Bump markdownlint-cli2 from 0.4.0 to 0.17.1

[dependabot]

Bumps markdownlint-cli2 from 0.4.0 to 0.17.1.

Changelog

Sourced from markdownlint-cli2's changelog.

0.17.1

• Update dependencies (including markdownlint)

0.17.0

• Convert to ECMAScript modules
• Use import() when loading modules
• Update dependencies (including markdownlint)

0.16.0

• Try not to use require for modules (due to Node 22.12)
• Update dependencies (EXcluding markdownlint)

0.15.0

• Add support for stdin input via - glob
• Add output formatter based on string templates
• Update dependencies (including markdownlint)

0.14.0

• Handle -- parameter per POSIX convention
• Add support for glob to gitignore configuration
• Update dependencies (including markdownlint)

0.13.0

• Add noBanner and gitignore configuration options
• Reduce install size by switching to js-yaml package
• Add more detail to some error messages
• Export JSONC/YAML parsers for reuse
• Update dependencies (including markdownlint)

0.12.1

• Update JSONC parsing to handle trailing commas
• Add documentation links to JSON schema
• Update dependencies

0.12.0

• Remove deprecated markdownlint-cli2-config entry point
  • Use markdownlint-cli2 --config ... instead
• Remove deprecated markdownlint-cli2-fix entry point
  • Use markdownlint-cli2 --fix ... instead
• Add --help and --no-globs parameters
• Improve and document included JSON schemas
• Update dependencies (including markdownlint)

... (truncated)

Commits

• af14a2e Update to version 0.17.1.
• 35b2bac Update dependency: markdownlint to 0.37.3.
• 3692f4b Copy formatter-pretty dependencies to package.json as devDependencies to get ...
• 08bb527 Add CI job that verifies tests pass when using pnpm (vs. npm).
• 0439c8a Update to version 0.17.0.
• 6f6d7e8 Reword configuration file name exception text for clarity (fixes #481).
• 7b3ac50 Bump chalk from 5.4.0 to 5.4.1 in /formatter-pretty
• c2bc2a0 Bump eslint-plugin-n from 17.15.0 to 17.15.1
• 55c2661 Bump chalk from 5.3.0 to 5.4.0 in /formatter-pretty
• 827a3b0 Add sentences-per-line third-party custom rule to Dockerfile-rules.
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[guardrails]

⚠️ We detected 13 security issues in this pull request:

Vulnerable Libraries (13)

Severity	Details
Medium	pkg:npm/@babel/[email protected] (t) upgrade to: > 7.18.6
Medium	pkg:npm/[email protected] (t) upgrade to: 0.16.10
Medium	pkg:npm/[email protected] (t) upgrade to: > 2.4.0
Medium	pkg:npm/[email protected] (t) upgrade to: 3.2.10
High	pkg:npm/[email protected] (t) upgrade to: > 3.1.0
N/A	pkg:npm/[email protected] (t) upgrade to: 15.10.1
High	pkg:npm/@babel/[email protected] (t) upgrade to: > 7.18.6
High	pkg:npm/[email protected] (t) upgrade to: > 8.19.0
High	pkg:npm/[email protected] (t) upgrade to: > 10.0.0
Medium	pkg:npm/[email protected] (t) upgrade to: 8.4.31
Medium	pkg:npm/@babel/[email protected] (t) upgrade to: > 7.18.6
Medium	pkg:npm/@fullhuman/[email protected] (t) upgrade to: > 4.1.3
Medium	pkg:npm/[email protected] upgrade to: > 0.17.1

More info on how to fix Vulnerable Libraries in JavaScript.

---

👉 Go to the dashboard for detailed results.

📥 Happy? Share your feedback with us.

[dryrunsecurity]

DryRun Security Summary

The code change updates the version of the markdownlint-cli2 package in package.json from 0.4.0 to 0.17.1, which is a routine maintenance update that requires standard security review.

Expand for full summary

Summary:

The provided code change is an update to the package.json file, which is a configuration file used by the Node.js package manager, npm. The specific change is an update to the version of the markdownlint-cli2 package, from 0.4.0 to 0.17.1. From an application security perspective, this change is not particularly interesting, as the markdownlint-cli2 package is a tool used for linting Markdown files, and the version update is likely a routine maintenance or feature update.

However, it's always important to review any dependency updates, even for seemingly innocuous packages, to ensure that there are no known security vulnerabilities in the new version. It's a good practice to check the release notes and change logs of updated dependencies to understand what has changed and whether there are any security-related fixes or improvements. Additionally, maintaining a comprehensive software bill of materials (SBOM) for the project can help quickly identify and address any security issues that may arise in the future.

Files Changed:

• package.json: The changes in this file update the version of the markdownlint-cli2 package from 0.4.0 to 0.17.1. This is a routine maintenance or feature update and does not raise any major security concerns. However, it's important to review dependency updates to ensure there are no known security vulnerabilities in the new version.

Code Analysis

We ran 9 analyzers against 2 files and 1 analyzer had findings. 8 analyzers had no findings.

Analyzer	Findings
Sensitive Files Analyzer	2 findings

View PR in the DryRun Dashboard.

[dryrunsecurity]

DryRun Security Summary

The code change updates the version of the markdownlint-cli2 package in package.json from 0.4.0 to 0.17.1, which is a routine maintenance update that requires standard security review.

Expand for full summary

Summary:

The provided code change is an update to the package.json file, which is a configuration file used by the Node.js package manager, npm. The specific change is an update to the version of the markdownlint-cli2 package, from 0.4.0 to 0.17.1. From an application security perspective, this change is not particularly interesting, as the markdownlint-cli2 package is a tool used for linting Markdown files, and the version update is likely a routine maintenance or feature update.

However, it's always important to review any dependency updates, even for seemingly innocuous packages, to ensure that there are no known security vulnerabilities in the new version. It's a good practice to check the release notes and change logs of updated dependencies to understand what has changed and whether there are any security-related fixes or improvements. Additionally, maintaining a comprehensive software bill of materials (SBOM) for the project can help quickly identify and address any security issues that may arise in the future.

Files Changed:

• package.json: The changes in this file update the version of the markdownlint-cli2 package from 0.4.0 to 0.17.1. This is a routine maintenance or feature update and does not raise any major security concerns. However, it's important to review dependency updates to ensure there are no known security vulnerabilities in the new version.

Code Analysis

We ran 9 analyzers against 2 files and 1 analyzer had findings. 8 analyzers had no findings.

Analyzer	Findings
Sensitive Files Analyzer	2 findings

View PR in the DryRun Dashboard.