Skip to content

chore(deps): update markdown-link-check to 3.14.2 #1586

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
AtofStryker merged 3 commits into from
Dec 1, 2025
Merged

chore(deps): update markdown-link-check to 3.14.2 #1586

AtofStryker merged 3 commits into from
Dec 1, 2025

Conversation

@MikeMcC399
Copy link
Collaborator

@MikeMcC399 MikeMcC399 commented Nov 20, 2025

Situation

Running npm run check:markdown-links under Node.js 24 outputs the following deprecation warning:

(node:4484) [DEP0176] DeprecationWarning: fs.R_OK is deprecated, use fs.constants.R_OK instead
(Use `node --trace-deprecation ...` to show where the warning was created)

Running npm audit outputs the following, referring to CVE-2025-64718 GHSA-mh29-5h37-fv8m:

$ npm audit
# npm audit report

js-yaml  <3.14.2 || >=4.0.0 <4.1.1
Severity: moderate
js-yaml has prototype pollution in merge (<<) - https://github.com/advisories/GHSA-mh29-5h37-fv8m
js-yaml has prototype pollution in merge (<<) - https://github.com/advisories/GHSA-mh29-5h37-fv8m
fix available via `npm audit fix --force`
Will install markdown-link-check@3.14.2, which is outside the stated dependency range
node_modules/@eslint/eslintrc/node_modules/js-yaml
node_modules/js-yaml
  xmlbuilder2  2.3.0 - 3.1.1
  Depends on vulnerable versions of js-yaml
  node_modules/xmlbuilder2
    markdown-link-check  3.13.0 - 3.14.1
    Depends on vulnerable versions of xmlbuilder2
    node_modules/markdown-link-check

3 moderate severity vulnerabilities

To address all issues, run:
  npm audit fix --force

and npm ls js-yaml shows the following dependencies:

$ npm ls js-yaml
@cypress/github-action@0.0.0-development /home/mike/github/cypress-io/github-action
├─┬ eslint@9.38.0
│ └─┬ @eslint/eslintrc@3.3.1
│   └── js-yaml@4.1.0
└─┬ markdown-link-check@3.14.1
  └─┬ xmlbuilder2@3.1.1
    └── js-yaml@3.14.1

Change

Update the npm module markdown-link-check

From To
markdown-link-check@3.14.1 markdown-link-check@3.14.2

Verification

Ubuntu 24.04.3 LTS, Node.js 24.11.1 LTS

npm ci
npm audit
npm run check:markdown-links
npm run lint

Confirm no vulnerabilities, deprecations or errors reported.

@cypress-app-bot
Copy link

cypress-app-bot commented Nov 20, 2025

@MikeMcC399 MikeMcC399 added the bug Something isn't working label Nov 20, 2025
@MikeMcC399 MikeMcC399 self-assigned this Nov 20, 2025
@MikeMcC399 MikeMcC399 marked this pull request as ready for review November 20, 2025 09:46
@MikeMcC399 MikeMcC399 mentioned this pull request Nov 22, 2025
Closed
1 task
@AtofStryker AtofStryker merged commit be464f5 into cypress-io:master Dec 1, 2025
80 checks passed
@MikeMcC399 MikeMcC399 deleted the update/markdown-link-check branch December 1, 2025 15:41
@github-actions
Copy link

github-actions bot commented Dec 10, 2025

🎉 This PR is included in version 6.10.5 🎉

The release is available on:

Your semantic-release bot 📦🚀

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@AtofStryker AtofStryker AtofStryker approved these changes

@jennifer-shehane jennifer-shehane Awaiting requested review from jennifer-shehane

Assignees

@MikeMcC399 MikeMcC399

Labels

bug Something isn't working released type: dependencies

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Update markdown-link-check to a Node.js 24 compatible version

3 participants

@MikeMcC399 @cypress-app-bot @AtofStryker