makiri 0.3.0 → 0.5.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: b0cf63c9d861e721a52064dccc929db0a8f823d485f69854f07d90b805913db0
-  data.tar.gz: 989e0d0b1430b202147cd4f0fec411d0377114f34ae380217b683b6b63d031e6
+  metadata.gz: 27ac120b94ab835caee9bbb50a1cee71b19e339dde2384496db9608e58b3269b
+  data.tar.gz: 27b8ea683abe8854e6c68269413d4858e0f2fedfdd04f04d8fa91130b9b05ac1
 SHA512:
-  metadata.gz: 13598e1f45341c8fed3924da8bbe913cf55ef5c1b9256193db18ae3cf2bb9ae0f4816370d8ca569139b33e7194aced65656c1314989b882ea612a44e3750e84b
-  data.tar.gz: 71c9da99e6f26fb8a034efba1d0642b37cdcd3ddf212c6f977ad3c868b104162ca86f0c721606024286a06c858326508e41c8624687c03fa3d7a205461926faf
+  metadata.gz: 84754fb994af236692bdbc281cb0cba89a8cd6d7c75e2caa4e16ebe9b1efa6c4cbd270409be2957e461db4909bbabc32296ed44e185ccaa8985a0c285f25846c
+  data.tar.gz: c3fba2792720ad30d1bee90343e4ae7877bd9871195620ce667281fffeb36e994b3e715a5f456327aaa4e8de1e80e3c24c7e6a898739c660f4d1c8d5ffa51c60

data/.github/workflows/conformance.yml

@@ -57,6 +57,15 @@ jobs:
       - name: CSS Selectors differential vs Nokogiri::HTML5
         run: bundle exec rake conformance:css
 
+      - name: XML XPath 1.0 differential vs Nokogiri::XML
+        run: bundle exec rake conformance:xpath_xml
+
+      - name: XML CSS-selector differential vs Nokogiri::XML
+        run: bundle exec rake conformance:css_xml
+
+      - name: XML Builder differential vs Nokogiri::XML::Builder
+        run: bundle exec rake conformance:builder
+
   # Nightly: a wide XPath differential sweep across many seeds and a high
   # generated volume, to surface divergences the curated corpus and a single
   # seed miss. Fails fast (bash -e) on the first real divergence.
@@ -92,3 +101,16 @@ jobs:
             XPATH_ARGS="--generate 20000 --seed ${seed}" bundle exec rake conformance:xpath
             echo "::endgroup::"
           done
+
+      # The W3C XML conformance suite fetches its (pinned) test corpus on first
+      # run, so it lives in the nightly rather than on every PR.
+      - name: XML 1.0 well-formedness vs the W3C XML Conformance Test Suite
+        run: bundle exec rake conformance:xmlconf
+
+      # Property-based tree differential: generated documents, Makiri's parsed
+      # tree + canonical output vs Nokogiri::XML. Scalable volume - nightly gets
+      # a much larger batch than the resident in-suite PBT specs.
+      - name: XML property-based tree differential vs Nokogiri::XML
+        run: bundle exec rake conformance:xml_pbt
+        env:
+          PBT_ARGS: "--count 20000"

data/.github/workflows/libfuzzer.yml

@@ -0,0 +1,83 @@
+name: libFuzzer
+
+on:
+  # Nightly: libFuzzer runs are coverage-guided and long-running; they complement
+  # the PR-level short fuzz (30s) and the nightly sanitizer fuzz (300s per target).
+  # We run them on a schedule because the coverage signal needs sustained CPU
+  # time to reach deep branches (e.g. DOCTYPE quote/bracket state machine,
+  # reference expansion boundaries).
+  schedule:
+    - cron: "0 3 * * *"
+  workflow_dispatch:
+
+jobs:
+  # Build the libFuzzer harnesses under clang with -fsanitize=fuzzer,address
+  # and run each target for 300s.  The corpus is stored as a build artifact so
+  # it can be seeded in subsequent runs (regression asset per the roadmap).
+  libfuzzer-nightly:
+    name: libFuzzer ${{ matrix.target }} (clang)
+    runs-on: ubuntu-latest
+    timeout-minutes: 360
+    strategy:
+      fail-fast: false
+      matrix:
+        target: [xml, xpath]
+
+    steps:
+      - name: Checkout (with vendored Lexbor submodule)
+        uses: actions/checkout@v6
+        with:
+          submodules: recursive
+
+      - name: Ensure cmake is available
+        uses: lukka/get-cmake@latest
+
+      - name: Set up Ruby
+        uses: ruby/setup-ruby@v1
+        with:
+          ruby-version: "3.4"
+          bundler-cache: true
+
+      # Build the vendored Lexbor first (plain mode is fine; the harness links
+      # the static archive).  The fuzzer binary itself is built with ASan.
+      - name: Compile the extension (builds Lexbor)
+        run: bundle exec rake compile
+
+      - name: Install clang
+        run: |
+          sudo apt-get update
+          sudo apt-get install -y clang
+
+      - name: Build libFuzzer harnesses
+        run: |
+          cd ext/makiri/fuzz
+          make clean
+          make all
+
+      # Restore the previous corpus so the fuzzer starts from the accumulated
+      # regression seeds rather than from scratch.
+      - name: Restore corpus cache
+        uses: actions/cache@v4
+        with:
+          path: ext/makiri/fuzz/corpus/${{ matrix.target }}
+          key: libfuzzer-corpus-${{ matrix.target }}-${{ github.run_id }}
+          restore-keys: |
+            libfuzzer-corpus-${{ matrix.target }}-
+
+      - name: Run libFuzzer ${{ matrix.target }} (300s)
+        run: |
+          mkdir -p ext/makiri/fuzz/corpus/${{ matrix.target }}
+          cd ext/makiri/fuzz
+          ./${{ matrix.target }}_fuzz \
+            -max_total_time=300 \
+            -max_len=4096 \
+            -print_final_stats=1 \
+            corpus/${{ matrix.target }}
+
+      # Save the mutated corpus as an artifact for download / seeding.
+      - name: Upload corpus artifact
+        uses: actions/upload-artifact@v4
+        with:
+          name: libfuzzer-corpus-${{ matrix.target }}
+          path: ext/makiri/fuzz/corpus/${{ matrix.target }}
+          retention-days: 7

data/.github/workflows/security.yml

@@ -70,12 +70,71 @@ jobs:
           bundler-cache: true
 
       - name: Run short fuzz under sanitizers
-        run: bundle exec rake fuzz:sanitize FUZZ_ARGS="--isolated --time 30"
+        run: bundle exec rake fuzz:sanitize FUZZ_ARGS="--time 30"
+
+  # macOS-only malloc-leak gate: ASan everywhere runs with detect_leaks=0 (Ruby
+  # and Lexbor are uninstrumented), so this is the ONLY automated leak check. It
+  # flags per-call leak stacks through the extension, including on rescued
+  # failure paths (see script/check_leaks.rb).
+  security-leaks:
+    name: Malloc-leak gate (macOS leaks)
+    runs-on: macos-latest
+    if: github.event_name != 'schedule'
+    steps:
+      - name: Checkout (with vendored Lexbor submodule)
+        uses: actions/checkout@v6
+        with:
+          submodules: recursive
+
+      - name: Ensure cmake is available
+        uses: lukka/get-cmake@latest
+
+      - name: Set up Ruby
+        uses: ruby/setup-ruby@v1
+        with:
+          ruby-version: "3.4"
+          bundler-cache: true
 
+      - name: Run the leak gate
+        run: bundle exec rake leaks
+
+  # OOM-injection sweep: rebuilds with MAKIRI_ALLOC_INJECT=1 and fails each core
+  # C allocation site in turn, gating that every OOM branch fails closed - a
+  # clean exception or a baseline-identical result, never truncated output
+  # (see script/check_alloc_failures.rb).
+  security-alloc-inject:
+    name: OOM-injection sweep
+    runs-on: ubuntu-latest
+    if: github.event_name != 'schedule'
+    steps:
+      - name: Checkout (with vendored Lexbor submodule)
+        uses: actions/checkout@v6
+        with:
+          submodules: recursive
+
+      - name: Ensure cmake is available
+        uses: lukka/get-cmake@latest
+
+      - name: Set up Ruby
+        uses: ruby/setup-ruby@v1
+        with:
+          ruby-version: "3.4"
+          bundler-cache: true
+
+      - name: Run the OOM-injection sweep
+        run: bundle exec rake oom
+
+  # Nightly: fuzz EVERY target (the 30s PR fuzz covers only the default xpath
+  # target; the CSS engine reuse and the XML parser/mutator are each their own
+  # documented memory-safety risk, so each gets a full 300s run).
   security-fuzz-nightly:
-    name: Nightly sanitized fuzz
+    name: Nightly sanitized fuzz (${{ matrix.target }})
     runs-on: ubuntu-latest
     if: github.event_name == 'schedule' || github.event_name == 'workflow_dispatch'
+    strategy:
+      fail-fast: false
+      matrix:
+        target: [xpath, css, xml, mutate, xmlcss]
     steps:
       - name: Checkout (with vendored Lexbor submodule)
         uses: actions/checkout@v6
@@ -92,4 +151,30 @@ jobs:
           bundler-cache: true
 
       - name: Run nightly fuzz under sanitizers
-        run: bundle exec rake fuzz:sanitize FUZZ_ARGS="--isolated --time 300"
+        run: bundle exec rake fuzz:sanitize FUZZ_ARGS="--target ${{ matrix.target }} --time 300"
+
+  # Nightly: the whole spec suite with Lexbor ITSELF built under ASan (mraw
+  # poisoning on), catching intra-arena overflows that a plain ASan build cannot
+  # see - the class the v3.0.0 :lexbor-contains overflow belonged to. Heavy
+  # (full instrumented Lexbor rebuild), so nightly only.
+  security-sanitize-lexbor:
+    name: Nightly instrumented-Lexbor ASan suite
+    runs-on: ubuntu-latest
+    if: github.event_name == 'schedule' || github.event_name == 'workflow_dispatch'
+    steps:
+      - name: Checkout (with vendored Lexbor submodule)
+        uses: actions/checkout@v6
+        with:
+          submodules: recursive
+
+      - name: Ensure cmake is available
+        uses: lukka/get-cmake@latest
+
+      - name: Set up Ruby
+        uses: ruby/setup-ruby@v1
+        with:
+          ruby-version: "3.4"
+          bundler-cache: true
+
+      - name: Build Lexbor under ASan and run the suite
+        run: bundle exec rake "sanitize:lexbor"

data/.github/workflows/valgrind.yml

@@ -0,0 +1,138 @@
+name: Valgrind + GC.compact
+
+on:
+  # Valgrind memcheck ALSO runs on push to main: it is the only check without a
+  # frequency threshold (any "definitely lost" / uninitialised-value use fails,
+  # unlike the PR-level macOS leak gate, which only flags stacks repeated >=30x),
+  # so a leak on a rarely-hit error path slips past the PR gates and would
+  # otherwise surface only on the next nightly. Running it post-merge catches such
+  # regressions within ~30 min without adding ~20 min to every PR. (It is gated to
+  # main only, not pull_request, to keep PR latency low.)
+  #
+  # The GC.stress job stays nightly-only (see its `if:` below): it is heavy and
+  # checks structural properties that do not vary by day-to-day churn.
+  push:
+    branches: [main, master]
+  schedule:
+    - cron: "0 2 * * *"
+  workflow_dispatch:
+
+jobs:
+  # Valgrind memcheck on the full spec suite.  Complements ASan by catching
+  # layout-independent errors ASan misses: use of uninitialised values, and
+  # invalid reads/writes that happen to land inside valid malloc regions
+  # (intra-arena overflows).  Runs on Linux because Valgrind is x86_64/amd64
+  # Linux only.
+  valgrind-memcheck:
+    name: Valgrind memcheck (Ruby ${{ matrix.ruby }})
+    runs-on: ubuntu-latest
+    timeout-minutes: 360
+    env:
+      BUNDLE_WITH: valgrind
+      # These heavy jobs verify memory discipline (uninit values, intra-arena
+      # overflows, use-after-move), not the property space - so the full
+      # 300-iteration PBT sweep (already run by the normal CI matrix) is
+      # overkill here and, multiplied by Valgrind's 10-50x slowdown, never
+      # finishes.  A handful of iterations exercises every C memory path while
+      # keeping the run tractable.
+      PBT_COUNT: "15"
+      CSS_PBT_COUNT: "15"
+    strategy:
+      fail-fast: false
+      matrix:
+        ruby: ["3.4"]
+
+    steps:
+      - name: Checkout (with vendored Lexbor submodule)
+        uses: actions/checkout@v6
+        with:
+          submodules: recursive
+
+      - name: Ensure cmake is available
+        uses: lukka/get-cmake@latest
+
+      - name: Set up Ruby
+        uses: ruby/setup-ruby@v1
+        with:
+          ruby-version: ${{ matrix.ruby }}
+          bundler-cache: true
+
+      - name: Compile the extension
+        run: bundle exec rake compile
+
+      - name: Install Valgrind
+        run: sudo apt-get update && sudo apt-get install -y valgrind
+
+      # ruby_memcheck (the `spec:valgrind` rake task) runs the suite under
+      # memcheck. It ships Ruby's Valgrind suppression files itself (matched to
+      # the running Ruby), so there is no longer a ruby.supp to fetch from
+      # ruby/ruby - that path was removed upstream and the fetch step 404'd.
+      - name: Run spec suite under Valgrind (ruby_memcheck)
+        run: bundle exec rake spec:valgrind
+
+  # GC.auto_compact + GC.stress over the GC-sensitive examples.  This
+  # structurally tests the borrowed-pointer discipline under the condition that
+  # Ruby Strings actually move (compaction) and that every allocation triggers a
+  # full GC cycle (stress).  Failures here are typically use-after-move or stale
+  # pointer bugs in the C extension or bridge layer.
+  #
+  # Scope: only the examples tagged `:gc_compact` (the `memory safety` blocks in
+  # css/xpath/serialize/mutation/source_location/xpath_handler/api_compat2 +
+  # attribute's lazy-index example).  Those are the examples written to exercise
+  # the borrowed-pointer paths.  `GC_COMPACT_STRESS=1` makes spec_helper set
+  # `GC.auto_compact = true` process-wide and wrap every example in `GC.stress`,
+  # so each allocation inside a tagged example triggers a *compacting* GC - the
+  # strongest form of the use-after-move test.  The high-volume churn loops
+  # (parse/drop cycles) scale their iteration count down under stress
+  # (`gc_churn_iters` / `GC_COMPACT_ITERS`) because each stressed iteration is
+  # orders of magnitude heavier; `GC_COMPACT_ITERS` below tunes the total runtime
+  # (~6-9 min on CI at 200).  An earlier version forced GC.stress onto the
+  # *entire* suite (~800 examples): it ran 1h40m+ and never finished, while
+  # testing borrowed-pointer discipline on hundreds of examples that have none.
+  # The rest of the suite still runs in ci.yml.
+  #
+  # THREADING is deliberately OFF here.  The :threading suite is 8 threads x tens
+  # of iterations; it runs in ci.yml and its GC-sensitive examples opt into
+  # GC.stress themselves, so cross-thread interactions are covered there.
+  gc-compact-stress:
+    # Nightly / on-demand only - not on push (the valgrind job is the post-merge
+    # gate; GC.stress is heavy and structural, so it does not need per-push runs).
+    if: github.event_name != 'push'
+    name: GC.auto_compact + GC.stress (Ruby ${{ matrix.ruby }})
+    runs-on: ubuntu-latest
+    timeout-minutes: 30
+    env:
+      GC_COMPACT_STRESS: "1"
+      # Per-iteration cost under per-allocation compacting GC is ~1000x normal, so
+      # the churn loops run this many iterations (vs their normal 200-1000). Tunes
+      # the job's runtime; raise for more coverage, lower if it approaches the
+      # timeout.
+      GC_COMPACT_ITERS: "200"
+    strategy:
+      fail-fast: false
+      matrix:
+        ruby: ["3.4"]
+
+    steps:
+      - name: Checkout (with vendored Lexbor submodule)
+        uses: actions/checkout@v6
+        with:
+          submodules: recursive
+
+      - name: Ensure cmake is available
+        uses: lukka/get-cmake@latest
+
+      - name: Set up Ruby
+        uses: ruby/setup-ruby@v1
+        with:
+          ruby-version: ${{ matrix.ruby }}
+          bundler-cache: true
+
+      - name: Compile the extension
+        run: bundle exec rake compile
+
+      # GC_COMPACT_STRESS=1 (set in env above) makes spec_helper enable
+      # auto_compact globally and wrap each example in GC.stress; --tag gc_compact
+      # limits the run to the borrowed-pointer examples.
+      - name: Run GC-sensitive examples under GC.auto_compact + GC.stress
+        run: bundle exec rspec --tag gc_compact spec

data/CHANGELOG.md

@@ -5,7 +5,130 @@ All notable changes to this project will be documented in this file.
 The format follows [Keep a Changelog](https://keepachangelog.com/en/1.1.0/),
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
-## [Unreleased]
+## [0.5.0] - 2026-06-14
+
+### Fixed
+
+* Use-after-free when an XPath custom-function handler mutated the same
+  `XPathContext` (`register_*` / `node=`) mid-`evaluate`: such re-entrant context
+  mutation is now refused instead of invalidating the running evaluation's state.
+
+* `Node#name=` now invalidates the element-name index, so a later `//tag` query
+  reflects the rename instead of seeing a stale bucket.
+
+* XML processing-instruction targets now follow XML 1.0 §2.6: a PITarget is a
+  `Name`, not an NCName, so a colon is permitted (`<?a:b ...?>` parses, and
+  `create_processing_instruction("a:b", ...)` succeeds). Only the reserved `xml`
+  (any case) is still rejected. Previously a colon in a PI target was rejected as
+  not-well-formed, which was stricter than the spec (a PI target is not subject to
+  namespace processing).
+
+* Memory leaks of the internal XPath evaluation context on error / edge paths: a
+  `Makiri::XML` `#css` / `#xpath` / `#at_xpath` whose selector or expression failed
+  the text-input contract leaked the context (it is now verified BEFORE the context
+  is allocated), and a context could leak if building the Ruby result raised (it is
+  now freed before conversion).
+
+### Added
+
+* `ProcessingInstruction#target` on the XML node (the PI's target name).
+
+* Cross-kind `Document#import_node(node, deep = false)`. `import_node` now
+  translates a subtree across representations: `Makiri::XML::Document#import_node`
+  (newly added) imports an HTML (Lexbor) node by translating it to the XML node
+  representation, and `Makiri::HTML::Document#import_node` likewise translates an
+  XML node to HTML. Same-representation imports keep working (HTML to HTML via
+  Lexbor, XML to XML via the arena deep/shallow copy). The result is a detached
+  copy owned by the target document; the source is untouched. Elements (with
+  attributes), text, comment, and processing-instruction nodes translate both
+  ways, and an HTML `<template>`'s contents (which HTML keeps in a separate
+  fragment) are carried across rather than silently dropped; an XML CDATA section
+  has no HTML counterpart, so translating one into an HTML document fails closed
+  (`Makiri::Error`). Namespaces are preserved across the translation: HTML->XML
+  synthesizes the xmlns declarations needed to reproduce each node's namespace
+  (so e.g. an inline `<svg>` stays in the SVG namespace and HTML elements in the
+  XHTML namespace), and XML->HTML maps the namespace URI back to a Lexbor
+  namespace id, interning any URI (not only the ones Lexbor knows by default) so
+  custom namespaces survive too. An HTML-namespaced `<template>`'s content is
+  placed in its content fragment (HTMLTemplateElement.content), like a parsed
+  template. The other node-argument mutators
+  (`add_child`/`before`/`after`/`replace`/`fragment`) still reject a foreign-kind
+  node; `import_node` is the one sanctioned crossing point.
+
+* `set_attribute_ns(namespace, qualified_name, value)` and
+  `remove_attribute_ns(namespace, local_name)` on `Makiri::XML` elements - the DOM
+  setAttributeNS / removeAttributeNS, keyed on the (explicit namespace, local name)
+  pair so two attributes with the same qualified name in different namespaces
+  coexist (a null/"" namespace is the null namespace).
+
+* `Makiri::Lexbor::CSS.parse_stylesheet(text)`, a thin binding over Lexbor's
+  CSS stylesheet parser that returns the parsed rules as plain Ruby primitives
+  (`{type: :style, selectors: [{text:, specificity: [a,b,c]}, ...],
+  declarations: [{name:, value:, important:}, ...]}` and nested
+  `{type: :media, condition:, rules: [...]}`, in source order). Selector
+  specificity and value normalization come from Lexbor; `css-syntax-3` error
+  recovery means a broken stylesheet yields its valid rules instead of raising.
+  Hosts the new `Makiri::Lexbor::*` namespace (the unabstracted lexbor-native
+  surface, distinct from the Nokogiri-compatible `Makiri::*`).
+
+## [0.4.0] - 2026-06-12
+
+### Added
+
+* CSS selectors on `Makiri::XML`. `#css` / `#at_css` / `#matches?`, lowered
+  to the native XPath engine (case-sensitive, namespace-aware). Covers the
+  standard selector set including combinator arguments to `:is`/`:where`/`:not`/
+  `:has`, untyped `:*-of-type`, and `:lexbor-contains`. Verified by a differential
+  against `Nokogiri::XML` plus property-based tests.
+
+* `Makiri::XML::Builder`, a Nokogiri-compatible DSL for building an XML
+  document or subtree from scratch (block / `instance_eval` forms, namespaced
+  elements via `xml["prefix"]`, the `tag.class.id!` attribute short-cuts, raw-XML
+  `<<`, and `.with`). Verified by a differential against `Nokogiri::XML::Builder`.
+
+### Changed
+
+* The XML declaration emits `encoding="UTF-8"` only when the source declared
+  one (or `#to_xml(encoding:)` is passed); built or declaration-less documents
+  now serialize to a bare `<?xml version="1.0"?>`, like Nokogiri (the output is
+  UTF-8 either way).
+
+* Faster XML queries. A document-rooted `//name` / `css("name")` is served
+  from a lazily-built element-name index instead of a full-tree walk (~11x
+  Nokogiri on the benchmark feed); name tests resolve their prefix once per step,
+  and `at_css` / `at_xpath` short-circuit on prefixed name tests.
+
+* CSS class/ID selectors now match case-sensitively in no-quirks documents
+  (case-insensitively only in quirks mode), like browsers and `Nokogiri::HTML5` -
+  via an upstreamed Lexbor fix (see below).
+
+* XPath number parsing now follows the XPath 1.0 `Number` grammar exactly and
+  is locale-independent, matching libxml2/Nokogiri and browsers. C `strtod`'s
+  superset forms are no longer accepted: `1e3` / `0x1A` lex as a Number followed
+  by a name (a syntax error as a full expression, where they previously parsed
+  as 1000 / 26), `number()` returns NaN for exponent/hex/`+`-signed strings, and
+  only XPath whitespace (space/tab/CR/LF, not `\v`/`\f`) is trimmed around the
+  coerced value. Valid literals (`5.`, `.5`, `1.5`) are unchanged.
+
+### Security
+
+* Updated the vendored Lexbor (v3.0.0 -> `3a2d595`), which includes two
+  CSS-selector fixes we upstreamed - class/ID case-sensitivity follows quirks
+  mode, and a prefix-less type selector no longer defaults to the universal
+  namespace - plus a heap-overflow fix in its `:lexbor-contains()` parser
+  (reached from `Node#css`) and other post-v3.0.0 bugfixes. (An untagged master
+  commit, taken deliberately; see CLAUDE.md.)
+
+* Hardened native memory safety. The XML arena is ASan-red-zoned to catch
+  intra-arena overflows, the engines are fuzzed under ASan/UBSan, and buffer
+  growth is bounded by a hard ceiling.
+
+* Extended the lint-enforced bounded-reader (`mkr_span`) discipline to the
+  remaining byte-scanning code: the source-location line table, the XPath
+  string-function scanners (now explicitly length-bounded instead of relying on
+  the NUL contract), and the number parse above. Fixed a borrowed-RSTRING
+  pointer held across a potential GC point in the XML encoding sniffer, and a
+  missing NUL-termination guarantee in the libFuzzer XPath harness.
 
 ## [0.3.0] - 2026-06-06
 
@@ -239,7 +362,9 @@ libxml2 / libxslt dependency at any layer**.
   domxpath, CSS differential vs `Nokogiri::HTML5`). GitHub Actions CI across
   Ruby 3.2–4.0 × Ubuntu/macOS plus a sanitizer job.
 
-[Unreleased]: https://github.com/takahashim/makiri/compare/v0.3.0...HEAD
+[Unreleased]: https://github.com/takahashim/makiri/compare/v0.5.0...HEAD
+[0.5.0]: https://github.com/takahashim/makiri/compare/v0.4.0...v0.5.0
+[0.4.0]: https://github.com/takahashim/makiri/compare/v0.3.0...v0.4.0
 [0.3.0]: https://github.com/takahashim/makiri/compare/v0.2.0...v0.3.0
 [0.2.0]: https://github.com/takahashim/makiri/compare/v0.1.0...v0.2.0
 [0.1.0]: https://github.com/takahashim/makiri/releases/tag/v0.1.0