refactor: Bump marked from 15.0.12 to 17.0.3

[mtrezza]

Closes #3235

Changes

• 16.0.0: Removed CommonJS build (marked.cjs), replaced marked.min.js with marked.umd.js. Requires Node.js 20+. Added generic types for parser/renderer.
• 16.1.0-16.4.0: Added def token, emStrongMask hook, async provideParser/provideLexer. Various bug fixes.
• 17.0.0: Restructured list tokens — consecutive text tokens, simplified listItem renderer, checkbox token changes, loose list text tokens changed to paragraph type.
• 17.0.1-17.0.3: Bug fixes for list items, strikethrough, blockquotes.

Code Changes Required

None — the project uses webpack (handles ESM), already requires Node.js >=20.18.0, and does not customize list/checkbox rendering. Build verified successfully.

Summary by CodeRabbit

• Chores

  • Updated markdown parsing library to 17.0.3
  • Increased minimum Node.js requirement to 20
  • Added license metadata to multiple dependencies

• Tests

  • Test tooling updated so the markdown package is processed during test runs (ensures latest parser is transformed)

[parse-github-assistant]

🚀 Thanks for opening this pull request! We appreciate your effort in improving the project. Please let us know once your pull request is ready for review.

Tip

• Keep pull requests small. Large PRs will be rejected. Break complex features into smaller, incremental PRs.
• Use Test Driven Development. Write failing tests before implementing functionality. Ensure tests pass.
• Group code into logical blocks. Add a short comment before each block to explain its purpose.
• We offer conceptual guidance. Coding is up to you. PRs must be merge-ready for human review.
• Our review focuses on concept, not quality. PRs with code issues will be rejected. Use an AI agent.
• Human review time is precious. Avoid review ping-pong. Inspect and test your AI-generated code.

Note

Please respond to review comments from AI agents just like you would to comments from a human reviewer. Let the reviewer resolve their own comments, unless they have reviewed and accepted your commit, or agreed with your explanation for why the feedback was incorrect.

Caution

Pull requests must be written using an AI agent with human supervision. Pull requests written entirely by a human will likely be rejected, because of lower code quality, higher review effort and the higher risk of introducing bugs. Please note that AI review comments on this pull request alone do not satisfy this requirement.

[parseplatformorg]

✅ Snyk checks have passed. No issues have been found so far.

Status	Scan Engine	Critical	High	Medium	Low	Total (0)
✅	Open Source Security	0	0	0	0	0 issues

💻 Catch issues earlier using the plugins for VS Code, JetBrains IDEs, Visual Studio, and Eclipse.

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: 565e920d-14e8-499d-9e27-2cb3cf15ebe0

📥 Commits

Reviewing files that changed from the base of the PR and between 82afcb3 and 71ffc2c.

📒 Files selected for processing (2)

• package.json
• testing/preprocessor.js

🚧 Files skipped from review as they are similar to previous changes (1)

• package.json

---

📝 Walkthrough

Walkthrough

Bumped devDependency marked from 15.0.12 to 17.0.3 (updated package.json and package-lock.json), adjusted marked engines.node to >=20, added/expanded license metadata and reorganized some lockfile subtrees, and made Jest/Babel test preprocessing allow transforming marked in node_modules.

Changes

Cohort / File(s)	Summary
Dependency Manifest package.json	Bumped marked devDependency 15.0.12 → 17.0.3 and added Jest transformIgnorePatterns exception for marked.
Lockfile: marked bump & metadata package-lock.json	Updated top-level marked entry (version, resolved URL, integrity) and raised engines.node requirement to >=20; added/filled many license fields across multiple packages.
Lockfile: subtree reorg package-lock.json	Removed/adjusted marked-terminal top-level subtree entries and added/expanded node_modules/semantic-release/node_modules/... entries (restoring older marked/marked-terminal versions and related packages); added top-level supports-hyperlinks entry.
Test preprocessing testing/preprocessor.js	Adjusted Jest/Babel transform logic to skip node_modules except allow transforming marked via an esmPackages regex; other preprocessing behavior unchanged.

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~20 minutes

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Title check	✅ Passed	The PR title accurately and concisely describes the primary change: bumping the marked dependency from 15.0.12 to 17.0.3.
Description check	✅ Passed	The PR description documents the dependency upgrade with detailed release highlights and explains why no code changes are required, though it lacks explicit completion of template sections.
Linked Issues check	✅ Passed	The PR successfully addresses the linked issue #3235 by updating marked from 15.0.12 to 17.0.3 with proper Jest configuration adjustments and build verification.
Out of Scope Changes check	✅ Passed	All changes are in-scope: package.json/package-lock.json dependency updates and Jest configuration to support the new ESM-only marked package.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

Warning

There were issues while running some tools. Please review the errors and either fix the tool's configuration or disable the tool if it's a critical failure.

🔧 Checkov (3.2.510)

package.json

2026-03-30 03:29:48,618 [MainThread ] [ERROR] Template file not found: package.json
2026-03-30 03:29:48,620 [MainThread ] [ERROR] Template file not found: package.json
2026-03-30 03:29:48,626 [MainThread ] [ERROR] Template file not found: package.json
2026-03-30 03:29:48,685 [MainThread ] [ERROR] Failed to invoke function /usr/local/lib/python3.11/dist-packages/checkov/common/runners/object_runner. with package.json
Traceback (most recent call last):
File "/usr/local/lib/python3.11/dist-packages/checkov/common/parallelizer/parallel_runner.py", line 88, in func_wrapper
result = original_func(item)
^^^^^^^^^^^^^^^^^^^
File "/usr/local/lib/python3.11/dist-packages/checkov/common/runners/object_runner.py", line 74, in
results = parallel_runner.run_function(lambda f: (f, self._parse_file(f)), files_to_load)
^^^^^^^^^^^^^^^^^^^
File "/usr/local/lib/python3.11/dist-packages/checkov/ope

... [truncated 2547 characters] ...

[MainThread ] [WARNI] Secret scanning: could not process file package.json
2026-03-30 03:29:48,742 [MainThread ] [ERROR] Exception traceback:
Traceback (most recent call last):
File "/usr/local/lib/python3.11/dist-packages/checkov/main.py", line 647, in run
self.scan_reports = runner_registry.run(
^^^^^^^^^^^^^^^^^^^^
File "/usr/local/lib/python3.11/dist-packages/checkov/common/runners/runner_registry.py", line 177, in run
for result in parallel_runner_results:
File "/usr/local/lib/python3.11/dist-packages/checkov/common/parallelizer/parallel_runner.py", line 118, in _run_function_multiprocess_fork
raise v.internal_exception.with_traceback(v.internal_exception.traceback)
FileNotFoundError: [Errno 2] No such file or directory: 'package.json'

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}