Skip to content

[Snyk] Security upgrade markdown-it from 14.1.0 to 14.1.1#1082

Open
CNSeniorious000 wants to merge 1 commit intopromplate-demofrom
snyk-fix-4657168db2a58e7a6a3e944b292d2627
Open

[Snyk] Security upgrade markdown-it from 14.1.0 to 14.1.1#1082
CNSeniorious000 wants to merge 1 commit intopromplate-demofrom
snyk-fix-4657168db2a58e7a6a3e944b292d2627

Conversation

@CNSeniorious000
Copy link
Owner

@CNSeniorious000 CNSeniorious000 commented Feb 11, 2026

snyk-top-banner

Snyk has created this PR to fix 1 vulnerabilities in the pnpm dependencies of this project.

Snyk changed the following file(s):

  • package.json
  • pnpm-lock.yaml

Vulnerabilities that will be fixed with an upgrade:

Issue
medium severity Regular Expression Denial of Service (ReDoS)
SNYK-JS-MARKDOWNIT-10666750

Important

  • Check the changes in this PR to ensure they won't cause issues with your project.
  • Max score is 1000. Note that the real score may have changed since the PR was raised.
  • This PR was automatically created by Snyk using the credentials of a real user.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report
📜 Customise PR templates
🛠 Adjust project settings
📚 Read about Snyk's upgrade logic

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Regular Expression Denial of Service (ReDoS)

Copilot AI review requested due to automatic review settings February 11, 2026 16:56
@vercel
Copy link

vercel bot commented Feb 11, 2026
edited
Loading

The latest updates on your projects. Learn more about Vercel for GitHub.

Project Deployment Actions Updated (UTC)
endless-chat Ready Ready Preview, Comment Feb 11, 2026 4:59pm
free-chat Ready Ready Preview, Comment Feb 11, 2026 4:59pm

Copilot AI reviewed Feb 11, 2026
View reviewed changes
Copy link

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

这个 PR 由 Snyk 自动创建,用于将 markdown-it14.1.0 升级到 14.1.1,以修复一个中等风险的 ReDoS 漏洞(SNYK-JS-MARKDOWNIT-10666750)。

Changes:

  • package.json 中将 markdown-it 版本从 ~14.1.0 升级到 ~14.1.1
  • pnpm-lock.yaml 中更新 markdown-it 的锁定版本与 integrity
  • 同时锁文件出现了较大范围的非直接相关格式/元数据变更(例如多处移除了 libc 字段)

Reviewed changes

Copilot reviewed 1 out of 2 changed files in this pull request and generated 1 comment.

File Description
package.json 升级 markdown-it 依赖版本到 ~14.1.1 以修复安全漏洞
pnpm-lock.yaml 更新 markdown-it 锁定版本到 14.1.1,但伴随较大范围的锁文件噪声变更
Files not reviewed (1)
  • pnpm-lock.yaml: Language not supported

pnpm-lock.yaml
Comment on lines 1385 to 1389
'@img/sharp-libvips-linux-arm64@1.2.4':
resolution: {integrity: sha512-excjX8DfsIcJ10x1Kzr4RcWe1edC9PquDRRPx3YVCvQv+U5p7Yin2s32ftzikXojb1PIFc/9Mt28/y+iRklkrw==}
cpu: [arm64]
os: [linux]
libc: [glibc]

Copy link

Copilot AI Feb 11, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This lockfile update includes broad, non-security-related churn (e.g., many package entries drop the libc field) beyond the intended markdown-it bump. That makes the PR harder to review and increases the chance of future noisy diffs if different pnpm versions regenerate the lockfile. Consider pinning the pnpm version (e.g., via packageManager) and regenerating the lockfile with the repo’s standard pnpm so the diff is limited to the markdown-it upgrade.

Copilot uses AI. Check for mistakes.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@CNSeniorious000 @snyk-bot