Skip to content

chore(deps): bump marked from 15.0.12 to 17.0.6#1848

Open
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/npm_and_yarn/marked-17.0.6
Open

chore(deps): bump marked from 15.0.12 to 17.0.6#1848
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/npm_and_yarn/marked-17.0.6

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot bot commented on behalf of github Apr 6, 2026

Bumps marked from 15.0.12 to 17.0.6.

Release notes

Sourced from marked's releases.

v17.0.6

17.0.6 (2026-04-05)

Bug Fixes

  • avoid race condition in async parallel parse/parseInline with hooks (#3924) (6e96fa7)
  • cli: honor positional input file (#3922) (a1c2617)
  • cli: use file URL for config import (#3923) (73e1f3f)

v17.0.5

17.0.5 (2026-03-20)

Bug Fixes

  • Fix catastrophic backtracking (ReDoS) in link/reflink label regex (#3918) (4625980)
  • prevent quadratic complexity in emStrongLDelim regex (#3906) (c732dd2)
  • prevent single-tilde strikethrough false positives (#3910) (5e03369)
  • re-assign tokenizer.lexer and renderer.parser at start of each parse call (#3907) (f3a3ec0)
  • trim trailing whitespace from lheading text (#3920) (3ea7e88)

v17.0.4

17.0.4 (2026-03-04)

Bug Fixes

  • prevent ReDoS in inline link regex title group (#3902) (46fb9b8)

v17.0.3

17.0.3 (2026-02-17)

Bug Fixes

v17.0.2

17.0.2 (2026-02-11)

Bug Fixes

... (truncated)

Commits
  • e07037e chore(release): 17.0.6 [skip ci]
  • 6e96fa7 fix: avoid race condition in async parallel parse/parseInline with hooks (#3924)
  • 73e1f3f fix(cli): use file URL for config import (#3923)
  • a1c2617 fix(cli): honor positional input file (#3922)
  • 3b59e81 refactor: use strict equality in RegExp exec checks (#3935)
  • e6b37f2 chore(deps-dev): Bump lodash from 4.17.23 to 4.18.1 (#3937)
  • abb5667 chore(deps-dev): Bump lodash-es from 4.17.23 to 4.18.1 (#3936)
  • 4969cf2 chore(deps-dev): Bump handlebars from 4.7.8 to 4.7.9 (#3931)
  • d44cafc chore(deps-dev): Bump picomatch from 2.3.1 to 2.3.2 (#3929)
  • 59386ad chore(deps-dev): Bump eslint from 10.0.3 to 10.1.0 (#3928)
  • Additional commits viewable in compare view
Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for marked since your current version.


Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot
chore(deps): bump marked from 15.0.12 to 17.0.6
040458b 
Bumps [marked](https://github.com/markedjs/marked) from 15.0.12 to 17.0.6.
- [Release notes](https://github.com/markedjs/marked/releases)
- [Commits](markedjs/marked@v15.0.12...v17.0.6)

---
updated-dependencies:
- dependency-name: marked
  dependency-version: 17.0.6
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code labels Apr 6, 2026
@cloudflare-workers-and-pages
Copy link
Copy Markdown

cloudflare-workers-and-pages bot commented Apr 6, 2026
edited
Loading

Deploying ant-design-x with  Cloudflare Pages  Cloudflare Pages

Latest commit: 040458b
Status: ✅  Deploy successful!
Preview URL: https://fbcc3976.ant-design-x.pages.dev
Branch Preview URL: https://dependabot-npm-and-yarn-mark-rjfd.ant-design-x.pages.dev

View logs

@dependabot dependabot bot mentioned this pull request Apr 6, 2026
Closed
@github-actions
Copy link
Copy Markdown
Contributor

github-actions bot commented Apr 6, 2026
edited
Loading

Preview failed

@socket-security
Copy link
Copy Markdown

socket-security bot commented Apr 6, 2026

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff Package Supply Chain
Security		 Vulnerability Quality Maintenance License
Added@​types/​dompurify@​3.2.01001003950100
Added@​types/​lodash.throttle@​4.1.91001005780100
Added@​playwright/​experimental-ct-react@​1.59.11001006999100
Added@​types/​react-dom@​19.2.31001007586100
Addedmarkdown-it-katex@​2.0.398859875100
Added@​types/​markdown-it@​14.1.21001007680100
Added@​types/​react-syntax-highlighter@​15.5.131001007880100
Addedvite@​8.0.3941008298100
Addedremark-gfm@​4.0.19910010083100
Addedmarkdown-it@​14.1.18610010083100
Addedrehype-raw@​7.0.010010010083100
Addedrehype-katex@​7.0.110010010083100
Addedremark-math@​6.0.010010010083100
Addedreact-markdown@​10.1.09910010083100
Addedreact@​19.2.41001008497100
Addedmarked@​17.0.61001001009580
Addeddompurify@​3.3.3981001009090
Added@​umijs/​mako@​0.11.15981009098100
Addedhtml-react-parser@​5.2.179910010092100
Addedreact-dom@​19.2.41001009298100
Addedstreamdown@​2.5.09910010097100
Added@​playwright/​test@​1.59.110010010099100
Addedkatex@​0.16.459910010099100

View full report

@github-actions
Copy link
Copy Markdown
Contributor

github-actions bot commented Apr 6, 2026

⚠️ Performance benchmark report not found.

This comment is automatically generated by the x-markdown performance CI.

@codecov
Copy link
Copy Markdown

codecov bot commented Apr 6, 2026
edited
Loading

Bundle Report

Changes will increase total bundle size by 1.61MB (45.55%) ⬆️⚠️, exceeding the configured threshold of 5%.

Bundle name Size Change
x-markdown-array-push 1.6MB -108 bytes (-0.01%) ⬇️
antdx-array-push 3.53MB 1.61MB (83.53%) ⬆️⚠️

Affected Assets, Files, and Routes:

view changes for bundle: x-markdown-array-push

Assets Changed:

Asset Name Size Change Total Size Change (%)
latex.js -108 bytes 503.56kB -0.02%
view changes for bundle: antdx-array-push

Assets Changed:

Asset Name Size Change Total Size Change (%)
antdx.js (New) 3.53MB 3.53MB 100.0% 🚀
antdx.min.js (Deleted) -1.92MB 0 bytes -100.0% 🗑️

@github-actions
Copy link
Copy Markdown
Contributor

github-actions bot commented Apr 6, 2026

size-limit report 📦

Path Size
packages/x/dist/antdx.min.js 463.6 KB
packages/x-sdk/dist/x-sdk.min.js 8.36 KB
packages/x-markdown/dist/x-markdown.min.js 32.72 KB (+408 B 🔺)
packages/x-markdown/dist/plugins/latex.min.js 61.36 KB

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants