deps: Update markdown-it to fix vulnerability warnings

[mthahzan]

As shown on #202 markdown-it v10.x.x includes certain vulnerabilities which were fixed on subsequent versions. This updates the dependency to fix these vulnerabilities.

[sainjay]

@iamacup @miallo @RonRadtke kindly merge so that the Synk Vulnerability can be resolved:
https://security.snyk.io/vuln/SNYK-JS-MARKDOWNIT-6483324?_gl=1%2a1l4vawo%2a_ga%2aMTkzNjU3NTQyNC4xNjg3MzYxMzIx%2a_ga_X9SH3KP7B4%2aMTcxMTQ3MTc1OS42Ni4xLjE3MTE0NzE3NzUuMC4wLjA.

[lernerb]

@iamacup Can we please fix this security vulmn for the community?

[david-gettins]

@mthahzan there is an update to the @types/markdown-it also. Currently it is at 14.0.1 which you haven't included in this PR.

[mthahzan]

@david-gettins thanks! PR Updated.

Also, I noticed latest version of markdown-it is 14.1.0 now. Didn't have the time to test it out to see if works or not. If someone can verify, I can bump the version of that as well.

[lautenschlager-dev]

Any plans when this will be merged?

[sainjay]

This vulnerability is still there. Kindly this merged other we'll have to migrate to a different library.

[david-gettins]

If like myself you would like a temporary workaround for the audit issues you can use force-resolutions to force the fixed version of markdown-it. Just beware there may be compatibility issues, but I haven't come across any yet.

Of course, you can always look for an alternative library. If you find one, please let us all know. I would prefer not to use the forced resolution.

[sobrinho]

@iamacup ping

[javigutierrezfer]

Is there any update on this?? @iamacup

[sainjay]

@javigutierrezfer i use bun and fixed it by setting the patch version in overrides

"overrides": {
"markdown-it": "14.0.0",
}

Didn't notice any issues.

[sergioisidoro]

I'm also getting this some upstream issues with markdown-it. Updating this dep might be helpful
markdown-it/markdown-it#958 (See linked issue inside, refering to the release of entities and update of that dependency)

[AlimovSV]

@iamacup ping

[satheeshwaran]

Kindly merge this PR

[sobrinho]

@iamacup ping

[AlimovSV]

@iamacup ping

[jatinparmar96]

To all those looking for a drop in replacement for this library, I found it here: https://www.npmjs.com/package/@ronradtke/react-native-markdown-display

[3dotline]

PR #204 has been open for a while. If anyone’s looking for a workaround in the meantime, I’ve found that using the overrides field in package.json is a cleaner approach than force-resolutions:

"overrides": {
  "react-native-markdown-display": {
    "markdown-it": "^14.0.0",
    "@types/markdown-it": "^14.0.1"
  }
}

[harmony-netizen]

Would be great if this PR could be merged

[sobrinho]

@iamacup would you merge this one?

[MahmoudMabrok]

fix is here
https://github.com/MahmoudMabrok/mo3ta-markdown
@sobrinho @harmony-netizen @AlimovSV