Bump marked from 17.0.2 to 17.0.6

[dependabot]

Bumps marked from 17.0.2 to 17.0.6.

Release notes

Sourced from marked's releases.

v17.0.6

17.0.6 (2026-04-05)

Bug Fixes

• avoid race condition in async parallel parse/parseInline with hooks (#3924) (6e96fa7)
• cli: honor positional input file (#3922) (a1c2617)
• cli: use file URL for config import (#3923) (73e1f3f)

v17.0.5

17.0.5 (2026-03-20)

Bug Fixes

• Fix catastrophic backtracking (ReDoS) in link/reflink label regex (#3918) (4625980)
• prevent quadratic complexity in emStrongLDelim regex (#3906) (c732dd2)
• prevent single-tilde strikethrough false positives (#3910) (5e03369)
• re-assign tokenizer.lexer and renderer.parser at start of each parse call (#3907) (f3a3ec0)
• trim trailing whitespace from lheading text (#3920) (3ea7e88)

v17.0.4

17.0.4 (2026-03-04)

Bug Fixes

• prevent ReDoS in inline link regex title group (#3902) (46fb9b8)

v17.0.3

17.0.3 (2026-02-17)

Bug Fixes

• escape image alt text (#3896) (909fe44)

Commits

• e07037e chore(release): 17.0.6 [skip ci]
• 6e96fa7 fix: avoid race condition in async parallel parse/parseInline with hooks (#3924)
• 73e1f3f fix(cli): use file URL for config import (#3923)
• a1c2617 fix(cli): honor positional input file (#3922)
• 3b59e81 refactor: use strict equality in RegExp exec checks (#3935)
• e6b37f2 chore(deps-dev): Bump lodash from 4.17.23 to 4.18.1 (#3937)
• abb5667 chore(deps-dev): Bump lodash-es from 4.17.23 to 4.18.1 (#3936)
• 4969cf2 chore(deps-dev): Bump handlebars from 4.7.8 to 4.7.9 (#3931)
• d44cafc chore(deps-dev): Bump picomatch from 2.3.1 to 2.3.2 (#3929)
• 59386ad chore(deps-dev): Bump eslint from 10.0.3 to 10.1.0 (#3928)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)