Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

m2r haven't been updated in years #123

Closed
cblegare opened this issue Dec 13, 2021 · 8 comments · Fixed by #127
Closed

m2r haven't been updated in years #123

cblegare opened this issue Dec 13, 2021 · 8 comments · Fixed by #127

Comments

@cblegare
Copy link

With the recent major release Mistune (2.0), leading to breakage (see miyakogi/m2r#66), I suggest to switch to m2r2: https://github.com/CrossNox/m2r2

@astrojuanlu

This comment has been minimized.

@icemac
Copy link
Contributor

icemac commented Apr 19, 2022

Using m2r2 currently does not help either: It also pins mistune to version 0.8.4 in its setup.py, see https://github.com/CrossNox/m2r2/blob/development/setup.py#L24 (at least at the time when I wrote this comment.)

@icemac
Copy link
Contributor

icemac commented Apr 20, 2022

In miyakogi/m2r#60 (comment) sphinx-mdinclude is suggested as an m2r fork which could solve the problem. It uses mistune >= 2, see https://github.com/jreese/sphinx-mdinclude/blob/main/pyproject.toml#L18.

qmonnet added a commit to qmonnet/openapi that referenced this issue Aug 11, 2022
m2r is unmaintained [0]. It relies on mistune, but is not compatible with
mistune versions >= 2.0 [1]. This makes it impossible to update mistune,
even though there is a CVE in the package [2].

Switch to sphinx-mdinclude instead.

There is also m2r2, but it is not a suitable alternative because they
simply force the use of an older mistune version.

[0] sphinx-contrib#123
[1] miyakogi/m2r#66
[2] GHSA-fw3v-x4f2-v673
[3] CrossNox/m2r2#43
qmonnet added a commit to cilium/openapi that referenced this issue Aug 11, 2022
m2r is unmaintained [0]. It relies on mistune, but is not compatible with
mistune versions >= 2.0 [1]. This makes it impossible to update mistune,
even though there is a CVE in the old versions of the package [2].

Switch to sphinx-mdinclude instead.

There is also m2r2, but it is not a suitable alternative because they
simply force the use of an older mistune version [3].

[0] sphinx-contrib#123
[1] miyakogi/m2r#66
[2] GHSA-fw3v-x4f2-v673
[3] CrossNox/m2r2#43
qmonnet added a commit to qmonnet/cilium that referenced this issue Aug 11, 2022
Sphinxcontrib-openapi relies on m2r. But m2r is unmaintained [0]. It
relies on mistune, but is not compatible with mistune versions >= 2.0
[1]. This makes it impossible to update mistune, even though there is a
CVE in the old versions of the package [2].

Switch to sphinx-mdinclude instead.

There is also m2r2, but it is not a suitable alternative because they
simply force the use of an older mistune version [3].

[0] sphinx-contrib/openapi#123
[1] miyakogi/m2r#66
[2] GHSA-fw3v-x4f2-v673
[3] CrossNox/m2r2#43

Signed-off-by: Quentin Monnet <[email protected]>
tklauser pushed a commit to cilium/cilium that referenced this issue Aug 17, 2022
Sphinxcontrib-openapi relies on m2r. But m2r is unmaintained [0]. It
relies on mistune, but is not compatible with mistune versions >= 2.0
[1]. This makes it impossible to update mistune, even though there is a
CVE in the old versions of the package [2].

Switch to sphinx-mdinclude instead.

There is also m2r2, but it is not a suitable alternative because they
simply force the use of an older mistune version [3].

[0] sphinx-contrib/openapi#123
[1] miyakogi/m2r#66
[2] GHSA-fw3v-x4f2-v673
[3] CrossNox/m2r2#43

Signed-off-by: Quentin Monnet <[email protected]>
tklauser pushed a commit to tklauser/cilium that referenced this issue Aug 17, 2022
[ upstream commit 4f893e8 ]

Sphinxcontrib-openapi relies on m2r. But m2r is unmaintained [0]. It
relies on mistune, but is not compatible with mistune versions >= 2.0
[1]. This makes it impossible to update mistune, even though there is a
CVE in the old versions of the package [2].

Switch to sphinx-mdinclude instead.

There is also m2r2, but it is not a suitable alternative because they
simply force the use of an older mistune version [3].

[0] sphinx-contrib/openapi#123
[1] miyakogi/m2r#66
[2] GHSA-fw3v-x4f2-v673
[3] CrossNox/m2r2#43

Signed-off-by: Quentin Monnet <[email protected]>
Signed-off-by: Tobias Klauser <[email protected]>
aditighag pushed a commit to cilium/cilium that referenced this issue Aug 22, 2022
[ upstream commit 4f893e8 ]

Sphinxcontrib-openapi relies on m2r. But m2r is unmaintained [0]. It
relies on mistune, but is not compatible with mistune versions >= 2.0
[1]. This makes it impossible to update mistune, even though there is a
CVE in the old versions of the package [2].

Switch to sphinx-mdinclude instead.

There is also m2r2, but it is not a suitable alternative because they
simply force the use of an older mistune version [3].

[0] sphinx-contrib/openapi#123
[1] miyakogi/m2r#66
[2] GHSA-fw3v-x4f2-v673
[3] CrossNox/m2r2#43

Signed-off-by: Quentin Monnet <[email protected]>
Signed-off-by: Tobias Klauser <[email protected]>
@jeriox
Copy link

jeriox commented Aug 30, 2022

@qmonnet just saw that you fixed the issue in a branch of your fork. Any chance you would be willing to maintain that fork any further? would be highly appreciated to have a solution publicly available that does not rely on pinning the mistune version

@qmonnet
Copy link
Contributor

qmonnet commented Aug 31, 2022

Any chance you would be willing to maintain that fork any further?

Sorry, I don't have the expertise of the time for that (the changes I contributed are pretty minor). But I was planning to submit the changes as a PR to the current repository. It was pending some other fix which was addressed last week, now I just need to find a moment to get to it and create the PR.

qmonnet added a commit to qmonnet/openapi that referenced this issue Aug 31, 2022
m2r is unmaintained [0]. It relies on mistune, but is not compatible with
mistune versions >= 2.0 [1]. This makes it impossible to update mistune,
even though there is a CVE in the old versions of the package [2].

Switch to sphinx-mdinclude instead.

There is also m2r2, but it is not a suitable alternative because they
simply force the use of an older mistune version [3].

[0] sphinx-contrib#123
[1] miyakogi/m2r#66
[2] GHSA-fw3v-x4f2-v673
[3] CrossNox/m2r2#43

Fixes: sphinx-contrib#123
qmonnet added a commit to qmonnet/openapi that referenced this issue Aug 31, 2022
m2r is unmaintained [0]. It relies on mistune, but is not compatible with
mistune versions >= 2.0 [1]. This makes it impossible to update mistune,
even though there is a CVE in the old versions of the package [2].

Switch to sphinx-mdinclude instead.

There is also m2r2, but it is not a suitable alternative because they
simply force the use of an older mistune version [3].

[0] sphinx-contrib#123
[1] miyakogi/m2r#66
[2] GHSA-fw3v-x4f2-v673
[3] CrossNox/m2r2#43

Fixes: sphinx-contrib#123
@jeriox
Copy link

jeriox commented Aug 31, 2022

Any chance you would be willing to maintain that fork any further?

Sorry, I don't have the expertise of the time for that (the changes I contributed are pretty minor). But I was planning to submit the changes as a PR to the current repository. It was pending some other fix which was addressed last week, now I just need to find a moment to get to it and create the PR.

sad to hear, but understandable. Let's see if something happens to your PR as this repo seems to be untouched for two years...

stephenfin pushed a commit to qmonnet/openapi that referenced this issue Dec 6, 2022
m2r is unmaintained [0]. It relies on mistune, but is not compatible with
mistune versions >= 2.0 [1]. This makes it impossible to update mistune,
even though there is a CVE in the old versions of the package [2].

Switch to sphinx-mdinclude instead.

There is also m2r2, but it is not a suitable alternative because they
simply force the use of an older mistune version [3].

[0] sphinx-contrib#123
[1] miyakogi/m2r#66
[2] GHSA-fw3v-x4f2-v673
[3] CrossNox/m2r2#43

Fixes: sphinx-contrib#123
stephenfin added a commit that referenced this issue Dec 6, 2022
@qmonnet
Copy link
Contributor

qmonnet commented Jan 16, 2023

@jeriox Just for your information, the PR has been merged, and a new tag was created a few days ago, in case this issue is still relevant to you.

@jeriox
Copy link

jeriox commented Jan 17, 2023

@qmonnet already got the notification that this issue has been closed, was happy to see it. Thanks for the PR and the ping!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging a pull request may close this issue.

5 participants