Skip to content

refactor: Bump markdown-it from 14.1.0 to 14.3.0#10510

Merged
mtrezza merged 1 commit into
alphafrom
dependabot/npm_and_yarn/markdown-it-14.2.0
Jul 13, 2026
Merged

refactor: Bump markdown-it from 14.1.0 to 14.3.0#10510
mtrezza merged 1 commit into
alphafrom
dependabot/npm_and_yarn/markdown-it-14.2.0

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jun 16, 2026

Copy link
Copy Markdown
Contributor

Bumps markdown-it from 14.1.0 to 14.3.0.

Changelog

Sourced from markdown-it's changelog.

[14.3.0] - 2026-07-02

Changed

  • Reworked build pipeline & tools.
  • Added source maps.
  • Bumped linkify-it to 5.0.2.

Fixed

  • Preserve backslash-space hard line breaks, matching CommonMark 6.7, #1185.

[14.2.0] - 2026-05-24

Added

  • isPunctCharCode to utilities.

Fixed

  • Don't end HTML comment blocks on a blank line, #1155.
  • Properly recognize astral chars (surrogates) in delimiter scans for emphasis-like markers, #1072. Big thanks to @​tats-u for his global efforts with improving CJK support.
  • Preserve unicode whitespaces when trimm headings/paragraphs, #1074.
  • More strict entities decode to avoid false positives ;, #1096.
  • Restore block parser state on fail in lheading rule, #1131.

Security

  • Fixed poor smartquotes perfomance on > 70k quotes in single block
  • Bumped linkify-it to 5.0.1 with fixed potential perfomance issues.

[14.1.1] - 2026-01-11

Security

  • Fixed regression from v13 in linkify inline rule. Specific patterns could cause high CPU use. Thanks to @​ltduc147 for report.
Commits
  • ff0ee08 14.3.0 released
  • 52e2749 Bump linkify-it / vite deps
  • 56c2404 fix: keep backslash-space hard line break (CommonMark 6.7) (#1185)
  • 0fbb18b Bump vite from 8.0.14 to 8.0.16 (#1181)
  • 83450e2 Rework benchmark deps and bump versions
  • 57a6863 benchmark => tinybench
  • 7608db1 Update CI config
  • 9d8eb42 Added package-lock and updated versions to latest possible
  • 0aee70d lint: enable @​stylistic/no-multi-spaces rule
  • 8878985 lint => neostandard
  • Additional commits viewable in compare view

@dependabot dependabot Bot added dependencies Bot label; pull requests that updates a dependency file javascript Pull requests that update javascript code labels Jun 16, 2026
@dependabot dependabot Bot force-pushed the dependabot/npm_and_yarn/markdown-it-14.2.0 branch 3 times, most recently from f22274f to ef430ce Compare June 19, 2026 23:16
@dependabot dependabot Bot force-pushed the dependabot/npm_and_yarn/markdown-it-14.2.0 branch from ef430ce to 7841487 Compare June 25, 2026 09:19
@dependabot dependabot Bot changed the title refactor: Bump markdown-it from 14.1.0 to 14.2.0 refactor: Bump markdown-it from 14.1.0 to 14.3.0 Jul 7, 2026
@dependabot dependabot Bot force-pushed the dependabot/npm_and_yarn/markdown-it-14.2.0 branch 7 times, most recently from ede9655 to 8462c29 Compare July 13, 2026 01:09
@mtrezza

mtrezza commented Jul 13, 2026

Copy link
Copy Markdown
Member

@coderabbitai review

@coderabbitai

coderabbitai Bot commented Jul 13, 2026

Copy link
Copy Markdown
✅ Action performed

Review finished.

Note: CodeRabbit is an incremental review system and does not re-review already reviewed commits. This command is applicable only when automatic reviews are paused.

@coderabbitai

coderabbitai Bot commented Jul 13, 2026

Copy link
Copy Markdown

Review Change Stack

Important

Review skipped

Bot user detected.

To trigger a single review, invoke the @coderabbitai review command.

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: ea6e2ebe-e7dc-4e65-b71e-e18c123df88d

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Use the checkbox below for a quick retry:

  • 🔍 Trigger review
📝 Walkthrough

Walkthrough

The lockfile updates linkify-it to 5.0.2 and markdown-it to 14.3.0, refreshes resolved URLs and integrity hashes, adds funding metadata, and updates markdown-it requirements for entities and linkify-it.

Changes

Dependency lockfile updates

Layer / File(s) Summary
Synchronize markdown dependency metadata
package-lock.json
Updates locked package versions, integrity metadata, funding entries, and dependency constraints for linkify-it, markdown-it, and entities.

Estimated code review effort: 1 (Trivial) | ~5 minutes


Caution

Pre-merge checks failed

Please resolve all errors before merging. Addressing warnings is optional.

  • Ignore

❌ Failed checks (1 error, 1 inconclusive)

Check name Status Explanation Resolution
Description check ❌ Error The description is on-topic but misses required template sections like Issue, Approach, and Tasks. Add the Issue, Approach, and Tasks sections from the template, including completed checkboxes or notes for skipped items.
Engage In Review Feedback ❓ Inconclusive No review-comment or discussion artifacts are present here; only the lockfile bump is visible, so engagement with feedback can't be verified. Provide the PR review thread or a linked commit/reply showing the feedback was discussed and either implemented or retracted.
✅ Passed checks (5 passed)
Check name Status Explanation
Docstring Coverage ✅ Passed No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check ✅ Passed Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check ✅ Passed Check skipped because no linked issues were found for this pull request.
Security Check ✅ Passed PASS: Only package-lock changed; markdown-it moved from 14.1.0 to 14.3.0, fixing the GHSA-vgm8-mvfh-rj89 XSS advisory. No source code changed.
Title check ✅ Passed The title accurately summarizes the dependency upgrade and matches the required prefix.
✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Commit unit tests in branch dependabot/npm_and_yarn/markdown-it-14.2.0

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands.

Bumps [markdown-it](https://github.com/markdown-it/markdown-it) from 14.1.0 to 14.3.0.
- [Changelog](https://github.com/markdown-it/markdown-it/blob/master/CHANGELOG.md)
- [Commits](markdown-it/markdown-it@14.1.0...14.3.0)

---
updated-dependencies:
- dependency-name: markdown-it
  dependency-version: 14.2.0
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot force-pushed the dependabot/npm_and_yarn/markdown-it-14.2.0 branch from 8462c29 to ce48b94 Compare July 13, 2026 02:37
@mtrezza mtrezza merged commit 5c25152 into alpha Jul 13, 2026
23 checks passed
@mtrezza mtrezza deleted the dependabot/npm_and_yarn/markdown-it-14.2.0 branch July 13, 2026 03:22
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Bot label; pull requests that updates a dependency file javascript Pull requests that update javascript code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant