Skip to content

chore(deps): bump markdown-it from 14.2.0 to 14.3.0#146

Merged
helebest merged 1 commit into
mainfrom
dependabot/npm_and_yarn/markdown-it-14.3.0
Jul 4, 2026
Merged

chore(deps): bump markdown-it from 14.2.0 to 14.3.0#146
helebest merged 1 commit into
mainfrom
dependabot/npm_and_yarn/markdown-it-14.3.0

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jul 4, 2026

Copy link
Copy Markdown
Contributor

Bumps markdown-it from 14.2.0 to 14.3.0.

Changelog

Sourced from markdown-it's changelog.

[14.3.0] - 2026-07-02

Changed

  • Reworked build pipeline & tools.
  • Added source maps.
  • Bumped linkify-it to 5.0.2.

Fixed

  • Preserve backslash-space hard line breaks, matching CommonMark 6.7, #1185.
Commits
  • ff0ee08 14.3.0 released
  • 52e2749 Bump linkify-it / vite deps
  • 56c2404 fix: keep backslash-space hard line break (CommonMark 6.7) (#1185)
  • 0fbb18b Bump vite from 8.0.14 to 8.0.16 (#1181)
  • 83450e2 Rework benchmark deps and bump versions
  • 57a6863 benchmark => tinybench
  • 7608db1 Update CI config
  • 9d8eb42 Added package-lock and updated versions to latest possible
  • 0aee70d lint: enable @​stylistic/no-multi-spaces rule
  • 8878985 lint => neostandard
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Bumps [markdown-it](https://github.com/markdown-it/markdown-it) from 14.2.0 to 14.3.0.
- [Changelog](https://github.com/markdown-it/markdown-it/blob/master/CHANGELOG.md)
- [Commits](markdown-it/markdown-it@14.2.0...14.3.0)

---
updated-dependencies:
- dependency-name: markdown-it
  dependency-version: 14.3.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Jul 4, 2026

helebest commented Jul 4, 2026

Copy link
Copy Markdown
Contributor

Automated Dependabot review

Step 1 — Code review

  • Consistency: The PR description (bump markdown-it 14.2.0 → 14.3.0) matches the diff exactly — package.json + package-lock.json only, with the expected transitive updates (linkify-it 5.0.1 → 5.0.2, entities ^4.4.0^4.5.0). No source changes.
  • Correctness: 14.3.0 is a backward-compatible minor release. markdown-it is consumed by the markdown reader (src/components/MarkdownView.tsx / markdown-runtime.ts); the public API surface we use (.render, plugins, normalizeLink) is unchanged.
  • Conventions: Standard lockfile bump; adheres to the repo's dependency-management flow.
  • Security: Minor/patch-level updates, no known advisories introduced; linkify-it bump is a bugfix release.
  • Effectiveness: Achieves the stated dependency update.
  • Test coverage: No functional code change, so no new tests are required; existing unit tests for markdown rendering plus the Playwright markdown e2e specs exercise the affected reader path.

Step 2 — Regression verification
The required Verify (typecheck + coverage + build + e2e) job — which runs the full gate lint + format:check + typecheck + coverage + build + e2e — passed on head 272292f. All security scans (npm audit, gitleaks, Trivy, CodeQL) and the gate-integrity check are green.

Step 3 — CI: All required checks green.

Step 4 — Decision: Approving and squash-merging.


Generated by Claude Code

@helebest helebest merged commit 626b89c into main Jul 4, 2026
12 checks passed
@dependabot dependabot Bot deleted the dependabot/npm_and_yarn/markdown-it-14.3.0 branch July 4, 2026 05:20

helebest commented Jul 4, 2026

Copy link
Copy Markdown
Contributor

Automated Dependabot review

Step 1 — Code review

  • Change: markdown-it 14.2.0 → 14.3.0 (minor, runtime dependency consumed by src/components/MarkdownView.tsx / markdown-runtime.ts). Diff is limited to package.json + package-lock.json; the description matches the actual change.
  • Changelog (14.3.0): reworked build pipeline, added source maps, bumped linkify-it to 5.0.2, and one behavior fix — "preserve backslash-space hard line breaks, matching CommonMark 6.7" (#1185). No public API removals/renames; the app uses the standard MarkdownIt() render path, which is unaffected.
  • Security: no advisories associated with this release; linkify-it 5.0.2 is a routine transitive bump.
  • Effectiveness: achieves the stated minor bump; the CommonMark hard-line-break fix is a correctness improvement for the reader.

Step 2 — Regression verification

  • The full CI verify gate (lint, format:check, typecheck, unit/component coverage, vite build, Playwright e2e — including markdown-rendering specs) passed on head 272292f.

Step 3 — CI

  • All required checks green (mergeable_state: clean).

Step 4 — Decision: ✅ All steps passed — squash-merging.


Generated by Claude Code

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant