Bump @marp-team/marp-core from 3.9.0 to 4.0.1

[dependabot]

Bumps @marp-team/marp-core from 3.9.0 to 4.0.1.

Release notes

Sourced from @​marp-team/marp-core's releases.

v4.0.1

Security

• Fixed: Improper neutralization of HTML sanitization by comments that may lead to XSS (by @​Ry0taK)

Changed

• Upgrade Marpit to v3.1.2 (#390)
• Upgrade development Node.js LTS and dependent packages to the latest version (#391)

v4.0.0

[!IMPORTANT] The new slide container styles, block container and safe centering, produce breaking changes to existing slide layouts. (#382)

If you are using the built-in theme that contents are vertically centered (or the custom theme that depends on such themes), you can tweak the style in Markdown or the custom theme to get back the previous flex container.

• For default and uncover theme:

  <style>
    section {
      display: flex;
    }
  </style>

• For gaia theme's lead class:

  <style>
    section.lead {
      display: flex;
    }
  </style>

Breaking

• Drop support against end-of-lifed Node.js versions (v16 and earlier), and now v18+ are required (#359)
• The slide container of built-in themes became the block element and adopted safe centering (#372, #382)

Added

• Transform emojis up to Unicode 15.1 into Twemoji images (#380)

Changed

• Upgrade Marpit to v3.1.1 (#378)
  • Bump markdown-it to v14.1.0, and follow the latest spec of CommonMark 0.31.2
  • Support for CSS nesting (cssNesting constructor option)

... (truncated)

Changelog

Sourced from @​marp-team/marp-core's changelog.

v4.0.1 - 2024-12-24

Security

• Fixed: Improper neutralization of HTML sanitization by comments that may lead to XSS (by @​Ry0taK)

Changed

• Upgrade Marpit to v3.1.2 (#390)
• Upgrade development Node.js LTS and dependent packages to the latest version (#391)

v4.0.0 - 2024-09-09

[!IMPORTANT] The new slide container styles, block container and safe centering, produce breaking changes to existing slide layouts. (#382)

If you are using the built-in theme that contents are vertically centered (or the custom theme that depends on such themes), you can tweak the style in Markdown or the custom theme to get back the previous flex container.

• For default and uncover theme:

  <style>
    section {
      display: flex;
    }
  </style>

• For gaia theme's lead class:

  <style>
    section.lead {
      display: flex;
    }
  </style>

Breaking

• Drop support against end-of-lifed Node.js versions (v16 and earlier), and now v18+ are required (#359)
• The slide container of built-in themes became the block element and adopted safe centering (#372, #382)

Added

• Transform emojis up to Unicode 15.1 into Twemoji images (#380)

Changed

• Upgrade Marpit to v3.1.1 (#378)

... (truncated)

Commits

• 36673d5 4.0.1
• d66b06d [ci skip] Update CHANGELOG.md
• 61a1def Merge commit from fork
• ecaddfb [ci skip] Update CHANGELOG.md to add credit
• 6fc1b43 Merge branch 'main' into advisory-fix-1
• 44d1655 Merge pull request #391 from marp-team/upgrade-node-and-dependencies
• d734e45 [ci skip] Update CHANGELOG.md
• 5e78811 Fix unexpected change for uncover theme quote
• 6ae6c31 [ci skip] Update CHANGELOG.md
• 6b10416 Update test snapshots
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)