build(deps): bump markdown-it and markdownlint-cli

[dependabot]

Bumps markdown-it to 14.2.0 and updates ancestor dependency markdownlint-cli. These dependencies need to be updated together.

Updates markdown-it from 14.1.1 to 14.2.0

Changelog

Sourced from markdown-it's changelog.

[14.2.0] - 2026-05-24

Added

• isPunctCharCode to utilities.

Fixed

• Don't end HTML comment blocks on a blank line, #1155.
• Properly recognize astral chars (surrogates) in delimiter scans for emphasis-like markers, #1072. Big thanks to @​tats-u for his global efforts with improving CJK support.
• Preserve unicode whitespaces when trimm headings/paragraphs, #1074.
• More strict entities decode to avoid false positives ;, #1096.
• Restore block parser state on fail in lheading rule, #1131.

Security

• Fixed poor smartquotes perfomance on > 70k quotes in single block
• Bumped linkify-it to 5.0.1 with fixed potential perfomance issues.

Commits

• 829797a 14.2.0 released
• 9ce2087 Fix smartquotes perfomance
• 02e73b8 linkify-it bump
• 68cfb8c fix: don't end HTML comment blocks on a blank line (#1155)
• 1083137 Readme cleanup
• 97c7ca2 Update funding info
• c471b55 Changelog update
• 7769621 isPunctChar => isPunctCharCode
• aa2aa70 fix: always reset parentType in lheading rule (#1131)
• 59955f2 Polish PRs #1072, #1074
• Additional commits viewable in compare view

Updates markdownlint-cli from 0.48.0 to 0.49.0

Release notes

Sourced from markdownlint-cli's releases.

v0.49.0

• Update markdownlint dependency to 0.41.0
  • Improve MD022/MD028/MD035/MD042/MD051/MD060
  • Remove handling of inline directive syntax (frequent false positives)
  • Remove support for end-of-life Node version 20
• Update all dependencies via Dependabot

Commits

• a4d5d37 Bump version 0.49.0
• 503f264 Delete and recreate package-lock.json via "npm install".
• 7a24593 Bump markdownlint from 0.40.0 to 0.41.0
• c7c1c76 Bump commander from 14.0.3 to 15.0.0
• 83f5f30 Bump tinyglobby from 0.2.16 to 0.2.17
• 74b98de Bump js-yaml from 4.1.1 to 4.2.0
• d368135 Bump markdown-it from 14.1.1 to 14.2.0
• dd34288 Bump ava from 8.0.0 to 8.0.1
• 1e363dc Bump brace-expansion from 5.0.5 to 5.0.6
• 2f092d2 Bump ava from 7.0.0 to 8.0.0
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  You can disable automated security fix PRs for this repo from the Security Alerts page.