Gemfile in github-markup-4.0.0 vs Gemfile in github-markup-4.0.1

- old
+ new

@@ -3,10 +3,12 @@
 
 gem "posix-spawn", :platforms => :ruby
 gem "redcarpet", :platforms => :ruby
 gem "kramdown", :platforms => :jruby
 gem "RedCloth"
-gem "commonmarker", "~> 0.18.1"
+# using a tag version here because 0.18.3 was not published by the author to encourage users to upgrade.
+# however we want to bump up to this version since this has a security patch
+gem "commonmarker", git: "https://github.com/gjtorikian/commonmarker.git", tag: "v0.18.3"
 gem "rdoc", "~>3.6"
 gem "org-ruby", "= 0.9.9"
 gem "creole", "~>0.3.6"
 gem "wikicloth", "=0.8.3"
 gem "twitter-text", "~> 1.14"