makiri 0.3.0-aarch64-linux → 0.5.0-aarch64-linux

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: e0f79f757aa1970049920adec9aa4a3ae842ee7feb696b5f7fbfd0344e3b890e
-  data.tar.gz: 4adc2938e681211cfc15b89879156793a1a3fb7c6f619bf35f54befd47b99fa7
+  metadata.gz: a7e3afaeb8cfe10f879253ea7b2060fef6e50d0dd6c2d9233f19f89379d60c3a
+  data.tar.gz: 3ed9d9e1bcc503d2a2e62cafca8b5cf7d3da725d791857951e2917cae57b3faf
 SHA512:
-  metadata.gz: f9b89b0e31a42e4d5e86635a0e4d05c456d6ab2884050496d71849080543ca9a5eff6c9ffe724d86623f76b9236ec1b765b5786188bd298723277de1586b7ee5
-  data.tar.gz: e440d8ef53befbf1bf849b8fc4bed6a1b589a88ae84a5fb5e6b42ceddc4654c4d1a4091dd063ff4230c06a4fef556d97230c9af5cc3c9d7719fa232476ff3ac8
+  metadata.gz: a748186acff3b135d72a7ee0db7a917ce40d383e1518f0950824de346ce337ef7c0b606ccfa15572d453043fa8382434a44e43a0e28f08a7b0d4f9a4c7de2ed1
+  data.tar.gz: 00bc81988b16578c5cabacc4262cfdd6d034bd898cc05b0eee35815fba8fca0eb933a2987c080eed1be7c0c047c0172ceaf717754e27785d7858e905cec7f10d

data/.github/workflows/conformance.yml

@@ -57,6 +57,15 @@ jobs:
       - name: CSS Selectors differential vs Nokogiri::HTML5
         run: bundle exec rake conformance:css
 
+      - name: XML XPath 1.0 differential vs Nokogiri::XML
+        run: bundle exec rake conformance:xpath_xml
+
+      - name: XML CSS-selector differential vs Nokogiri::XML
+        run: bundle exec rake conformance:css_xml
+
+      - name: XML Builder differential vs Nokogiri::XML::Builder
+        run: bundle exec rake conformance:builder
+
   # Nightly: a wide XPath differential sweep across many seeds and a high
   # generated volume, to surface divergences the curated corpus and a single
   # seed miss. Fails fast (bash -e) on the first real divergence.
@@ -92,3 +101,16 @@ jobs:
             XPATH_ARGS="--generate 20000 --seed ${seed}" bundle exec rake conformance:xpath
             echo "::endgroup::"
           done
+
+      # The W3C XML conformance suite fetches its (pinned) test corpus on first
+      # run, so it lives in the nightly rather than on every PR.
+      - name: XML 1.0 well-formedness vs the W3C XML Conformance Test Suite
+        run: bundle exec rake conformance:xmlconf
+
+      # Property-based tree differential: generated documents, Makiri's parsed
+      # tree + canonical output vs Nokogiri::XML. Scalable volume - nightly gets
+      # a much larger batch than the resident in-suite PBT specs.
+      - name: XML property-based tree differential vs Nokogiri::XML
+        run: bundle exec rake conformance:xml_pbt
+        env:
+          PBT_ARGS: "--count 20000"

data/.github/workflows/libfuzzer.yml

@@ -0,0 +1,83 @@
+name: libFuzzer
+
+on:
+  # Nightly: libFuzzer runs are coverage-guided and long-running; they complement
+  # the PR-level short fuzz (30s) and the nightly sanitizer fuzz (300s per target).
+  # We run them on a schedule because the coverage signal needs sustained CPU
+  # time to reach deep branches (e.g. DOCTYPE quote/bracket state machine,
+  # reference expansion boundaries).
+  schedule:
+    - cron: "0 3 * * *"
+  workflow_dispatch:
+
+jobs:
+  # Build the libFuzzer harnesses under clang with -fsanitize=fuzzer,address
+  # and run each target for 300s.  The corpus is stored as a build artifact so
+  # it can be seeded in subsequent runs (regression asset per the roadmap).
+  libfuzzer-nightly:
+    name: libFuzzer ${{ matrix.target }} (clang)
+    runs-on: ubuntu-latest
+    timeout-minutes: 360
+    strategy:
+      fail-fast: false
+      matrix:
+        target: [xml, xpath]
+
+    steps:
+      - name: Checkout (with vendored Lexbor submodule)
+        uses: actions/checkout@v6
+        with:
+          submodules: recursive
+
+      - name: Ensure cmake is available
+        uses: lukka/get-cmake@latest
+
+      - name: Set up Ruby
+        uses: ruby/setup-ruby@v1
+        with:
+          ruby-version: "3.4"
+          bundler-cache: true
+
+      # Build the vendored Lexbor first (plain mode is fine; the harness links
+      # the static archive).  The fuzzer binary itself is built with ASan.
+      - name: Compile the extension (builds Lexbor)
+        run: bundle exec rake compile
+
+      - name: Install clang
+        run: |
+          sudo apt-get update
+          sudo apt-get install -y clang
+
+      - name: Build libFuzzer harnesses
+        run: |
+          cd ext/makiri/fuzz
+          make clean
+          make all
+
+      # Restore the previous corpus so the fuzzer starts from the accumulated
+      # regression seeds rather than from scratch.
+      - name: Restore corpus cache
+        uses: actions/cache@v4
+        with:
+          path: ext/makiri/fuzz/corpus/${{ matrix.target }}
+          key: libfuzzer-corpus-${{ matrix.target }}-${{ github.run_id }}
+          restore-keys: |
+            libfuzzer-corpus-${{ matrix.target }}-
+
+      - name: Run libFuzzer ${{ matrix.target }} (300s)
+        run: |
+          mkdir -p ext/makiri/fuzz/corpus/${{ matrix.target }}
+          cd ext/makiri/fuzz
+          ./${{ matrix.target }}_fuzz \
+            -max_total_time=300 \
+            -max_len=4096 \
+            -print_final_stats=1 \
+            corpus/${{ matrix.target }}
+
+      # Save the mutated corpus as an artifact for download / seeding.
+      - name: Upload corpus artifact
+        uses: actions/upload-artifact@v4
+        with:
+          name: libfuzzer-corpus-${{ matrix.target }}
+          path: ext/makiri/fuzz/corpus/${{ matrix.target }}
+          retention-days: 7

data/.github/workflows/security.yml

@@ -70,12 +70,71 @@ jobs:
           bundler-cache: true
 
       - name: Run short fuzz under sanitizers
-        run: bundle exec rake fuzz:sanitize FUZZ_ARGS="--isolated --time 30"
+        run: bundle exec rake fuzz:sanitize FUZZ_ARGS="--time 30"
+
+  # macOS-only malloc-leak gate: ASan everywhere runs with detect_leaks=0 (Ruby
+  # and Lexbor are uninstrumented), so this is the ONLY automated leak check. It
+  # flags per-call leak stacks through the extension, including on rescued
+  # failure paths (see script/check_leaks.rb).
+  security-leaks:
+    name: Malloc-leak gate (macOS leaks)
+    runs-on: macos-latest
+    if: github.event_name != 'schedule'
+    steps:
+      - name: Checkout (with vendored Lexbor submodule)
+        uses: actions/checkout@v6
+        with:
+          submodules: recursive
+
+      - name: Ensure cmake is available
+        uses: lukka/get-cmake@latest
+
+      - name: Set up Ruby
+        uses: ruby/setup-ruby@v1
+        with:
+          ruby-version: "3.4"
+          bundler-cache: true
 
+      - name: Run the leak gate
+        run: bundle exec rake leaks
+
+  # OOM-injection sweep: rebuilds with MAKIRI_ALLOC_INJECT=1 and fails each core
+  # C allocation site in turn, gating that every OOM branch fails closed - a
+  # clean exception or a baseline-identical result, never truncated output
+  # (see script/check_alloc_failures.rb).
+  security-alloc-inject:
+    name: OOM-injection sweep
+    runs-on: ubuntu-latest
+    if: github.event_name != 'schedule'
+    steps:
+      - name: Checkout (with vendored Lexbor submodule)
+        uses: actions/checkout@v6
+        with:
+          submodules: recursive
+
+      - name: Ensure cmake is available
+        uses: lukka/get-cmake@latest
+
+      - name: Set up Ruby
+        uses: ruby/setup-ruby@v1
+        with:
+          ruby-version: "3.4"
+          bundler-cache: true
+
+      - name: Run the OOM-injection sweep
+        run: bundle exec rake oom
+
+  # Nightly: fuzz EVERY target (the 30s PR fuzz covers only the default xpath
+  # target; the CSS engine reuse and the XML parser/mutator are each their own
+  # documented memory-safety risk, so each gets a full 300s run).
   security-fuzz-nightly:
-    name: Nightly sanitized fuzz
+    name: Nightly sanitized fuzz (${{ matrix.target }})
     runs-on: ubuntu-latest
     if: github.event_name == 'schedule' || github.event_name == 'workflow_dispatch'
+    strategy:
+      fail-fast: false
+      matrix:
+        target: [xpath, css, xml, mutate, xmlcss]
     steps:
       - name: Checkout (with vendored Lexbor submodule)
         uses: actions/checkout@v6
@@ -92,4 +151,30 @@ jobs:
           bundler-cache: true
 
       - name: Run nightly fuzz under sanitizers
-        run: bundle exec rake fuzz:sanitize FUZZ_ARGS="--isolated --time 300"
+        run: bundle exec rake fuzz:sanitize FUZZ_ARGS="--target ${{ matrix.target }} --time 300"
+
+  # Nightly: the whole spec suite with Lexbor ITSELF built under ASan (mraw
+  # poisoning on), catching intra-arena overflows that a plain ASan build cannot
+  # see - the class the v3.0.0 :lexbor-contains overflow belonged to. Heavy
+  # (full instrumented Lexbor rebuild), so nightly only.
+  security-sanitize-lexbor:
+    name: Nightly instrumented-Lexbor ASan suite
+    runs-on: ubuntu-latest
+    if: github.event_name == 'schedule' || github.event_name == 'workflow_dispatch'
+    steps:
+      - name: Checkout (with vendored Lexbor submodule)
+        uses: actions/checkout@v6
+        with:
+          submodules: recursive
+
+      - name: Ensure cmake is available
+        uses: lukka/get-cmake@latest
+
+      - name: Set up Ruby
+        uses: ruby/setup-ruby@v1
+        with:
+          ruby-version: "3.4"
+          bundler-cache: true
+
+      - name: Build Lexbor under ASan and run the suite
+        run: bundle exec rake "sanitize:lexbor"

data/.github/workflows/valgrind.yml

@@ -0,0 +1,138 @@
+name: Valgrind + GC.compact
+
+on:
+  # Valgrind memcheck ALSO runs on push to main: it is the only check without a
+  # frequency threshold (any "definitely lost" / uninitialised-value use fails,
+  # unlike the PR-level macOS leak gate, which only flags stacks repeated >=30x),
+  # so a leak on a rarely-hit error path slips past the PR gates and would
+  # otherwise surface only on the next nightly. Running it post-merge catches such
+  # regressions within ~30 min without adding ~20 min to every PR. (It is gated to
+  # main only, not pull_request, to keep PR latency low.)
+  #
+  # The GC.stress job stays nightly-only (see its `if:` below): it is heavy and
+  # checks structural properties that do not vary by day-to-day churn.
+  push:
+    branches: [main, master]
+  schedule:
+    - cron: "0 2 * * *"
+  workflow_dispatch:
+
+jobs:
+  # Valgrind memcheck on the full spec suite.  Complements ASan by catching
+  # layout-independent errors ASan misses: use of uninitialised values, and
+  # invalid reads/writes that happen to land inside valid malloc regions
+  # (intra-arena overflows).  Runs on Linux because Valgrind is x86_64/amd64
+  # Linux only.
+  valgrind-memcheck:
+    name: Valgrind memcheck (Ruby ${{ matrix.ruby }})
+    runs-on: ubuntu-latest
+    timeout-minutes: 360
+    env:
+      BUNDLE_WITH: valgrind
+      # These heavy jobs verify memory discipline (uninit values, intra-arena
+      # overflows, use-after-move), not the property space - so the full
+      # 300-iteration PBT sweep (already run by the normal CI matrix) is
+      # overkill here and, multiplied by Valgrind's 10-50x slowdown, never
+      # finishes.  A handful of iterations exercises every C memory path while
+      # keeping the run tractable.
+      PBT_COUNT: "15"
+      CSS_PBT_COUNT: "15"
+    strategy:
+      fail-fast: false
+      matrix:
+        ruby: ["3.4"]
+
+    steps:
+      - name: Checkout (with vendored Lexbor submodule)
+        uses: actions/checkout@v6
+        with:
+          submodules: recursive
+
+      - name: Ensure cmake is available
+        uses: lukka/get-cmake@latest
+
+      - name: Set up Ruby
+        uses: ruby/setup-ruby@v1
+        with:
+          ruby-version: ${{ matrix.ruby }}
+          bundler-cache: true
+
+      - name: Compile the extension
+        run: bundle exec rake compile
+
+      - name: Install Valgrind
+        run: sudo apt-get update && sudo apt-get install -y valgrind
+
+      # ruby_memcheck (the `spec:valgrind` rake task) runs the suite under
+      # memcheck. It ships Ruby's Valgrind suppression files itself (matched to
+      # the running Ruby), so there is no longer a ruby.supp to fetch from
+      # ruby/ruby - that path was removed upstream and the fetch step 404'd.
+      - name: Run spec suite under Valgrind (ruby_memcheck)
+        run: bundle exec rake spec:valgrind
+
+  # GC.auto_compact + GC.stress over the GC-sensitive examples.  This
+  # structurally tests the borrowed-pointer discipline under the condition that
+  # Ruby Strings actually move (compaction) and that every allocation triggers a
+  # full GC cycle (stress).  Failures here are typically use-after-move or stale
+  # pointer bugs in the C extension or bridge layer.
+  #
+  # Scope: only the examples tagged `:gc_compact` (the `memory safety` blocks in
+  # css/xpath/serialize/mutation/source_location/xpath_handler/api_compat2 +
+  # attribute's lazy-index example).  Those are the examples written to exercise
+  # the borrowed-pointer paths.  `GC_COMPACT_STRESS=1` makes spec_helper set
+  # `GC.auto_compact = true` process-wide and wrap every example in `GC.stress`,
+  # so each allocation inside a tagged example triggers a *compacting* GC - the
+  # strongest form of the use-after-move test.  The high-volume churn loops
+  # (parse/drop cycles) scale their iteration count down under stress
+  # (`gc_churn_iters` / `GC_COMPACT_ITERS`) because each stressed iteration is
+  # orders of magnitude heavier; `GC_COMPACT_ITERS` below tunes the total runtime
+  # (~6-9 min on CI at 200).  An earlier version forced GC.stress onto the
+  # *entire* suite (~800 examples): it ran 1h40m+ and never finished, while
+  # testing borrowed-pointer discipline on hundreds of examples that have none.
+  # The rest of the suite still runs in ci.yml.
+  #
+  # THREADING is deliberately OFF here.  The :threading suite is 8 threads x tens
+  # of iterations; it runs in ci.yml and its GC-sensitive examples opt into
+  # GC.stress themselves, so cross-thread interactions are covered there.
+  gc-compact-stress:
+    # Nightly / on-demand only - not on push (the valgrind job is the post-merge
+    # gate; GC.stress is heavy and structural, so it does not need per-push runs).
+    if: github.event_name != 'push'
+    name: GC.auto_compact + GC.stress (Ruby ${{ matrix.ruby }})
+    runs-on: ubuntu-latest
+    timeout-minutes: 30
+    env:
+      GC_COMPACT_STRESS: "1"
+      # Per-iteration cost under per-allocation compacting GC is ~1000x normal, so
+      # the churn loops run this many iterations (vs their normal 200-1000). Tunes
+      # the job's runtime; raise for more coverage, lower if it approaches the
+      # timeout.
+      GC_COMPACT_ITERS: "200"
+    strategy:
+      fail-fast: false
+      matrix:
+        ruby: ["3.4"]
+
+    steps:
+      - name: Checkout (with vendored Lexbor submodule)
+        uses: actions/checkout@v6
+        with:
+          submodules: recursive
+
+      - name: Ensure cmake is available
+        uses: lukka/get-cmake@latest
+
+      - name: Set up Ruby
+        uses: ruby/setup-ruby@v1
+        with:
+          ruby-version: ${{ matrix.ruby }}
+          bundler-cache: true
+
+      - name: Compile the extension
+        run: bundle exec rake compile
+
+      # GC_COMPACT_STRESS=1 (set in env above) makes spec_helper enable
+      # auto_compact globally and wrap each example in GC.stress; --tag gc_compact
+      # limits the run to the borrowed-pointer examples.
+      - name: Run GC-sensitive examples under GC.auto_compact + GC.stress
+        run: bundle exec rspec --tag gc_compact spec

data/CHANGELOG.md

@@ -5,7 +5,130 @@ All notable changes to this project will be documented in this file.
 The format follows [Keep a Changelog](https://keepachangelog.com/en/1.1.0/),
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
-## [Unreleased]
+## [0.5.0] - 2026-06-14
+
+### Fixed
+
+* Use-after-free when an XPath custom-function handler mutated the same
+  `XPathContext` (`register_*` / `node=`) mid-`evaluate`: such re-entrant context
+  mutation is now refused instead of invalidating the running evaluation's state.
+
+* `Node#name=` now invalidates the element-name index, so a later `//tag` query
+  reflects the rename instead of seeing a stale bucket.
+
+* XML processing-instruction targets now follow XML 1.0 §2.6: a PITarget is a
+  `Name`, not an NCName, so a colon is permitted (`<?a:b ...?>` parses, and
+  `create_processing_instruction("a:b", ...)` succeeds). Only the reserved `xml`
+  (any case) is still rejected. Previously a colon in a PI target was rejected as
+  not-well-formed, which was stricter than the spec (a PI target is not subject to
+  namespace processing).
+
+* Memory leaks of the internal XPath evaluation context on error / edge paths: a
+  `Makiri::XML` `#css` / `#xpath` / `#at_xpath` whose selector or expression failed
+  the text-input contract leaked the context (it is now verified BEFORE the context
+  is allocated), and a context could leak if building the Ruby result raised (it is
+  now freed before conversion).
+
+### Added
+
+* `ProcessingInstruction#target` on the XML node (the PI's target name).
+
+* Cross-kind `Document#import_node(node, deep = false)`. `import_node` now
+  translates a subtree across representations: `Makiri::XML::Document#import_node`
+  (newly added) imports an HTML (Lexbor) node by translating it to the XML node
+  representation, and `Makiri::HTML::Document#import_node` likewise translates an
+  XML node to HTML. Same-representation imports keep working (HTML to HTML via
+  Lexbor, XML to XML via the arena deep/shallow copy). The result is a detached
+  copy owned by the target document; the source is untouched. Elements (with
+  attributes), text, comment, and processing-instruction nodes translate both
+  ways, and an HTML `<template>`'s contents (which HTML keeps in a separate
+  fragment) are carried across rather than silently dropped; an XML CDATA section
+  has no HTML counterpart, so translating one into an HTML document fails closed
+  (`Makiri::Error`). Namespaces are preserved across the translation: HTML->XML
+  synthesizes the xmlns declarations needed to reproduce each node's namespace
+  (so e.g. an inline `<svg>` stays in the SVG namespace and HTML elements in the
+  XHTML namespace), and XML->HTML maps the namespace URI back to a Lexbor
+  namespace id, interning any URI (not only the ones Lexbor knows by default) so
+  custom namespaces survive too. An HTML-namespaced `<template>`'s content is
+  placed in its content fragment (HTMLTemplateElement.content), like a parsed
+  template. The other node-argument mutators
+  (`add_child`/`before`/`after`/`replace`/`fragment`) still reject a foreign-kind
+  node; `import_node` is the one sanctioned crossing point.
+
+* `set_attribute_ns(namespace, qualified_name, value)` and
+  `remove_attribute_ns(namespace, local_name)` on `Makiri::XML` elements - the DOM
+  setAttributeNS / removeAttributeNS, keyed on the (explicit namespace, local name)
+  pair so two attributes with the same qualified name in different namespaces
+  coexist (a null/"" namespace is the null namespace).
+
+* `Makiri::Lexbor::CSS.parse_stylesheet(text)`, a thin binding over Lexbor's
+  CSS stylesheet parser that returns the parsed rules as plain Ruby primitives
+  (`{type: :style, selectors: [{text:, specificity: [a,b,c]}, ...],
+  declarations: [{name:, value:, important:}, ...]}` and nested
+  `{type: :media, condition:, rules: [...]}`, in source order). Selector
+  specificity and value normalization come from Lexbor; `css-syntax-3` error
+  recovery means a broken stylesheet yields its valid rules instead of raising.
+  Hosts the new `Makiri::Lexbor::*` namespace (the unabstracted lexbor-native
+  surface, distinct from the Nokogiri-compatible `Makiri::*`).
+
+## [0.4.0] - 2026-06-12
+
+### Added
+
+* CSS selectors on `Makiri::XML`. `#css` / `#at_css` / `#matches?`, lowered
+  to the native XPath engine (case-sensitive, namespace-aware). Covers the
+  standard selector set including combinator arguments to `:is`/`:where`/`:not`/
+  `:has`, untyped `:*-of-type`, and `:lexbor-contains`. Verified by a differential
+  against `Nokogiri::XML` plus property-based tests.
+
+* `Makiri::XML::Builder`, a Nokogiri-compatible DSL for building an XML
+  document or subtree from scratch (block / `instance_eval` forms, namespaced
+  elements via `xml["prefix"]`, the `tag.class.id!` attribute short-cuts, raw-XML
+  `<<`, and `.with`). Verified by a differential against `Nokogiri::XML::Builder`.
+
+### Changed
+
+* The XML declaration emits `encoding="UTF-8"` only when the source declared
+  one (or `#to_xml(encoding:)` is passed); built or declaration-less documents
+  now serialize to a bare `<?xml version="1.0"?>`, like Nokogiri (the output is
+  UTF-8 either way).
+
+* Faster XML queries. A document-rooted `//name` / `css("name")` is served
+  from a lazily-built element-name index instead of a full-tree walk (~11x
+  Nokogiri on the benchmark feed); name tests resolve their prefix once per step,
+  and `at_css` / `at_xpath` short-circuit on prefixed name tests.
+
+* CSS class/ID selectors now match case-sensitively in no-quirks documents
+  (case-insensitively only in quirks mode), like browsers and `Nokogiri::HTML5` -
+  via an upstreamed Lexbor fix (see below).
+
+* XPath number parsing now follows the XPath 1.0 `Number` grammar exactly and
+  is locale-independent, matching libxml2/Nokogiri and browsers. C `strtod`'s
+  superset forms are no longer accepted: `1e3` / `0x1A` lex as a Number followed
+  by a name (a syntax error as a full expression, where they previously parsed
+  as 1000 / 26), `number()` returns NaN for exponent/hex/`+`-signed strings, and
+  only XPath whitespace (space/tab/CR/LF, not `\v`/`\f`) is trimmed around the
+  coerced value. Valid literals (`5.`, `.5`, `1.5`) are unchanged.
+
+### Security
+
+* Updated the vendored Lexbor (v3.0.0 -> `3a2d595`), which includes two
+  CSS-selector fixes we upstreamed - class/ID case-sensitivity follows quirks
+  mode, and a prefix-less type selector no longer defaults to the universal
+  namespace - plus a heap-overflow fix in its `:lexbor-contains()` parser
+  (reached from `Node#css`) and other post-v3.0.0 bugfixes. (An untagged master
+  commit, taken deliberately; see CLAUDE.md.)
+
+* Hardened native memory safety. The XML arena is ASan-red-zoned to catch
+  intra-arena overflows, the engines are fuzzed under ASan/UBSan, and buffer
+  growth is bounded by a hard ceiling.
+
+* Extended the lint-enforced bounded-reader (`mkr_span`) discipline to the
+  remaining byte-scanning code: the source-location line table, the XPath
+  string-function scanners (now explicitly length-bounded instead of relying on
+  the NUL contract), and the number parse above. Fixed a borrowed-RSTRING
+  pointer held across a potential GC point in the XML encoding sniffer, and a
+  missing NUL-termination guarantee in the libFuzzer XPath harness.
 
 ## [0.3.0] - 2026-06-06
 
@@ -239,7 +362,9 @@ libxml2 / libxslt dependency at any layer**.
   domxpath, CSS differential vs `Nokogiri::HTML5`). GitHub Actions CI across
   Ruby 3.2–4.0 × Ubuntu/macOS plus a sanitizer job.
 
-[Unreleased]: https://github.com/takahashim/makiri/compare/v0.3.0...HEAD
+[Unreleased]: https://github.com/takahashim/makiri/compare/v0.5.0...HEAD
+[0.5.0]: https://github.com/takahashim/makiri/compare/v0.4.0...v0.5.0
+[0.4.0]: https://github.com/takahashim/makiri/compare/v0.3.0...v0.4.0
 [0.3.0]: https://github.com/takahashim/makiri/compare/v0.2.0...v0.3.0
 [0.2.0]: https://github.com/takahashim/makiri/compare/v0.1.0...v0.2.0
 [0.1.0]: https://github.com/takahashim/makiri/releases/tag/v0.1.0