build(deps-dev): bump markdown-it to v14.1.1 [SECURITY] by renovate[bot] · Pull Request #881

build(deps-dev): bump markdown-it to v14.1.1 [SECURITY] by renovate[bot] · Pull Request #881 · OpenINF/.github

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence
markdown-it	`14.1.0` → `14.1.1`

GitHub Vulnerability Alerts

CVE-2026-2327

Versions of the package markdown-it from 13.0.0 and before 14.1.1 are vulnerable to Regular Expression Denial of Service (ReDoS) due to the use of the regex /*+$/ in the linkify function. An attacker can supply a long sequence of * characters followed by a non-matching character, which triggers excessive backtracking and may lead to a denial-of-service condition.

Release Notes

markdown-it/markdown-it (markdown-it)

`v14.1.1`

Compare Source

Security

Fixed regression from v13 in linkify inline rule. Specific patterns could
cause high CPU use. Thanks to @ltduc147 for report.

Configuration

📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Enabled.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.