fix(deps): update dependency marked to v18

[elastic-renovate-prod]

This PR contains the following updates:

Package	Type	Update	Change	Pending
marked (source)	dependencies	major	^14.1.4 -> ^18.0.0	18.0.3

---

Warning

Some dependencies could not be looked up. Check the Dependency Dashboard for more information.

---

Release Notes

markedjs/marked (marked)

v18.0.2

Compare Source

Bug Fixes

• fix infinite loop for indented code blank line (#​3947) (58a52e8)

v18.0.1

Compare Source

Bug Fixes

• rules: ensure lookbehind regex is evaluated correctly by minifiers (#​3945) (abd907a)

v18.0.0

Compare Source

Bug Fixes

• Bump typescript from 5.9.3 to 6.0.2 (#​3934) (e8efc51)
• prevent GFM table tokens from greedily capturing trailing newlines (#​3926) (40f2665)
• prevent heading and def tokens from greedily capturing multiple newlines (#​3925) (b379e3e)
• trim blank lines from block tokens (#​3939) (b70895f)

BREAKING CHANGES

• trim trailing blank lines from block tokens
• update Typescript to v6

v17.0.6

Compare Source

Bug Fixes

• avoid race condition in async parallel parse/parseInline with hooks (#​3924) (6e96fa7)
• cli: honor positional input file (#​3922) (a1c2617)
• cli: use file URL for config import (#​3923) (73e1f3f)

v17.0.5

Compare Source

Bug Fixes

• Fix catastrophic backtracking (ReDoS) in link/reflink label regex (#​3918) (4625980)
• prevent quadratic complexity in emStrongLDelim regex (#​3906) (c732dd2)
• prevent single-tilde strikethrough false positives (#​3910) (5e03369)
• re-assign tokenizer.lexer and renderer.parser at start of each parse call (#​3907) (f3a3ec0)
• trim trailing whitespace from lheading text (#​3920) (3ea7e88)

v17.0.4

Compare Source

Bug Fixes

• prevent ReDoS in inline link regex title group (#​3902) (46fb9b8)

v17.0.3

Compare Source

Bug Fixes

• escape image alt text (#​3896) (909fe44)

v17.0.2

Compare Source

Bug Fixes

• fix blockquote after list (#​3888) (2a475a1)
• fix empty list item (#​3890) (3fc6a44)
• fix list item wrong indent (#​3889) (e031175)
• fix list with tabs (#​3891) (9fc4f8e)
• fix strikethrough flanking rules (#​3882) (1a5b124)

v17.0.1

Compare Source

Bug Fixes

• fix block elements in task item (#​3828) (921ee22)

v17.0.0

Compare Source

Bug Fixes

• only create tokens inside tokenizers (#​3755) (7b19231)

BREAKING CHANGES

• Change how consecutive text tokens work in lists
• Simplify listItem renderer
• Checkbox token is added in list tokenizer
• Checkbox token add type and raw property
• Change loose list text tokens to paragraph type in the list tokenizer

v16.4.2

Compare Source

Bug Fixes

• Avoid RegExp lookbehind assertions (#​3816) (#​3817) (c056df0)

v16.4.1

Compare Source

Bug Fixes

• resolve even-numbered backtick precedence issue (#​3776) (#​3786) (1da8fb5)

v16.4.0

Compare Source

Bug Fixes

• Fix backtick and code rendering in links (#​3783) (302ee59)
• fix links with square brackets in inline code break wrapping italics (#​3785) (e3c0d3e)
• Make www case-sensitive when detecting link starts (#​3770) (626d961)

Features

• Add async provideParser provideLexer (#​3756) (09577e5)

v16.3.0

Compare Source

Features

• add emStrongMask hook (#​3749) (cd2b5f4)

v16.2.1

Compare Source

Bug Fixes

• allow escaped newline in link text (#​3752) (30c6630)

v16.2.0

Compare Source

Features

• add def token in tokens and renderer (#​3745) (0769124)

v16.1.2

Compare Source

Bug Fixes

• fix multiline list item adds extra newline to raw (#​3735) (e76453e)

v16.1.1

Compare Source

Bug Fixes

• fix stong and em tokens in angle brackets (#​3731) (ad8535c)

v16.1.0

Compare Source

Features

• add generic types for parser and renderer output (#​3722) (39a0ee3)

v16.0.0

Compare Source

Bug Fixes

• remove cjs build & update min node to 20 (#​3687) (0a35d8f)

BREAKING CHANGES

• minify ./lib/marked.esm.js and ./lib/marked.umd.js

• remove ./marked.min.js use ./lib/marked.umd.js instead

• remove ./lib/marked.cjs

• update minimum supported node version to 20 to support require('marked.esm.js'). see https://nodejs.org/docs/latest-v20.x/api/modules.html#loading-ecmascript-modules-using-require

• This seems to break Jest since it doesn't work with esm by default.

  You need to transform marked with:

  transformIgnorePatterns: ['/node_modules/(?!(marked)/)'],
  

  see Jest docs for more info

v15.0.12

Compare Source

Bug Fixes

• use esbuild for accurate sourcemaps (#​3670) (7a6b2d7)

v15.0.11

Compare Source

Bug Fixes

• fix image alt text rendered to match common mark (#​3668) (2c0e47a)

v15.0.10

Compare Source

Bug Fixes

• fix non-breaking space in link url (#​3667) (e071e25)

v15.0.9

Compare Source

Bug Fixes

• fix link url with no closing parenthesis (#​3664) (72b6373)

v15.0.8

Compare Source

Bug Fixes

• fix emstrong inside escaped backticks (#​3652) (721dc58)

v15.0.7

Compare Source

Bug Fixes

• fix table rendered as heading (#​3612) (9ae87de)

v15.0.6

Compare Source

Bug Fixes

• fix strikethrough inside strong and em to follow gfm (#​3577) (7712a53)

v15.0.5

Compare Source

Bug Fixes

• allow strikethrough inside strong and em to follow gfm (#​3569) (8a01658)

v15.0.4

Compare Source

Bug Fixes

• fix list with no items looping forever (#​3560) (e4198ed)

v15.0.3

Compare Source

Bug Fixes

• update punctuation regex syntax to fix babel mistaken transpile (#​3547) (9b988c4)

v15.0.2

Compare Source

Bug Fixes

• update punctuation regex syntax for compatibility (#​3540) (fd015f1)

v15.0.1

Compare Source

Bug Fixes

• Remove unused plus typescript tightening (#​3527) (1f579f7)

v15.0.0

Compare Source

Bug Fixes

• escape html in renderer (#​3495) (58d66e5)
• Move all regexps to rules (#​3519) (1f88deb)

BREAKING CHANGES

• escape html in renderers instead of tokenizers for all tokens.

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR has been generated by Renovate Bot.

[elastic-renovate-prod]

⚠️ Artifact update problem

Renovate failed to update artifacts related to this branch. You probably do not want to merge this PR as-is.

♻ Renovate will retry this branch, including artifacts, only when one of the following happens:

• any of the package files in this branch needs updating, or
• the branch becomes conflicted, or
• you click the rebase/retry checkbox if found above, or
• you rename this PR's title to start with "rebase!" to trigger it manually

The artifact failure details are included below:

File name: package-lock.json

npm warn Unknown env config "store". This will stop working in the next major version of npm. See `npm help npmrc` for supported config options.
npm error code ERESOLVE
npm error ERESOLVE could not resolve
npm error
npm error While resolving: marked-terminal@7.3.0
npm error Found: marked@18.0.3
npm error node_modules/marked
npm error   marked@"^18.0.0" from the root project
npm error
npm error Could not resolve dependency:
npm error peer marked@">=1 <16" from marked-terminal@7.3.0
npm error node_modules/marked-terminal
npm error   marked-terminal@"^7.3.0" from the root project
npm error
npm error Conflicting peer dependency: marked@15.0.12
npm error node_modules/marked
npm error   peer marked@">=1 <16" from marked-terminal@7.3.0
npm error   node_modules/marked-terminal
npm error     marked-terminal@"^7.3.0" from the root project
npm error
npm error Fix the upstream dependency conflict, or retry this command with --force or --legacy-peer-deps to accept an incorrect (and potentially broken) dependency resolution.
npm error
npm error
npm error For a full report see:
npm error /tmp/renovate/cache/others/npm/_logs/2026-05-11T17_38_25_114Z-eresolve-report.txt
npm error A complete log of this run can be found in: /tmp/renovate/cache/others/npm/_logs/2026-05-11T17_38_25_114Z-debug-0.log

File name: undefined

Post-upgrade command 'node scripts/generate-notice.mjs' has not been added to the allowed list in allowedPostUpgradeCommands

[github-actions]

✅MegaLinter analysis: Success

Descriptor	Linter	Files	Fixed	Errors	Warnings	Elapsed time
✅ COPYPASTE	jscpd	yes		no	no	7.69s
✅ REPOSITORY	gitleaks	yes		no	no	92.3s
✅ REPOSITORY	git_diff	yes		no	no	0.56s
✅ REPOSITORY	secretlint	yes		no	no	24.27s
✅ REPOSITORY	trivy	yes		no	no	12.24s

See detailed reports in MegaLinter artifacts
Set VALIDATE_ALL_CODEBASE: true in mega-linter.yml to validate all sources, not only the diff

MegaLinter is graciously provided by OX Security
Show us your support by starring ⭐ the repository

[JoshMock]

Peer dependency issues causing this to fail in CI (see #158 as well). @Mpdreamz can you check this one out since you added marked for docs search?