't have the expertise of the time for that (the changes I contributed are pretty minor). But I was planning to submit the changes as a PR to the current repository. It was pending some other fix which was addressed last week, now I just need to find a moment to get to it and create the PR. |
m2r is unmaintained [0]. It relies on mistune, but is not compatible with mistune versions >= 2.0 [1]. This makes it impossible to update mistune, even though there is a CVE in the old versions of the package [2]. Switch to sphinx-mdinclude instead. There is also m2r2, but it is not a suitable alternative because they simply force the use of an older mistune version [3]. [0] sphinx-contrib#123 [1] miyakogi/m2r#66 [2] GHSA-fw3v-x4f2-v673 [3] CrossNox/m2r2#43 Fixes: sphinx-contrib#123
m2r is unmaintained [0]. It relies on mistune, but is not compatible with mistune versions >= 2.0 [1]. This makes it impossible to update mistune, even though there is a CVE in the old versions of the package [2]. Switch to sphinx-mdinclude instead. There is also m2r2, but it is not a suitable alternative because they simply force the use of an older mistune version [3]. [0] sphinx-contrib#123 [1] miyakogi/m2r#66 [2] GHSA-fw3v-x4f2-v673 [3] CrossNox/m2r2#43 Fixes: sphinx-contrib#123
sad to hear, but understandable. Let's see if something happens to your PR as this repo seems to be untouched for two years... |
m2r is unmaintained [0]. It relies on mistune, but is not compatible with mistune versions >= 2.0 [1]. This makes it impossible to update mistune, even though there is a CVE in the old versions of the package [2]. Switch to sphinx-mdinclude instead. There is also m2r2, but it is not a suitable alternative because they simply force the use of an older mistune version [3]. [0] sphinx-contrib#123 [1] miyakogi/m2r#66 [2] GHSA-fw3v-x4f2-v673 [3] CrossNox/m2r2#43 Fixes: sphinx-contrib#123
@jeriox Just for your information, the PR has been merged, and a new tag was created a few days ago, in case this issue is still relevant to you. |
@qmonnet already got the notification that this issue has been closed, was happy to see it. Thanks for the PR and the ping! |
With the recent major release Mistune (2.0), leading to breakage (see miyakogi/m2r#66), I suggest to switch to m2r2: https://github.com/CrossNox/m2r2
The text was updated successfully, but these errors were encountered: