Skip to content

Bump markdown-it from 12.3.2 to 14.2.0#1946

Closed
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/markdown-it-14.2.0
Closed

Bump markdown-it from 12.3.2 to 14.2.0#1946
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/markdown-it-14.2.0

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jul 2, 2026

Copy link
Copy Markdown
Contributor

Bumps markdown-it from 12.3.2 to 14.2.0.

Changelog

Sourced from markdown-it's changelog.

[14.2.0] - 2026-05-24

Added

  • isPunctCharCode to utilities.

Fixed

  • Don't end HTML comment blocks on a blank line, #1155.
  • Properly recognize astral chars (surrogates) in delimiter scans for emphasis-like markers, #1072. Big thanks to @​tats-u for his global efforts with improving CJK support.
  • Preserve unicode whitespaces when trimm headings/paragraphs, #1074.
  • More strict entities decode to avoid false positives ;, #1096.
  • Restore block parser state on fail in lheading rule, #1131.

Security

  • Fixed poor smartquotes perfomance on > 70k quotes in single block
  • Bumped linkify-it to 5.0.1 with fixed potential perfomance issues.

[14.1.1] - 2026-01-11

Security

  • Fixed regression from v13 in linkify inline rule. Specific patterns could cause high CPU use. Thanks to @​ltduc147 for report.

[14.1.0] - 2024-03-19

Changed

  • Updated CM spec compatibility to 0.31.2, #1009.

Fixed

  • Fixed quadratic complexity when parsing references, #996.
  • Fixed quadratic output size with pathological user input in tables, #1000.

[14.0.0] - 2023-12-08

Changed

  • Drop ancient browsers support (use .fromCodePoint and other features).
  • Rewrite to ESM (including all plugins/deps). CJS fallback still available. No signatures changed, except markdown-it-emoji plugin.
  • Dropped dist/ folder from repo, build on package publish.
  • Set punicode.js as external dependency.

Fixed

  • Html tokens inside img alt are now rendered as their original text, #896.
  • Hardbreaks inside img alt are now rendered as newlines.

[13.0.2] - 2023-09-26

Security

  • Fixed crash/infinite loop caused by linkify inline rule, #957.

... (truncated)

Commits

@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code labels Jul 2, 2026
@dependabot dependabot Bot temporarily deployed to test-trigger-is July 2, 2026 08:50 Inactive
@dependabot dependabot Bot force-pushed the dependabot/npm_and_yarn/markdown-it-14.2.0 branch from f0df8f1 to dbea635 Compare July 2, 2026 11:33
@dependabot dependabot Bot temporarily deployed to test-trigger-is July 2, 2026 11:33 Inactive
@dependabot dependabot Bot force-pushed the dependabot/npm_and_yarn/markdown-it-14.2.0 branch from dbea635 to 9dedc3d Compare July 2, 2026 12:51
@dependabot dependabot Bot temporarily deployed to test-trigger-is July 2, 2026 12:52 Inactive
@rugpanov

rugpanov commented Jul 2, 2026

Copy link
Copy Markdown
Contributor

Status: cannot merge yet — two blockers.

1. Internal package mirror (blocking CI). yarn install --immutable fails because a transitive dep of markdown-it 14 isn't on the Databricks JFrog artifactory mirror:

YN0035: linkify-it@npm:5.0.2: Response Code: 403 (Forbidden)
  https://databricks.jfrog.io/artifactory/api/npm/db-npm/linkify-it/-/linkify-it-5.0.2.tgz

2. Major version bump of a direct dependency (needs verification). This is markdown-it 12 → 14 (two majors), and markdown-it is a direct dependency used by the extension's rendering. v13/v14 include breaking API changes, so this shouldn't be merged as a routine bump — the extension's markdown rendering (docs panels, hover, etc.) needs to be verified against v14 first.

When we can merge: (a) linkify-it@5.0.2 (and any other 403'd transitive deps) mirrored into db-npm so CI passes, and (b) the markdown-it v14 breaking changes reviewed and the extension's markdown rendering confirmed working. Leaving open pending both.

Bumps [markdown-it](https://github.com/markdown-it/markdown-it) from 12.3.2 to 14.2.0.
- [Changelog](https://github.com/markdown-it/markdown-it/blob/master/CHANGELOG.md)
- [Commits](markdown-it/markdown-it@12.3.2...14.2.0)

---
updated-dependencies:
- dependency-name: markdown-it
  dependency-version: 14.2.0
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot force-pushed the dependabot/npm_and_yarn/markdown-it-14.2.0 branch from 9dedc3d to d7ee87d Compare July 2, 2026 13:49
@github-actions

github-actions Bot commented Jul 2, 2026

Copy link
Copy Markdown
Contributor

If integration tests don't run automatically, an authorized user can run them manually by following the instructions below:

Trigger:
go/deco-tests-run/vscode

Inputs:

  • PR number: 1946
  • Commit SHA: d7ee87d9faf0d6eb75bf911b79718d4f43111267

Checks will be approved automatically on success.

@dependabot @github

dependabot Bot commented on behalf of github Jul 2, 2026

Copy link
Copy Markdown
Contributor Author

OK, I won't notify you again about this release, but will get in touch when a new version is available. If you'd rather skip all updates until the next major or minor version, let me know by commenting @dependabot ignore this major version or @dependabot ignore this minor version. You can also ignore all major, minor, or patch releases for a dependency by adding an ignore condition with the desired update_types to your config file.

If you change your mind, just re-open this PR and I'll resolve any conflicts on it.

@dependabot dependabot Bot deleted the dependabot/npm_and_yarn/markdown-it-14.2.0 branch July 2, 2026 16:35
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant