fix(security): unpinned cdn dependency versions allow supply chai

The `marked` and `marked-gfm-heading-id` libraries are loaded from jsdelivr without pinned versions (`/npm/marked/marked.min.js` and `/npm/marked-gfm-heading-id/lib/index.umd.js`). This means the CDN serves whatever the latest version is, which could change at any time. A malicious version published to npm would be automatically served to all visitors.

Affected files: index.html

Signed-off-by: Trần Bách <45133811+barttran2k@users.noreply.github.com>

Author: barttran2k

index.html

@@ -35,10 +35,10 @@
 	<main></main>
 
 	<!-- JavaScript Library to Convert Markdown into HTML -->
-	<script src="https://cdn.jsdelivr.net/npm/marked/marked.min.js"></script>
+	<script src="https://cdn.jsdelivr.net/npm/marked@12.0.2/marked.min.js"></script>
 
 	<!-- Marked plugin to add heading ID's -->
-	<script src="https://cdn.jsdelivr.net/npm/marked-gfm-heading-id/lib/index.umd.js"></script>
+	<script src="https://cdn.jsdelivr.net/npm/marked-gfm-heading-id@3.2.0/lib/index.umd.js"></script>
 
 	<script>
 		// Basic Settings