md2cf Update Mistune and add escape parameter

I noticed mistune was pinned to version 0.8.4, I updated it to v 3.0.1 (which covers https://github.com/iamjackg/md2cf/pull/81 and https://github.com/iamjackg/md2cf/issues/82 ((sorry))), all tests passing too.

While at it, I added the escape parameter mentioned on https://github.com/iamjackg/md2cf/issues/34, which enables the rendering of quotes and other symbols instead of html escaped symbols. I added that to the library but not to the CLI, the default is to not escape HTML stuff.

My main goal is to be able to get unescaped HTML, mainly for linking other confluence pages and maybe adding macros as mentioned on https://github.com/iamjackg/md2cf/issues/34, But I though the new Mistune could handle it, let's see if that works.

Sep 15 '23 18:09 heyeddi

Hey @Bass-03 Thanks a lot for this.

@iamjackg Any way we can get this merged upstream and released?

In Mistune through 2.0.2, there is a Regular Expression Denial of Service (ReDoS) flaw. From CVE-2022-34749:

In mistune through 2.0.2, support of inline markup is implemented by using regular expressions that can involve a high amount of backtracking on certain edge cases. This behavior is commonly named catastrophic backtracking.

Oct 16 '23 17:10 schneiderl

Thank you both for looking into this.

And thank you @iamjackg for the tool, it is very helpful 😄

Oct 23 '23 12:10 schneiderl

Hey @iamjackg @Bass-03

Any updates on this? I'm happy to hop in and make any changes if necessary.

Nov 06 '23 13:11 schneiderl

hey @schneiderl I think I did all changes needed, we are waiting for review

Nov 23 '23 15:11 heyeddi