Skip to content

chore(deps): bump markdown-it from 14.1.1 to 14.2.0 in the npm_and_yarn group across 1 directory#36

Merged
NeiRo21 merged 1 commit into
mainfrom
dependabot/npm_and_yarn/npm_and_yarn-2a4837647d
Jun 30, 2026
Merged

chore(deps): bump markdown-it from 14.1.1 to 14.2.0 in the npm_and_yarn group across 1 directory#36
NeiRo21 merged 1 commit into
mainfrom
dependabot/npm_and_yarn/npm_and_yarn-2a4837647d

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jun 17, 2026

Copy link
Copy Markdown

Bumps the npm_and_yarn group with 1 update in the / directory: markdown-it.

Updates markdown-it from 14.1.1 to 14.2.0

Changelog

Sourced from markdown-it's changelog.

[14.2.0] - 2026-05-24

Added

  • isPunctCharCode to utilities.

Fixed

  • Don't end HTML comment blocks on a blank line, #1155.
  • Properly recognize astral chars (surrogates) in delimiter scans for emphasis-like markers, #1072. Big thanks to @​tats-u for his global efforts with improving CJK support.
  • Preserve unicode whitespaces when trimm headings/paragraphs, #1074.
  • More strict entities decode to avoid false positives ;, #1096.
  • Restore block parser state on fail in lheading rule, #1131.

Security

  • Fixed poor smartquotes perfomance on > 70k quotes in single block
  • Bumped linkify-it to 5.0.1 with fixed potential perfomance issues.
Commits

@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Jun 17, 2026
@github-actions

github-actions Bot commented Jun 17, 2026

Copy link
Copy Markdown

Dependency Review

✅ No vulnerabilities or license issues or OpenSSF Scorecard issues found.

OpenSSF Scorecard

PackageVersionScoreDetails
npm/linkify-it 5.0.1 🟢 4
Details
CheckScoreReason
Maintained🟢 95 commit(s) and 6 issue activity found in the last 90 days -- score normalized to 9
Code-Review⚠️ 0Found 0/30 approved changesets -- score normalized to 0
Packaging⚠️ -1packaging workflow not detected
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
SAST⚠️ 0no SAST tool detected
Binary-Artifacts🟢 10no binaries found in the repo
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Fuzzing⚠️ 0project is not fuzzed
License🟢 10license file detected
Signed-Releases⚠️ -1no releases found
Branch-Protection⚠️ 0branch protection not enabled on development/release branches
Security-Policy🟢 4security policy file detected
npm/markdown-it 14.2.0 🟢 6.5
Details
CheckScoreReason
Maintained🟢 103 commit(s) out of 30 and 13 issue activity out of 30 found in the last 90 days -- score normalized to 10
Code-Review🟢 3GitHub code reviews found for 10 commits out of the last 30 -- score normalized to 3
CII-Best-Practices⚠️ 0no badge detected
Vulnerabilities🟢 10no vulnerabilities detected
Security-Policy🟢 10security policy file detected
Token-Permissions⚠️ 0non read-only tokens detected in GitHub workflows
Dependency-Update-Tool🟢 10update tool detected
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Packaging⚠️ -1no published package detected
License🟢 10license file detected
Pinned-Dependencies🟢 7dependency not pinned by hash detected -- score normalized to 7
Binary-Artifacts🟢 10no binaries found in the repo
Signed-Releases⚠️ -1no releases found
Branch-Protection⚠️ 0branch protection not enabled on development/release branches
Fuzzing⚠️ 0project is not fuzzed

Scanned Files

  • package-lock.json

@NeiRo21

NeiRo21 commented Jun 30, 2026

Copy link
Copy Markdown
Owner

@dependabot rebase

Bumps the npm_and_yarn group with 1 update in the / directory: [markdown-it](https://github.com/markdown-it/markdown-it).


Updates `markdown-it` from 14.1.1 to 14.2.0
- [Changelog](https://github.com/markdown-it/markdown-it/blob/master/CHANGELOG.md)
- [Commits](markdown-it/markdown-it@14.1.1...14.2.0)

---
updated-dependencies:
- dependency-name: markdown-it
  dependency-version: 14.2.0
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot
dependabot Bot force-pushed the dependabot/npm_and_yarn/npm_and_yarn-2a4837647d branch from 53a80f5 to 24f76f1 Compare June 30, 2026 10:09
@NeiRo21
NeiRo21 merged commit 7b39ea4 into main Jun 30, 2026
6 checks passed
@NeiRo21
NeiRo21 deleted the dependabot/npm_and_yarn/npm_and_yarn-2a4837647d branch June 30, 2026 10:29
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant