Skip to content

refactor: Bump markdown-it and graphiql#3372

Open
dependabot[bot] wants to merge 1 commit into
alphafrom
dependabot/npm_and_yarn/multi-cc260d2376
Open

refactor: Bump markdown-it and graphiql#3372
dependabot[bot] wants to merge 1 commit into
alphafrom
dependabot/npm_and_yarn/multi-cc260d2376

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jun 16, 2026

Copy link
Copy Markdown
Contributor

Bumps markdown-it to 14.3.0 and updates ancestor dependency graphiql. These dependencies need to be updated together.

Updates markdown-it from 12.3.2 to 14.3.0

Changelog

Sourced from markdown-it's changelog.

[14.3.0] - 2026-07-02

Changed

  • Reworked build pipeline & tools.
  • Added source maps.
  • Bumped linkify-it to 5.0.2.

Fixed

  • Preserve backslash-space hard line breaks, matching CommonMark 6.7, #1185.

[14.2.0] - 2026-05-24

Added

  • isPunctCharCode to utilities.

Fixed

  • Don't end HTML comment blocks on a blank line, #1155.
  • Properly recognize astral chars (surrogates) in delimiter scans for emphasis-like markers, #1072. Big thanks to @​tats-u for his global efforts with improving CJK support.
  • Preserve unicode whitespaces when trimm headings/paragraphs, #1074.
  • More strict entities decode to avoid false positives ;, #1096.
  • Restore block parser state on fail in lheading rule, #1131.

Security

  • Fixed poor smartquotes perfomance on > 70k quotes in single block
  • Bumped linkify-it to 5.0.1 with fixed potential perfomance issues.

[14.1.1] - 2026-01-11

Security

  • Fixed regression from v13 in linkify inline rule. Specific patterns could cause high CPU use. Thanks to @​ltduc147 for report.

[14.1.0] - 2024-03-19

Changed

  • Updated CM spec compatibility to 0.31.2, #1009.

Fixed

  • Fixed quadratic complexity when parsing references, #996.
  • Fixed quadratic output size with pathological user input in tables, #1000.

[14.0.0] - 2023-12-08

Changed

  • Drop ancient browsers support (use .fromCodePoint and other features).
  • Rewrite to ESM (including all plugins/deps). CJS fallback still available. No signatures changed, except markdown-it-emoji plugin.
  • Dropped dist/ folder from repo, build on package publish.

... (truncated)

Commits
  • ff0ee08 14.3.0 released
  • 52e2749 Bump linkify-it / vite deps
  • 56c2404 fix: keep backslash-space hard line break (CommonMark 6.7) (#1185)
  • 0fbb18b Bump vite from 8.0.14 to 8.0.16 (#1181)
  • 83450e2 Rework benchmark deps and bump versions
  • 57a6863 benchmark => tinybench
  • 7608db1 Update CI config
  • 9d8eb42 Added package-lock and updated versions to latest possible
  • 0aee70d lint: enable @​stylistic/no-multi-spaces rule
  • 8878985 lint => neostandard
  • Additional commits viewable in compare view

Updates graphiql from 2.0.8 to 5.2.4

Release notes

Sourced from graphiql's releases.

graphiql@5.2.4

Patch Changes

graphiql@5.2.4-alpha.0

Patch Changes

  • Updated dependencies [5f44a27]:
    • @​graphiql/react@​0.37.6-alpha.0
    • @​graphiql/plugin-doc-explorer@​0.4.3-alpha.0
    • @​graphiql/plugin-history@​0.4.3-alpha.0

graphiql@5.2.3

Patch Changes

  • #4181 f1a210e Thanks @​trevor-scheer! - Fix schema prop to skip introspection when IntrospectionQuery data is provided

    Previously, passing an IntrospectionQuery result as the schema prop would still trigger a network introspection request. The shouldIntrospect check only recognized GraphQLSchema instances (via isSchema), not raw introspection data. Now, when an IntrospectionQuery is passed, a schema is built from it directly using buildClientSchema and introspection is skipped.

  • #4211 e7b30c1 Thanks @​davidjb! - Add *.css to sideEffects to allow import of CSS in Webpack Javascript

  • Updated dependencies [f1a210e, 6f5d5d2, 40359eb, e7b30c1]:

    • @​graphiql/react@​0.37.4
    • @​graphiql/plugin-doc-explorer@​0.4.2
    • @​graphiql/plugin-history@​0.4.2

graphiql@5.2.2

Patch Changes

  • #4133 1bc6568 Thanks @​dimaMachina! - to fix esm.sh example we should pin monaco-editor peer dependency to versions ≥ 0.20.0 and < 0.53, since monaco-editor@^0.53.0 isn't supported yet with monaco-graphql

  • Updated dependencies [1bc6568]:

    • @​graphiql/react@​0.37.3

graphiql@5.2.1

Patch Changes

graphiql@5.2.0

Minor Changes

... (truncated)

Changelog

Sourced from graphiql's changelog.

5.2.4

Patch Changes

5.2.3

Patch Changes

  • #4181 f1a210e Thanks @​trevor-scheer! - Fix schema prop to skip introspection when IntrospectionQuery data is provided

    Previously, passing an IntrospectionQuery result as the schema prop would still trigger a network introspection request. The shouldIntrospect check only recognized GraphQLSchema instances (via isSchema), not raw introspection data. Now, when an IntrospectionQuery is passed, a schema is built from it directly using buildClientSchema and introspection is skipped.

  • #4211 e7b30c1 Thanks @​davidjb! - Add *.css to sideEffects to allow import of CSS in Webpack Javascript

  • Updated dependencies [f1a210e, 6f5d5d2, 40359eb, e7b30c1]:

    • @​graphiql/react@​0.37.4
    • @​graphiql/plugin-doc-explorer@​0.4.2
    • @​graphiql/plugin-history@​0.4.2

5.2.2

Patch Changes

  • #4133 1bc6568 Thanks @​dimaMachina! - to fix esm.sh example we should pin monaco-editor peer dependency to versions ≥ 0.20.0 and < 0.53, since monaco-editor@^0.53.0 isn't supported yet with monaco-graphql

  • Updated dependencies [1bc6568]:

    • @​graphiql/react@​0.37.3

5.2.1

Patch Changes

5.2.0

Minor Changes

  • #4081 4950dec Thanks @​dimaMachina! - feat: add loader for initial loading of operation editor fix: adjust command palette width, border and remove box-shadow feat: add short cut Cmd/Ctrl + , for opening GraphiQL settings dialog

... (truncated)

Commits
Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for graphiql since your current version.


@dependabot dependabot Bot added dependencies Bot label; pull requests that updates a dependency file javascript Pull requests that update javascript code labels Jun 16, 2026
Bumps [markdown-it](https://github.com/markdown-it/markdown-it) to 14.3.0 and updates ancestor dependency [graphiql](https://github.com/graphql/graphiql/tree/HEAD/packages/graphiql). These dependencies need to be updated together.


Updates `markdown-it` from 12.3.2 to 14.3.0
- [Changelog](https://github.com/markdown-it/markdown-it/blob/master/CHANGELOG.md)
- [Commits](markdown-it/markdown-it@12.3.2...14.3.0)

Updates `graphiql` from 2.0.8 to 5.2.4
- [Release notes](https://github.com/graphql/graphiql/releases)
- [Changelog](https://github.com/graphql/graphiql/blob/main/packages/graphiql/CHANGELOG.md)
- [Commits](https://github.com/graphql/graphiql/commits/graphiql@5.2.4/packages/graphiql)

---
updated-dependencies:
- dependency-name: graphiql
  dependency-version: 5.2.4
  dependency-type: direct:production
- dependency-name: markdown-it
  dependency-version: 14.2.0
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot force-pushed the dependabot/npm_and_yarn/multi-cc260d2376 branch from 086b129 to f64441b Compare July 4, 2026 15:16
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Bot label; pull requests that updates a dependency file javascript Pull requests that update javascript code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants