Update dependency markdown to v3.8.1 [SECURITY]

[renovate]

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence
markdown (changelog)	==3.7 → ==3.8.1

GitHub Vulnerability Alerts

CVE-2025-69534

Python-Markdown version 3.8 contain a vulnerability where malformed HTML-like sequences can cause html.parser.HTMLParser to raise an unhandled AssertionError during Markdown parsing. Because Python-Markdown does not catch this exception, any application that processes attacker-controlled Markdown may crash. This enables remote, unauthenticated Denial of Service in web applications, documentation systems, CI/CD pipelines, and any service that renders untrusted Markdown. The issue was acknowledged by the vendor and fixed in version 3.8.1. This issue causes a remote Denial of Service in any application parsing untrusted Markdown, and can lead to Information Disclosure through uncaught exceptions.

---

Release Notes

Python-Markdown/markdown (markdown)

v3.8.1

Compare Source

Fixed

• Ensure incomplete markup declaration in raw HTML doesn't crash parser (#​1534).
• Fixed dropped content in md_in_html (#​1526).
• Fixed HTML handling corner case that prevented some content from not being rendered (#​1528).

v3.8

Compare Source

Changed

• DRY fix in abbr extension by introducing method create_element (#​1483).
• Clean up test directory by removing some redundant tests and port
  non-redundant cases to the newer test framework.
• Improved performance of the raw HTML post-processor (#​1510).

Fixed

• Backslash Unescape IDs set via attr_list on toc (#​1493).
• Ensure md_in_html processes content inside "markdown" blocks as they are
  parsed outside of "markdown" blocks to keep things more consistent for
  third-party extensions (#​1503).
• md_in_html handle tags within inline code blocks better (#​1075).
• md_in_html fix handling of one-liner block HTML handling (#​1074).
• Ensure <center> is treated like a block-level element (#​1481).
• Ensure that abbr extension respects AtomicString and does not process
  perceived abbreviations in these strings (#​1512).
• Ensure smarty extension correctly renders nested closing quotes (#​1514).

---

Configuration

📅 Schedule: (UTC)

• Branch creation
  • ""
• Automerge
  • At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[webteam-app]

Demo

Jenkins

demos.haus

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 48.14%. Comparing base (5afbbc9) to head (713d512).

Additional details and impacted files

@@           Coverage Diff           @@
##             main   #16093   +/-   ##
=======================================
  Coverage   48.14%   48.14%           
=======================================
  Files          37       37           
  Lines        5845     5845           
=======================================
  Hits         2814     2814           
  Misses       3031     3031           

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.