build(deps): bump markdown-it from 14.1.1 to 14.2.0

[dependabot]

Bumps markdown-it from 14.1.1 to 14.2.0.

Changelog

Sourced from markdown-it's changelog.

[14.2.0] - 2026-05-24

Added

• isPunctCharCode to utilities.

Fixed

• Don't end HTML comment blocks on a blank line, #1155.
• Properly recognize astral chars (surrogates) in delimiter scans for emphasis-like markers, #1072. Big thanks to @​tats-u for his global efforts with improving CJK support.
• Preserve unicode whitespaces when trimm headings/paragraphs, #1074.
• More strict entities decode to avoid false positives ;, #1096.
• Restore block parser state on fail in lheading rule, #1131.

Security

• Fixed poor smartquotes perfomance on > 70k quotes in single block
• Bumped linkify-it to 5.0.1 with fixed potential perfomance issues.

Commits

• 829797a 14.2.0 released
• 9ce2087 Fix smartquotes perfomance
• 02e73b8 linkify-it bump
• 68cfb8c fix: don't end HTML comment blocks on a blank line (#1155)
• 1083137 Readme cleanup
• 97c7ca2 Update funding info
• c471b55 Changelog update
• 7769621 isPunctChar => isPunctCharCode
• aa2aa70 fix: always reset parentType in lheading rule (#1131)
• 59955f2 Polish PRs #1072, #1074
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  You can disable automated security fix PRs for this repo from the Security Alerts page.

[github-actions]

🤖 Codex-Style Code Review by OpenCode

💡 This is an automated advisory review. It is non-blocking and does not affect merge requirements.

This diff is a pure package-lock.json update — it contains no application code changes. Let me verify whether the corresponding package.json was also updated.
The dependencies are already on ^14.1.1 / ^5.0.0 in package.json (or they're transitive). Here's the review:

---

Review: package-lock.json — linkify-it 5.0.0→5.0.1 + markdown-it 14.1.1→14.2.0

Scope: Lockfile-only update. No package.json or application code changes.

Concern	Rating
Correctness	✅
Security	✅
Performance	✅
Risk	🟢 Low

Summary

• linkify-it 5.0.0 → 5.0.1: Patch-level bump (bugfix-only per semver). Adds funding metadata.
• markdown-it 14.1.1 → 14.2.0: Minor bump, its linkify-it dep constraint updated from ^5.0.0 → ^5.0.1. Adds funding metadata.
• The lockfile auto-resolved the latest compatible versions under existing ^ ranges.
• Zero behavioral risk — both are semver-compatible upgrades. No security advisories were triggered.

Recommendations

🟢 [nit] The diff is lean and correct. No action needed. If you want to pin to these exact versions in package.json as well for reproducible installs, consider that, but the lockfile already guarantees that.
🎉 Clean, minimal dependency refresh.