Bump markdown-it from 13.0.1 to 14.1.1
Open
Number: #483
Type: Pull Request
State: Open
Type: Pull Request
State: Open
Author:
![dependabot[bot]](https://github.com/dependabot.png)
dependabot[bot]
Association: Unknown
Comments: 1
dependabot[bot]Association: Unknown
Comments: 1
Created:
February 13, 2026 at 08:53 PM UTC
(4 months ago)
(4 months ago)
Updated:
March 21, 2026 at 03:32 AM UTC
(2 months ago)
(2 months ago)
Labels:
dependencies Stale javascript
dependencies Stale javascript
Description:
Bumps markdown-it from 13.0.1 to 14.1.1.
Changelog
Sourced from markdown-it's changelog.
[14.1.1] - 2026-01-11
Security
- Fixed regression from v13 in linkify inline rule. Specific patterns could cause high CPU use. Thanks to
@ltduc147for report.[14.1.0] - 2024-03-19
Changed
- Updated CM spec compatibility to 0.31.2, #1009.
Fixed
- Fixed quadratic complexity when parsing references, #996.
- Fixed quadratic output size with pathological user input in tables, #1000.
[14.0.0] - 2023-12-08
Changed
- Drop ancient browsers support (use
.fromCodePointand other features).- Rewrite to ESM (including all plugins/deps). CJS fallback still available. No signatures changed, except
markdown-it-emojiplugin.- Dropped
dist/folder from repo, build on package publish.- Set
punicode.jsas external dependency.Fixed
- Html tokens inside img alt are now rendered as their original text, #896.
- Hardbreaks inside img alt are now rendered as newlines.
[13.0.2] - 2023-09-26
Security
- Fixed crash/infinite loop caused by linkify inline rule, #957.
Fixed
- Throw an error if 3rd party plugin doesn't increment
lineorposcounters (previously, markdown-it would likely go into infinite loop instead), #847.
Commits
b4a9b6514.1.1 released4b4bbcaFixed perf regression in linkify-it wrapperd2782d8Add supplementary example-driven documentation (#1092)0fe7ccb14.1.0 releaseda367c44Fix typo in comments of text.mjs (#1015)7ad8179add changelog5e90063simplify logic in scanDelimsd7ce5ecMerge pull request #1009 from notriddle/spec-0.31.20bfc57dUpdate spec to 0.31.2cd24778Update to comply with spec 0.31.2- Additional commits viewable in compare view
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot show <dependency name> ignore conditionswill show all of the ignore conditions of the specified dependency@dependabot ignore this major versionwill close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this minor versionwill close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this dependencywill close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the Security Alerts page.
Package Dependencies
Technical Details
| ID: | 14732557 |
| UUID: | 3939162079 |
| Node ID: | PR_kwDOA7BWOs7DqSte |
| Host: | GitHub |
| Repository: | devsecopsmaturitymodel/DevSecOps-MaturityModel |