chore(deps): bump marked from 12.0.2 to 16.3.0#5057
chore(deps): bump marked from 12.0.2 to 16.3.0#5057dependabot[bot] wants to merge 4 commits intomainfrom
Conversation
dependabot
bot
added
the
dependencies
✅ Deploy Preview for respec-pr ready!
To edit notification comments on pull requests, go to your Netlify project configuration. |
dependabot
bot
force-pushed
the
dependabot/npm_and_yarn/marked-16.3.0
branch
from
a5a37b1 to
47fa13b
Compare
Bumps [marked](https://github.com/markedjs/marked) from 12.0.2 to 16.3.0. - [Release notes](https://github.com/markedjs/marked/releases) - [Changelog](https://github.com/markedjs/marked/blob/master/.releaserc.json) - [Commits](markedjs/marked@v12.0.2...v16.3.0) --- updated-dependencies: - dependency-name: marked dependency-version: 16.3.0 dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com>
dependabot
bot
force-pushed
the
dependabot/npm_and_yarn/marked-16.3.0
branch
from
47fa13b to
3ecf07e
Compare
…en-object API Co-authored-by: marcoscaceres <870154+marcoscaceres@users.noreply.github.com>
|
A newer version of marked exists, but since this PR has been edited by someone other than Dependabot I haven't updated it. You'll get a PR for the updated version as normal once this PR is merged. |
|
@copilot, can you see what's going on with the failing tests and have a go at fixing it? |
|
@marcoscaceres I've opened a new pull request, #5117, to work on those changes. Once the pull request is ready, I'll request review from you. |
There was a problem hiding this comment.
Pull request overview
This PR upgrades the project’s Markdown parser dependency (marked) to a new major version and updates the custom Marked renderer adapter in src/core/markdown.js to match the newer renderer API.
Changes:
- Bump
markeddependency (and lockfile) from 12.x to 16.x. - Update custom Marked
Rendereroverrides (code,image,heading) to the token-object method signatures used by newer Marked versions. - Add a type-cast workaround for the
rendereroption in the Marked config.
Reviewed changes
Copilot reviewed 2 out of 3 changed files in this pull request and generated 2 comments.
| File | Description |
|---|---|
src/core/markdown.js |
Adapts custom Markdown rendering hooks to Marked v16’s token-based renderer API. |
package.json |
Updates the marked dependency version range. |
pnpm-lock.yaml |
Locks marked (and its metadata) to the updated version. |
Files not reviewed (1)
- pnpm-lock.yaml: Language not supported
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| "colors": "1.4.0", | ||
| "finalhandler": "^2.1.1", | ||
| "marked": "^12.0.2", | ||
| "marked": "^16.4.0", |
There was a problem hiding this comment.
PR metadata/title says marked is bumped to 16.3.0, but package.json now pins ^16.4.0. Please align the PR title/description (or the dependency version) so reviewers and release notes match what is actually being shipped.
| const config = { | ||
| gfm: true, | ||
| renderer: new Renderer(), | ||
| renderer: /** @type {any} */ (new Renderer()), |
There was a problem hiding this comment.
Casting the renderer instance to any disables type checking for the Marked renderer API, which can hide signature/return-type mismatches during this major upgrade. Prefer tightening this to the appropriate Marked renderer type (e.g. MarkedOptions['renderer'] / RendererObject) and/or adding JSDoc types for the overridden methods so config remains type-safe.
| renderer: /** @type {any} */ (new Renderer()), | |
| renderer: /** @type {import('marked').MarkedOptions['renderer']} */ (new Renderer()), |
Update the Renderer subclass to use the token-object API introduced in
marked v13 (methods previously took individual positional args):
code({ text, lang }) was code(code, infoString, isEscaped)
image({ href, title, text }) was image(href, title, text)
heading(token) was heading(text, level, raw)
uses this.parser.parseInline(token.tokens) for rendered inline text
Also replace reindent() with a local normalizeIndent() that strips
indentation based on the first non-empty line rather than the minimum
across all lines. marked v16 is stricter CommonMark: HTML indented 4+
spaces is treated as a code block, so sections rendered via data-include
whose inner HTML has col-0 lines (leastIndent=0 in reindent) would end up
escaped inside <pre><code>. normalizeIndent correctly strips the outer
document indentation regardless of inner content.
Closes #5057
|
OK, I won't notify you again about this release, but will get in touch when a new version is available. If you'd rather skip all updates until the next major or minor version, let me know by commenting If you change your mind, just re-open this PR and I'll resolve any conflicts on it. |
Bumps marked from 12.0.2 to 16.3.0.
Release notes
Sourced from marked's releases.
... (truncated)
Commits
9a5306dchore(release): 16.3.0 [skip ci]cd2b5f4feat: add emStrongMask hook (#3749)e3497a5chore(deps): Bump actions/setup-node from 4 to 5 (#3760)8ce030achore(deps-dev): Bump eslint from 9.34.0 to 9.35.0 (#3759)fd0e92achore(deps-dev): Bump@semantic-release/release-notes-generatorfrom 14.0.3 t...93b0155chore(deps-dev): Bump@semantic-release/githubfrom 11.0.4 to 11.0.5 (#3757)7b2d430docs: addmarked-jirato known extensions (#3753)fc8a5d0chore(release): 16.2.1 [skip ci]30c6630fix: allow escaped newline in link text (#3752)0ccf476chore(deps-dev): Bump esbuild from 0.25.8 to 0.25.9 (#3750)You can trigger a rebase of this PR by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot mergewill merge this PR after your CI passes on it@dependabot squash and mergewill squash and merge this PR after your CI passes on it@dependabot cancel mergewill cancel a previously requested merge and block automerging@dependabot reopenwill reopen this PR if it is closed@dependabot closewill close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually@dependabot show <dependency name> ignore conditionswill show all of the ignore conditions of the specified dependency@dependabot ignore this major versionwill close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this minor versionwill close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this dependencywill close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)