chore(deps): bump markdown-it from 14.1.1 to 14.2.0

[dependabot]

Bumps markdown-it from 14.1.1 to 14.2.0.

Changelog

Sourced from markdown-it's changelog.

[14.2.0] - 2026-05-24

Added

• isPunctCharCode to utilities.

Fixed

• Don't end HTML comment blocks on a blank line, #1155.
• Properly recognize astral chars (surrogates) in delimiter scans for emphasis-like markers, #1072. Big thanks to @​tats-u for his global efforts with improving CJK support.
• Preserve unicode whitespaces when trimm headings/paragraphs, #1074.
• More strict entities decode to avoid false positives ;, #1096.
• Restore block parser state on fail in lheading rule, #1131.

Security

• Fixed poor smartquotes perfomance on > 70k quotes in single block
• Bumped linkify-it to 5.0.1 with fixed potential perfomance issues.

Commits

• 829797a 14.2.0 released
• 9ce2087 Fix smartquotes perfomance
• 02e73b8 linkify-it bump
• 68cfb8c fix: don't end HTML comment blocks on a blank line (#1155)
• 1083137 Readme cleanup
• 97c7ca2 Update funding info
• c471b55 Changelog update
• 7769621 isPunctChar => isPunctCharCode
• aa2aa70 fix: always reset parentType in lheading rule (#1131)
• 59955f2 Polish PRs #1072, #1074
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  You can disable automated security fix PRs for this repo from the Security Alerts page.

[Copilot]

Copilot encountered an error and was unable to review this pull request. You can try again by re-requesting a review.

[github-actions]

Dependency Review

✅ No vulnerabilities or license issues or OpenSSF Scorecard issues found.

OpenSSF Scorecard

Package	Version	Score	Details
npm/linkify-it	5.0.1	🟢 3.9	Details Check Score Reason Packaging ⚠️ -1 packaging workflow not detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Maintained 🟢 8 5 commit(s) and 5 issue activity found in the last 90 days -- score normalized to 8 Code-Review ⚠️ 0 Found 0/30 approved changesets -- score normalized to 0 SAST ⚠️ 0 no SAST tool detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Binary-Artifacts 🟢 10 no binaries found in the repo CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Fuzzing ⚠️ 0 project is not fuzzed License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ 0 branch protection not enabled on development/release branches Security-Policy 🟢 4 security policy file detected
npm/markdown-it	14.2.0	🟢 6.5	Details Check Score Reason Maintained 🟢 10 3 commit(s) out of 30 and 13 issue activity out of 30 found in the last 90 days -- score normalized to 10 Code-Review 🟢 3 GitHub code reviews found for 10 commits out of the last 30 -- score normalized to 3 CII-Best-Practices ⚠️ 0 no badge detected Vulnerabilities 🟢 10 no vulnerabilities detected Security-Policy 🟢 10 security policy file detected Token-Permissions ⚠️ 0 non read-only tokens detected in GitHub workflows Dependency-Update-Tool 🟢 10 update tool detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Packaging ⚠️ -1 no published package detected License 🟢 10 license file detected Pinned-Dependencies 🟢 7 dependency not pinned by hash detected -- score normalized to 7 Binary-Artifacts 🟢 10 no binaries found in the repo Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ 0 branch protection not enabled on development/release branches Fuzzing ⚠️ 0 project is not fuzzed

Scanned Files

• package-lock.json

[github-actions]

📸 Automated UI Screenshots

📋 Screenshots Captured (8)

#	Screenshot
1	01-splash-screen.png - 01 splash screen.png
2	02-intro-screen-menu.png - 02 intro screen menu.png
3	03-intro-screen-archetype-selector.png - 03 intro screen archetype selector.png
4	04-controls-screen.png - 04 controls screen.png
5	05-philosophy-screen.png - 05 philosophy screen.png
6	06-training-screen.png - 06 training screen.png
7	07-combat-screen-practice.png - 07 combat screen practice.png
8	08-combat-screen-versus.png - 08 combat screen versus.png

📦 Download Screenshots

📥 Download all screenshots from workflow artifacts

Screenshots are preserved as workflow artifacts for 30 days.

---

🤖 Generated by Playwright automation