Skip to content

fix(deps): bump markdownlint-cli from ^0.31.1 to ^0.48.0#284

Merged
chargome merged 1 commit intosentry-v2from
cg/bump-markdownlint-cli
Apr 16, 2026
Merged

fix(deps): bump markdownlint-cli from ^0.31.1 to ^0.48.0#284
chargome merged 1 commit intosentry-v2from
cg/bump-markdownlint-cli

Conversation

@chargome
Copy link
Copy Markdown
Member

@chargome chargome commented Apr 16, 2026
edited
Loading

Summary

  • Bumps markdownlint-cli from ^0.31.1 to ^0.48.0
  • Also bumps markdownlint lib from ^0.25.1 to ^0.40.0 to match
  • Replaces glob with tinyglobby (no more vulnerable glob dep)
  • Uses minimatch@10.2.5 (patched, replaces vulnerable 10.0.3)

Breaking changes in markdownlint-cli 0.31 -> 0.48

  • Node.js >=20 required (was >=12) — we use Node 20, not affected
  • glob replaced by tinyglobby — internal dep swap, CLI interface unchanged, not affected
  • markdownlint lib 0.25 -> 0.40 — internal engine upgrade, switched to markdown-it parser. Some rules renamed/added. We only run markdownlint docs with default config, existing warnings are pre-existing, not affected
  • New/updated lint rules — some rules added or tightened across versions. Output now labels findings as "error" instead of bare rule names. Cosmetic only, not affected
  • Config format additions (TOML support added) — our config is unchanged, not affected

Dependabot alerts resolved

  • Resolves glob command injection (high) — glob removed entirely, replaced by tinyglobby
  • Resolves minimatch ReDoS alerts via minimatch@10.2.5: #213, #212, #208, #201
  • Partially resolves brace-expansion alerts: #238, #134

🤖 Generated with Claude Code

cursor[bot]
cursor bot reviewed Apr 16, 2026
View reviewed changes
Copy link
Copy Markdown

@cursor cursor bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Cursor Bugbot has reviewed your changes and found 1 potential issue.

Fix All in Cursor

❌ Bugbot Autofix is OFF. To automatically fix reported issues with cloud agents, enable autofix in the Cursor dashboard.

Reviewed by Cursor Bugbot for commit 2871200. Configure here.

Comment thread package.json Outdated
@chargome chargome force-pushed the cg/bump-markdownlint-cli branch from 2871200 to da41c11 Compare April 16, 2026 11:23
@chargome chargome changed the title fix(deps): bump markdownlint-cli from ^0.31.1 to ^0.44.0 fix(deps): bump markdownlint-cli from ^0.31.1 to ^0.45.0 Apr 16, 2026
@chargome chargome self-assigned this Apr 16, 2026
@chargome @claude
fix(deps): bump markdownlint-cli from ^0.31.1 to ^0.48.0
668c670 
Also bumps markdownlint lib from ^0.25.1 to ^0.40.0.
Breaking change is Node >=20 requirement (already met).
Replaces glob with tinyglobby (no vulnerable glob dep),
and uses minimatch@10.2.5 (patched).

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
@chargome chargome force-pushed the cg/bump-markdownlint-cli branch from da41c11 to 668c670 Compare April 16, 2026 11:47
@chargome chargome changed the title fix(deps): bump markdownlint-cli from ^0.31.1 to ^0.45.0 fix(deps): bump markdownlint-cli from ^0.31.1 to ^0.48.0 Apr 16, 2026
@chargome chargome requested a review from andreiborza April 16, 2026 11:56
@chargome chargome merged commit 63540bd into sentry-v2 Apr 16, 2026
21 checks passed
@chargome chargome deleted the cg/bump-markdownlint-cli branch April 16, 2026 13:47
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@cursor cursor[bot] cursor[bot] left review comments

@andreiborza andreiborza andreiborza approved these changes

Assignees

@chargome chargome

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@chargome @andreiborza