feat(deps): bump markdown-it and prosemirror-markdown

[dependabot]

Bumps markdown-it and prosemirror-markdown. These dependencies needed to be updated together.
Updates markdown-it from 13.0.1 to 14.1.1

Changelog

Sourced from markdown-it's changelog.

[14.1.1] - 2026-01-11

Security

• Fixed regression from v13 in linkify inline rule. Specific patterns could cause high CPU use. Thanks to @​ltduc147 for report.

[14.1.0] - 2024-03-19

Changed

• Updated CM spec compatibility to 0.31.2, #1009.

Fixed

• Fixed quadratic complexity when parsing references, #996.
• Fixed quadratic output size with pathological user input in tables, #1000.

[14.0.0] - 2023-12-08

Changed

• Drop ancient browsers support (use .fromCodePoint and other features).
• Rewrite to ESM (including all plugins/deps). CJS fallback still available. No signatures changed, except markdown-it-emoji plugin.
• Dropped dist/ folder from repo, build on package publish.
• Set punicode.js as external dependency.

Fixed

• Html tokens inside img alt are now rendered as their original text, #896.
• Hardbreaks inside img alt are now rendered as newlines.

[13.0.2] - 2023-09-26

Security

• Fixed crash/infinite loop caused by linkify inline rule, #957.

Fixed

• Throw an error if 3rd party plugin doesn't increment line or pos counters (previously, markdown-it would likely go into infinite loop instead), #847.

Commits

• b4a9b65 14.1.1 released
• 4b4bbca Fixed perf regression in linkify-it wrapper
• d2782d8 Add supplementary example-driven documentation (#1092)
• 0fe7ccb 14.1.0 released
• a367c44 Fix typo in comments of text.mjs (#1015)
• 7ad8179 add changelog
• 5e90063 simplify logic in scanDelims
• d7ce5ec Merge pull request #1009 from notriddle/spec-0.31.2
• 0bfc57d Update spec to 0.31.2
• cd24778 Update to comply with spec 0.31.2
• Additional commits viewable in compare view

Updates prosemirror-markdown from 1.11.2 to 1.13.4

Changelog

Sourced from prosemirror-markdown's changelog.

1.13.4 (2026-02-04)

Bug fixes

Fix a regression that caused the serializer to crash when a block ends in a hard break.

1.13.3 (2026-01-20)

Bug fixes

Properly move trailing whitespace out of marks when they end in a hard break node.

1.13.2 (2025-03-18)

Bug fixes

Add a code flag to the code mark.

1.13.1 (2024-09-26)

Bug fixes

Fix a type error caused by use of an older markdown-it type package.

1.13.0 (2024-05-20)

Bug fixes

Fix the type of MarkdownParser.parse to be non-nullable. Add a strict option to MarkdownSerializer

New features

The new strict option to MarkdownSerializer makes it possible to make the serializer ignore node and mark types it doesn't know.

1.12.0 (2023-12-11)

Bug fixes

Block-level markup inside a heading is no longer escaped by the serializer.

Do not backslash-escape a + at the start of line when it isn't followed by a space. Upgrade to markdown-it 14

New features

MarkdownSerializerState.renderInline now takes a parameter that controls whether block-level markup should be escaped.

Upgrade to markdown-it version 14, which provides ES modules.

Commits

• d86eff3 Mark version 1.13.4
• 92db93f Fix an out-of-bounds crash in Markdown serialization
• 3e8fcc5 Mark version 1.13.3
• 7c42a17 Fix a bug with serializing whitespace-expelling marks
• d671c23 Mark version 1.13.2
• 65bf6b8 Mark code marks as being code
• 99b6f0a Mark version 1.13.1
• abd5623 Make the markdown-it types a regular dependency
• 91383e0 Upgrade @​types/markdown-it dev dependency
• e595214 Mark version 1.13.0
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  You can disable automated security fix PRs for this repo from the Security Alerts page.

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Actions	Updated (UTC)
tact	Error		Feb 13, 2026 9:06pm