Bump @eslint/markdown from 7.3.0 to 7.4.1

[dependabot]

Bumps @eslint/markdown from 7.3.0 to 7.4.1.

Release notes

Sourced from @​eslint/markdown's releases.

v7.4.1

7.4.1 (2025-10-20)

Bug Fixes

• handle CR in MarkdownSourceCode and Front Matter util (#554) (d1ad828)
• handle CR in rules to follow CommonMark spec (#493) (20e88fe)

v7.4.0

7.4.0 (2025-10-06)

Features

• add support for getLocFromIndex and getIndexFromLoc (#376) (d634f82)
• export MarkdownLanguage from index.js (#538) (a5d78d5)

Bug Fixes

• add null check and use getLocFromIndex in require-alt-text (#543) (41ae6c8)
• correct the return type of applyInlineConfig (#548) (d6621a7)
• report locations in no-multiple-h1 and require-alt-text (#551) (ec30c7d)
• wrong location reporting in no-invalid-label-refs (#545) (e0f7d23)

Changelog

Sourced from @​eslint/markdown's changelog.

7.4.1 (2025-10-20)

Bug Fixes

• handle CR in MarkdownSourceCode and Front Matter util (#554) (d1ad828)
• handle CR in rules to follow CommonMark spec (#493) (20e88fe)

7.4.0 (2025-10-06)

Features

• add support for getLocFromIndex and getIndexFromLoc (#376) (d634f82)
• export MarkdownLanguage from index.js (#538) (a5d78d5)

Bug Fixes

• add null check and use getLocFromIndex in require-alt-text (#543) (41ae6c8)
• correct the return type of applyInlineConfig (#548) (d6621a7)
• report locations in no-multiple-h1 and require-alt-text (#551) (ec30c7d)
• wrong location reporting in no-invalid-label-refs (#545) (e0f7d23)

Commits

• e354f98 chore: release 7.4.1 🚀 (#556)
• 20e88fe fix: handle CR in rules to follow CommonMark spec (#493)
• 0d01b19 docs: add migration docs (#559)
• 6d1bd73 ci: centralize ci-bun.yml (#563)
• e7c5868 ci: add Node.js 25 to ci.yml and fix Bun CI (#562)
• 868153b ci: resolve failure in the release-please.yml workflow (#558)
• c95c017 docs: Update README sponsors
• 6c88ae1 ci: Switch to trusted publishing (#557)
• d1ad828 fix: handle CR in MarkdownSourceCode and Front Matter util (#554)
• 8992a4d refactor: replace findOffsets helper with native methods (#536)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[fossabot]

[fossabot]

✓ Safe to upgrade

I recommend merging this upgrade because it brings 3 new features and 1 bug fix to the ESLint Markdown linting tooling with no breaking changes detected. The package is used exclusively as a development dependency for linting code blocks in documentation files via the standard 'processor' configuration pattern. While a low-severity ReDoS vulnerability (CVE-2024-21539) is noted in the broader ecosystem, the @​eslint/markdown maintainers have demonstrated proactive security maintenance by updating dependencies in version 7.0.0 to resolve vulnerabilities. The upgrade path from 7.3.0 to 7.4.1 is straightforward with no API changes required.

What we checked

• @​eslint/markdown declared as devDependency at version 7.4.1, confirming this is development tooling only ^[1]
• Package imported and used in standard ESLint configuration ^[2]
• Uses standard 'processor' configuration pattern which remains stable across versions ^[3]
• Official ESLint announcement confirms @​eslint/markdown is the officially supported package for Markdown linting, replacing the deprecated eslint-plugin-markdown ^[4]
• Version 7.0.0 updated plugin-kit dependency to resolve security vulnerabilities, demonstrating proactive security maintenance by the package maintainers ^[5]

Dependency Usage

The @​eslint/markdown package is used exclusively in the project's linting infrastructure to enable code quality checks for code blocks embedded within Markdown documentation files. This supports the project's development workflow by ensuring that example code in documentation maintains the same quality standards as production code. The dependency is configured centrally in the ESLint configuration file as a processor, demonstrating a standard development tooling pattern rather than runtime application functionality.

Changes

@​eslint/markdown receives improved line ending handling across rules and utilities to properly support CR and CRLF line endings per CommonMark specification. The update also adds new location mapping methods (getLocFromIndex and getIndexFromLoc), fixes incorrect location reporting in multiple rules, and corrects the applyInlineConfig return type.

• handle CR and CRLF in no-missing-atx-heading-space (#555) (a869d98) (v7.4.1, changelog)
• handle CR in MarkdownSourceCode and Front Matter util (#554) (d1ad828) (v7.4.0, changelog)
• handle CR in rules to follow CommonMark spec (#493) (20e88fe) (v7.4.0, changelog)

View 6 more changes

• add support for getLocFromIndex and getIndexFromLoc (#376) (d634f82) (vv7.4.0, release notes)
• export MarkdownLanguage from index.js (#538) (a5d78d5) (vv7.4.0, release notes)
• add null check and use getLocFromIndex in require-alt-text (#543) (41ae6c8) (vv7.4.0, release notes)
• correct the return type of applyInlineConfig (#548) (d6621a7) (vv7.4.0, release notes)
• report locations in no-multiple-h1 and require-alt-text (#551) (ec30c7d) (vv7.4.0, release notes)
• wrong location reporting in no-invalid-label-refs (#545) (e0f7d23) (vv7.4.0, release notes)

References (5)

[1]: @​eslint/markdown declared as devDependency at version 7.4.1, confirming this is development tooling only

eslint-plugin-top/package.json

Line 35 in f97cc39

"@eslint/markdown": "7.4.1",

[2]: Package imported and used in standard ESLint configuration

eslint-plugin-top/eslint.config.mjs

Line 7 in f97cc39

import markdown from '@eslint/markdown';

[3]: Uses standard 'processor' configuration pattern which remains stable across versions

eslint-plugin-top/eslint.config.mjs

Line 13 in f97cc39

...markdown.configs['processor'],

[4]: Official ESLint announcement confirms @​eslint/markdown is the officially supported package for Markdown linting, replacing the deprecated eslint-plugin-markdown (source link)

[5]: Version 7.0.0 updated plugin-kit dependency to resolve security vulnerabilities, demonstrating proactive security maintenance by the package maintainers (source link)

---

fossabot analyzed this PR using dependency research.