An update to Parsedown, one of the packages that Grav uses to process Markdown, broke the display of footnotes and image captions. The update was necessary for security reasons that I don't understand, to do with processing HTML, I believe. While the Parsedown people are working on a proper fix, it seemed OK for me to revert to an earlier version as long as I am the only person adding footnotes and image captions, and as long as I trust myself not to do malicious stuff.

Andy Miller graciously provided a step-by-step:

1. Edit composer.json in the root of Grav
2. Remove the security checking dependency: "roave/security-advisories": "dev-master"
4. Edit the parsedown entry to force the last pre-security fixed version: "erusev/parsedown": "1.6.4"
6. From terminal run `composer update --no-dev`

Job done.

And indeed it was, locally. On the live server I ran into trouble because Composer was not installed, and wouldn't install because the .phar extension was missing from my PHP. Fiddling with php.ini on DreamHost was more than I bargained for this morning, so I just uploaded the changed composer.json file and the /parsedown folder and hoped for the best.

It worked there too, so I am very happy. I hope I haven't created problems for the future.

Reactions from around the web


Webmentions allow conversations across the web, based on a web standard. They are a powerful building block for the decentralized social web.

“Ordinary” comments

These are not webmentions, but ordinary old-fashioned comments left by using the form below.