Bump erusev/parsedown from 1.7.4 to 1.8.0

[dependabot]

Bumps erusev/parsedown from 1.7.4 to 1.8.0.

Release notes

Sourced from erusev/parsedown's releases.

1.8.0

The first stable release in over six years. Requires PHP 7.1+.

Breaking Changes

• PHP 7.1 minimum -- dropped support for PHP 5.3, 5.4, 5.5, 5.6, and 7.0.
• List separation by marker type -- lists using different markers (*, +, -, or switching between . and ) for ordered lists) are now treated as separate lists, matching the CommonMark spec.
• Lazy blockquotes -- consecutive blockquotes separated by a blank line are no longer merged into one, per CommonMark.
• Sparse HTML blocks -- blank lines inside block-level HTML are now wrapped in <p> tags instead of being preserved as-is.
• Empty ATX headings -- # and ## on their own now produce <h1></h1> and <h2></h2> instead of being treated as paragraphs.
• Extensions accessing block internals may need to update: the element structure uses element instead of text in some places (e.g. $Block['element']['element']['text'] instead of $Block['element']['text']['text']).

Security

• Regex patterns throughout the parser now use possessive quantifiers (*+, ++) to prevent catastrophic backtracking (ReDoS). This addresses denial-of-service vectors where malformed emphasis markers or other adversarial input could cause memory exhaustion or hangs.
• Safe mode now sanitizes nested elements correctly via recursive AST traversal. Previously, sanitization only applied at the top level.
• Extensions can mark self-produced HTML as trusted using allowRawHtmlInSafeMode so it isn't escaped in safe mode, while untrusted input remains escaped.

PHP Compatibility

• Fixed implicit nullable parameter deprecations for PHP 8.4+.
• Updated PHPUnit dependency and test infrastructure for modern PHP.
• CI moved from Travis CI to GitHub Actions.

CommonMark Compliance

• Setext headings now handle leading/trailing spaces correctly.
• ATX heading closing # sequences are trimmed properly (e.g. # # of levels # # renders as <h1># of levels #</h1>).
• Ordered lists support ) as a marker in addition to ..
• Ordered lists starting with a number other than 1 no longer interrupt paragraphs.
• One-column tables are now supported.
• Fenced code blocks require the closing fence to have at least as many backticks/tildes as the opening fence.
• HTML comments follow the CommonMark spec more closely.
• Email autolinks validate against the CommonMark email definition.
• Escaped tilde characters (\~\~) are no longer treated as strikethrough.

New Features

• Strict mode (setStrictMode(true)) -- requires a space after # in ATX headings (CommonMark-compliant behavior).

Bug Fixes

• Fixed "Uninitialized string offset" errors on certain inputs.
• Fixed adjacent blockquotes being incorrectly merged.
• Fixed line-break standardization when using the line() method directly.
• Fixed table header validation (headers containing newlines are no longer accepted).
• Fixed spaces in fenced code block class names.

Version 1.8.0-beta-6

This is a pre-release.

... (truncated)

Commits

• 96baaad clean up code before 1.8.0 release
• 4226998 fix phpunit config validation warning
• 0b274ac Format installation command in README
• 5b74b74 Update README.md
• 95c7e4c Update README.md
• c9dc49f Update README.md
• 28a9b05 Update README.md
• e008219 Update README.md
• 999fcf7 update version
• 582f9f9 Merge pull request #881 from xPaw/merge-1.8.x
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)