build(deps): [security] bump remarkable from 1.7.1 to 1.7.4

[dependabot-preview]

Bumps remarkable from 1.7.1 to 1.7.4. This update includes security fixes.

Vulnerabilities fixed

Sourced from The GitHub Security Advisory Database.

High severity vulnerability that affects remarkable
lib/common/html_re.js in remarkable 1.7.1 allows Regular Expression Denial of Service (ReDoS) via a CDATA section.

Affected versions: <= 1.7.1

Sourced from The GitHub Security Advisory Database.

Moderate severity vulnerability that affects remarkable
In remarkable 1.7.1, lib/parser_inline.js mishandles URL filtering, which allows attackers to trigger XSS via unprintable characters, as demonstrated by a \x0ejavascript: URL.

Affected versions: <= 1.7.1

Changelog

Sourced from remarkable's changelog.

1.7.4 / 2019-07-30

• upgrade argparse (https://github-redirect.dependabot.com/jonschlinkert/remarkable/pull/349)
• prevent a ReDoS vulnerability (#335)
• disallow ascii control characters in URLs (#334)

1.7.0 / 2016-09-27

• Special thanks to lemoinem for adding much needed, and well-written documentation!
• Footnotes are now enabled by default
• Adds support for "passthrough classes", thanks to matthewmueller
• Outlaws data: URLs by default, thanks to spicyj
• Improves whitespace trimming performance, thanks to dpkirchner
• Image alts are now properly unescaped, thanks to adam187

1.6.2 / 2016-02-04

• Add support for specifying link target
• StateBlock.getLines should only read from the current line
• Fix missing space after shortcut links
• Fix "Manage rules" sample code in README.md
• Fix encoding of non-ASCII text (fixes #141)
• Option to not alter links provided for href
• Add Node.js v0.12 and v4 to Travis config
• Define bin script for npm
• Fix "Manage rules" sample code in README.md
• Fix typo in github proj url in Makefile
• Fix build by ignoring the demo directory in eslint

1.6.1 / 2015-11-19

• npm now installs a script so you can access remarkable from the command
  line.

1.5.0 / 2014-12-12

• Added Demo sync scroll, to show how lines mapping can be used.
• Improved IE8 support. Now you need only es5-shim, without es5-sham.
• Fixed errors on refs/attrs/footnoted with special names like __proto__.
• Renamed Ruler() private properties, to show those should not be accessed
  directly.
• Fixed Makefile OSX compatibility.

1.4.2 / 2014-11-29

... (truncated)

Commits

• 85abd88 v1.7.4
• 6217c5d Upgrade argparse #349
• 7d98b94 v1.7.3
• c688aa5 Build umd
• 152e378 Add prepublish hook
• aaa807a v1.7.2
• 287dfbf Prevent a ReDoS vulnerability (#335)
• 49e87b7 fix: disallow ascii control characters in URLs (#334)
• 232a554 Merge pull request #345 from TrySound/coverage
• fb7bc09 Enable coverage via nyc
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by trysound, a new releaser for remarkable since your current version.

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
• @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
• @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
• @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
• @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language
• @dependabot badge me will comment on this PR with code to add a "Dependabot enabled" badge to your readme

Additionally, you can set the following in your Dependabot dashboard:

• Update frequency (including time of day and day of week)
• Pull request limits (per update run and/or open at any time)
• Out-of-range updates (receive only lockfile updates, if desired)
• Security updates (receive only security updates, if desired)