chore(deps): update dependency markdown-it to v14.1.1 [security]

[renovate]

This PR contains the following updates:

Package	Change	Age	Confidence
markdown-it	14.1.0 → 14.1.1

GitHub Vulnerability Alerts

CVE-2022-21670

Impact

Special patterns with length > 50K chars can slow down parser significantly.

const md = require('markdown-it')();

md.render(`x ${' '.repeat(150000)} x  \nx`);

Patches

Upgrade to v12.3.2+

Workarounds

No.

References

Fix + test sample: markdown-it/markdown-it@ffc49ab

CVE-2026-2327

Versions of the package markdown-it from 13.0.0 and before 14.1.1 are vulnerable to Regular Expression Denial of Service (ReDoS) due to the use of the regex /*+$/ in the linkify function. An attacker can supply a long sequence of * characters followed by a non-matching character, which triggers excessive backtracking and may lead to a denial-of-service condition.

---

Release Notes

markdown-it/markdown-it (markdown-it)

v14.1.1

Compare Source

Security

• Fixed regression from v13 in linkify inline rule. Specific patterns could
  cause high CPU use. Thanks to @​ltduc147 for report.

---

Configuration

📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Enabled.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[cloudflare-workers-and-pages]

Deploying wecount with    Cloudflare Pages

Latest commit:	46bf530
Status:	✅  Deploy successful!
Preview URL:	https://5b15d262.wecount.pages.dev
Branch Preview URL:	https://renovate-npm-markdown-it-vul.wecount.pages.dev

View logs