Skip to content

Bump markdown-it from 12.3.2 to 14.2.0#1946

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/markdown-it-14.2.0
Open

Bump markdown-it from 12.3.2 to 14.2.0#1946
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/markdown-it-14.2.0

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jul 2, 2026

Copy link
Copy Markdown
Contributor

Bumps markdown-it from 12.3.2 to 14.2.0.

Changelog

Sourced from markdown-it's changelog.

[14.2.0] - 2026-05-24

Added

  • isPunctCharCode to utilities.

Fixed

  • Don't end HTML comment blocks on a blank line, #1155.
  • Properly recognize astral chars (surrogates) in delimiter scans for emphasis-like markers, #1072. Big thanks to @​tats-u for his global efforts with improving CJK support.
  • Preserve unicode whitespaces when trimm headings/paragraphs, #1074.
  • More strict entities decode to avoid false positives ;, #1096.
  • Restore block parser state on fail in lheading rule, #1131.

Security

  • Fixed poor smartquotes perfomance on > 70k quotes in single block
  • Bumped linkify-it to 5.0.1 with fixed potential perfomance issues.

[14.1.1] - 2026-01-11

Security

  • Fixed regression from v13 in linkify inline rule. Specific patterns could cause high CPU use. Thanks to @​ltduc147 for report.

[14.1.0] - 2024-03-19

Changed

  • Updated CM spec compatibility to 0.31.2, #1009.

Fixed

  • Fixed quadratic complexity when parsing references, #996.
  • Fixed quadratic output size with pathological user input in tables, #1000.

[14.0.0] - 2023-12-08

Changed

  • Drop ancient browsers support (use .fromCodePoint and other features).
  • Rewrite to ESM (including all plugins/deps). CJS fallback still available. No signatures changed, except markdown-it-emoji plugin.
  • Dropped dist/ folder from repo, build on package publish.
  • Set punicode.js as external dependency.

Fixed

  • Html tokens inside img alt are now rendered as their original text, #896.
  • Hardbreaks inside img alt are now rendered as newlines.

[13.0.2] - 2023-09-26

Security

  • Fixed crash/infinite loop caused by linkify inline rule, #957.

... (truncated)

Commits

@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code labels Jul 2, 2026
@dependabot dependabot Bot temporarily deployed to test-trigger-is July 2, 2026 08:50 Inactive
@dependabot dependabot Bot force-pushed the dependabot/npm_and_yarn/markdown-it-14.2.0 branch from f0df8f1 to dbea635 Compare July 2, 2026 11:33
@dependabot dependabot Bot temporarily deployed to test-trigger-is July 2, 2026 11:33 Inactive
@dependabot dependabot Bot force-pushed the dependabot/npm_and_yarn/markdown-it-14.2.0 branch from dbea635 to 9dedc3d Compare July 2, 2026 12:51
@dependabot dependabot Bot temporarily deployed to test-trigger-is July 2, 2026 12:52 Inactive
@rugpanov

rugpanov commented Jul 2, 2026

Copy link
Copy Markdown
Contributor

Status: cannot merge yet — two blockers.

1. Internal package mirror (blocking CI). yarn install --immutable fails because a transitive dep of markdown-it 14 isn't on the Databricks JFrog artifactory mirror:

YN0035: linkify-it@npm:5.0.2: Response Code: 403 (Forbidden)
  https://databricks.jfrog.io/artifactory/api/npm/db-npm/linkify-it/-/linkify-it-5.0.2.tgz

2. Major version bump of a direct dependency (needs verification). This is markdown-it 12 → 14 (two majors), and markdown-it is a direct dependency used by the extension's rendering. v13/v14 include breaking API changes, so this shouldn't be merged as a routine bump — the extension's markdown rendering (docs panels, hover, etc.) needs to be verified against v14 first.

When we can merge: (a) linkify-it@5.0.2 (and any other 403'd transitive deps) mirrored into db-npm so CI passes, and (b) the markdown-it v14 breaking changes reviewed and the extension's markdown rendering confirmed working. Leaving open pending both.

Bumps [markdown-it](https://github.com/markdown-it/markdown-it) from 12.3.2 to 14.2.0.
- [Changelog](https://github.com/markdown-it/markdown-it/blob/master/CHANGELOG.md)
- [Commits](markdown-it/markdown-it@12.3.2...14.2.0)

---
updated-dependencies:
- dependency-name: markdown-it
  dependency-version: 14.2.0
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot force-pushed the dependabot/npm_and_yarn/markdown-it-14.2.0 branch from 9dedc3d to d7ee87d Compare July 2, 2026 13:49
@github-actions

github-actions Bot commented Jul 2, 2026

Copy link
Copy Markdown
Contributor

If integration tests don't run automatically, an authorized user can run them manually by following the instructions below:

Trigger:
go/deco-tests-run/vscode

Inputs:

  • PR number: 1946
  • Commit SHA: d7ee87d9faf0d6eb75bf911b79718d4f43111267

Checks will be approved automatically on success.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant