fix(deps): update dependency mermaid to v10.9.3 [security] - autoclosed

[renovate]

This PR contains the following updates:

Package	Change	Age	Confidence
mermaid	10.5.0 → 10.9.3

GitHub Vulnerability Alerts

GHSA-m4gq-x24j-jpmf

The following bundled files within the Mermaid NPM package contain a bundled version of DOMPurify that is vulnerable to GHSA-mmhx-hmjr-r674, potentially resulting in an XSS attack.

This affects the built:

• dist/mermaid.min.js
• dist/mermaid.js
• dist/mermaid.esm.mjs
• dist/mermaid.esm.min.mjs

This will also affect users that use the above files via a CDN link, e.g. https://cdn.jsdelivr.net/npm/mermaid@10.9.2/dist/mermaid.min.js

Users that use the default NPM export of mermaid, e.g. import mermaid from 'mermaid', or the dist/mermaid.core.mjs file, do not use this bundled version of DOMPurify, and can easily update using their package manager with something like npm audit fix.

Patches

• develop branch: 6c785c93166c151d27d328ddf68a13d9d65adc00
• backport to v10: 92a07ffe40aab2769dd1c3431b4eb5beac282b34

---

Release Notes

mermaid-js/mermaid (mermaid)

v10.9.3

Compare Source

Updates the bundled version of dependencies in the following files:

• dist/mermaid.min.js
• dist/mermaid.js
• dist/mermaid.esm.mjs
• dist/mermaid.esm.min.mjs

If you are not using these files (e.g. you are using the default NPM export of mermaid, e.g. import mermaid from 'mermaid', or you are using dist/mermaid.core.mjs), this release is identical to v10.9.2.

This is to avoid potential security issues in KaTeX and DOMPurify, see:

• GHSA-mmhx-hmjr-r674
• GHSA-64fm-8hw2-v72w
• GHSA-cvr6-37gx-v8wc
• GHSA-f98w-7cxr-ff2h
• GHSA-3wc5-fcw2-2329

These dependencies have already been updated in v11.0.0.

Changelog

Chore

• Updates the bundled version of KaTeX to 0.16.11 (2bedd0e)
• Updates the bundled version of DOMPurify to 3.1.6 (92a07ff)

Full Changelog: mermaid-js/mermaid@v10.9.2...v10.9.3

v10.9.2

Compare Source

This release back-ports #​5914 to the v10 release line to fix #​5904 (an incompatibility between mermaid and DOMPurify v3.1.7)

Patch Changes

• #​5914 402abdf [10] fix: ban version v3.1.7 of DOMPurify

Full Changelog: mermaid-js/mermaid@v10.9.1...v10.9.2

v10.9.1

Compare Source

What's Changed

BugFixes

• Cleaning of labels in Block diagram by @​knsv

Docs

• docs(integrations): update link to Mermaid app for Slack by @​JackuB in #​5370
• Update new diagram doc to reflect focus on Langium by @​sidharthv96 in #​5372
• feat: Make the examples interactive in the documentation site by @​sidharthv96 in #​5376
• DOCS: add latest blog posts by @​huynhicode in #​5368
• DOCS: update Announcement bar link by @​huynhicode in #​5394
• DOCS: Add Press Release by @​huynhicode in #​5400
• DOCS: add Turing machine blog post by @​huynhicode in #​5425
• DOCS: update latest news by @​huynhicode in #​5455
• 📝🐛 fix schema link by @​dudeofawesome in #​5456
• DOCS: Add AI in Software Diagramming blog post by @​huynhicode in #​5492
• DOCS: update Mermaid Chart page by @​huynhicode in #​5495
• DOCS: Add blog post - Documentation Software by @​huynhicode in #​5519

New Contributors

• @​dudeofawesome made their first contribution in #​5456

Full Changelog: mermaid-js/mermaid@v10.9.0...v10.9.1

v10.9.0

Compare Source

Release Notes

We now have Katex support!

Demo

🚀 Features

• Bump @​zenuml/core and update render options in mermaid-zenuml (#​5257) @​dontry
• Implement "until" keyword in gantt charts (#​5224) @​fzag
• Integrated Katex typesetting into flowcharts (#​2885) @​NicolasNewman

🧰 Maintenance

• Add gitgraph parallel commits to docs (#​5336) @​NicolasCwy
• Update recommended Vitest extension (#​5322) @​NicolasCwy
• Correcting path to docker-entrypoint.sh (#​5327) @​bstordrup
• Fix chrome webstore url causing 404 (#​5352) @​Abrifq
• Fix color and arrow for merge commit (gitGraph) (#​5152) @​macherel
• Fix link to Contributors section in README (#​5298) @​BaumiCoder
• Fix macOS onboarding issues (#​5262) @​thedustin
• Fix netlify deploy (#​5332) @​sidharthv96
• Link to webhelp (#​5316) @​BaumiCoder
• Update contribute (#​5268) @​FutzMonitor
• Updates Timeline Documentation (#​5315) @​FutzMonitor
• [Docs] Updated chrome extension url's to new store (#​5297) @​Abrifq
• chore: Update CSpell configuration (#​5286) @​Jason3S
• feat: add name field to the actors (#​5284) @​ad1992
• fix typo cutomers => customers (#​5269) @​elgalu

📚 Documentation

• Add new extension to integrations (#​5287) @​BoDonkey
• Added link to Blazorade Mermaid to the community integrations page. (#​5333) @​MikaBerglund
• Replace version number placeholder (#​5304) @​BaumiCoder

🎉 Thanks to all contributors helping with this release! 🎉

v10.8.0

Compare Source

v10.8.0

Features

• Adding new diagram type - Block Diagram by @​knsv in #​5221

• Feature/5114 add parallel commit config by @​mathbraga in #​5161

• Changes to Gantt Parsers to allow hashes and semicolons to titles, sections, and task data. by @​FutzMonitor in #​5095

• Feature/4653 add actor-top class to sequence diagram by @​Ronid1 in #​5241

Documentation

• Updated gantt chart docs to show all config options by @​murdoa in #​5192
• Contribution documentation improvements by @​nirname in #​5132
• Update flowchart.md - how to use font-awesome #​5195 by @​arukiidou in #​5196
• Add more detailed docs for Gantt tasks by @​sorenisanerd in #​5194
• Docs/4974 reorder integration links by @​Ronid1 in #​5066
• docs: fix swimm link by @​Yokozuna59 in #​5219
• Update Slack community links to Discord by @​Olegt0rr in #​5225
• Docs: Mermaid chart updates by @​huynhicode in #​5232
• Fix typos in timeline syntax samples by @​sblom in #​5139

Bug fixes

• Bug/5059 fix external connection after updating edges by @​mathbraga in #​5127
• [Fix] Sequence diagram actor menu popup by @​vitorsss in #​5160
• fix: Dompurify Hooks by @​sidharthv96 in #​5236
• Accurate pie chart labeling for text alignment by @​JenningsWilliam in #​5141
• fix: Redirect of old URLs by @​sidharthv96 in #​5250
• Fixed Typo in ErrorRenderer.ts by @​FutzMonitor in #​5256

Chores

• Revert "Revert 5041 feature/4935 subgraph title margin config option" by @​mathbraga in #​5205
• build(deps-dev): bump follow-redirects from 1.15.2 to 1.15.5 by @​dependabot in #​5200
• chore(deps): update all patch dependencies (patch) by @​renovate in #​5150
• E2E Image comparison by @​sidharthv96 in #​5208
• E2E test by @​sidharthv96 in #​5210
• Optimise caching of test results by @​sidharthv96 in #​5213
• Update update-browserlist.yml to fix deprecation and action fails by @​Abrifq in #​5151
• UpdateCypress by @​sidharthv96 in #​5228
• Use node v20 by @​sidharthv96 in #​5248
• Convert Mindmap to TS by @​sidharthv96 in #​5247
• chore: Add interface naming Convention by @​sidharthv96 in #​5254

New Contributors

• @​murdoa made their first contribution in #​5192
• @​arukiidou made their first contribution in #​5196
• @​sorenisanerd made their first contribution in #​5194
• @​Ronid1 made their first contribution in #​5066
• @​Olegt0rr made their first contribution in #​5225
• @​vitorsss made their first contribution in #​5160
• @​sblom made their first contribution in #​5139
• @​JenningsWilliam made their first contribution in #​5141

Full Changelog: mermaid-js/mermaid@v10.7.0...v10.8.0

v10.7.0

Compare Source

Release Notes

• 3952 lexical ids (#​5028) @​jgreywolf
• Add new Atlassian integrations (#​5021) @​nashtechlabs
• Adds Unison programming language to community integrations list (#​5180) @​rlmark
• Bump GitHub workflow actions to latest versions (#​5026) @​deining
• Changes to .prettierignore (#​5109) @​FutzMonitor
• Chore: Typo fixed in multiple files (#​4947) @​SusheelThapa
• DOCS: update Flowchart page (#​5169) @​huynhicode
• DOCS: update announcement bar (#​5193) @​huynhicode
• Docs: Ecosystem section pages - verbiage updates (#​5124) @​huynhicode
• Docs: Update latest news (#​5147) @​huynhicode
• Docs: add Mermaid for Slack integration (#​4824) @​JackuB
• Docs: add latest blog post - JetBrains extension (#​5158) @​huynhicode
• Docs: update Latest News section (#​5048) @​huynhicode
• Documentation: clarify sentence (#​5025) @​deining
• Fix issue with generic class not rendering (#​5098) @​jgreywolf
• Holiday 2023 promo (#​5080) @​huynhicode
• Referenced the PmWiki's Cookbook recipe enabling MermaidJs schematics… (#​5085) @​d-faure
• Release/10.7.0 (#​5188) @​sidharthv96
• Update NiceGuy.io links in integrations-community.md (#​5120) @​Abrifq
• Update all minor dependencies (minor) (#​5047) @​renovate
• Update all patch dependencies (patch) (#​5046) @​renovate
• Update all patch dependencies (patch) (#​5033) @​renovate
• Update generics docs (#​5130) @​jgreywolf
• Update index.md (#​5012) @​StefonSimmons
• Update integrations-community.md (Add Codemia to the list of productivity tools using Mermaid) (#​5189) @​markqian
• Updated README with expandable table of content. (#​4961) @​claesgill
• add links to make it easier (#​4952) @​ajdamico
• bug: #​4905 change shiki theme to github-light (#​4924) @​raiman264
• build(deps-dev): bump vite from 4.4.9 to 4.4.12 (#​5115) @​dependabot
• chore(deps): update all minor dependencies (minor) (#​5172) @​renovate
• chore(deps): update all minor dependencies (minor) (#​5131) @​renovate
• chore(deps): update all minor dependencies (minor) (#​5099) @​renovate
• chore(deps): update all minor dependencies (minor) (#​5071) @​renovate
• chore(deps): update all patch dependencies (patch) (#​5070) @​renovate
• chore(deps): update all patch dependencies (patch) (#​5015) @​renovate
• docs: Update classDiagram.md (#​4973) @​SahilNagpure07
• docs: fixed typo (#​4893) @​0xflotus
• feat(gantt): update styles (#​4930) @​Mister-Hope
• fix: #​5064 Handle case when line has only one point (#​5065) @​sidharthv96
• fix: getMessageAPI so it considers entity codes (#​5002) @​ad1992
• fix: render the participants in same order as they are created (#​5017) @​ad1992
• fix: target blank removed from anchor tag (#​4933) @​REVERB283
• prevent-inherited-lineheights-on-edgeterminal-4083 (#​4915) @​Patronud

🚀 Features

• Added functionality to support style keyword (#​5111) @​jgreywolf
• Feature/4935 subgraph title margin config option (#​5041) @​mathbraga
• Revert 5041 feature/4935 subgraph title margin config option (#​5197) @​sidharthv96
• feat #​5042: Add flowchart.maxEdges config. (#​5086) @​sidharthv96

🐛 Bug Fixes

• Bug/#​4497 Unable to Cherry Pick Merge Commit Solved (#​4944) @​RounakJoshi09
• Bug/4912 GitGraph routing and colouring for merges and cherry-picks (#​4927) @​guypursey
• Fix - static class attributes are not rendered underlined (#​5013) @​SteffenLm
• Revert "fix: render the participants in same order as they are created" (#​5198) @​sidharthv96
• bug/#​3251_linkStyle-can't-specify-ids Fixed (#​4934) @​RounakJoshi09
• fix(tooltip): remove redundant scroll offset (#​4958) @​csholmq
• fix/1294_exhaustive-clear-sequenceDb-variables (#​4941) @​rflban
• fix: #​5100 Add viewbox to sankey (#​5102) @​sidharthv96
• fix: Adjust piechart viewbox for mobile devices with small width (#​4288) @​iwestlin
• fix: clean comments in text in getDiagramFromText API so flowchart works well (#​5076) @​ad1992
• fix: flowchart image without text (#​5063) @​bonyuta0204

🧰 Maintenance

• Use release-drafter/release-drafter GitHub Action to label our PRs (#​4868) @​aloisklink
• build: use tsx instead of ts-node-esm (#​5104) @​aloisklink
• tests: update #registerExternalDiagrams testTimeout from 5 seconds to 20 seconds (#​5055) @​omer-priel

📚 Documentation

• Docs: update Getting Started page (#​5112) @​huynhicode
• Docs: update Latest News section (#​5107) @​huynhicode
• Docs: update latest news (#​4959) @​huynhicode
• Update XYChart's nav link in the docs template (#​5014) @​Abrifq
• feat: Track outbound links in docs site. (#​5116) @​sidharthv96

🎉 Thanks to all contributors helping with this release! 🎉

v10.6.1: 10.6.1

Compare Source

What's Changed

Bugfixes

• fix(flow): fix invalid ellipseText regex (#​5016) @​aloisklink
  • This was causing freezes in flowcharts that had a ( char in ellipse nodes

Documentation

• Docs: add Docusaurus to "Integrations - Community" page (#​4975) @​huynhicode
• Fix typo in build-docs.yml (#​4991) @​sadikkuzu
• Update README.md (#​4979) @​karthxk07
• docs: Add NotesHub to integrations-community page (#​4994) @​alex-titarenko

Chores

• chore(deps): update all minor dependencies (minor) (#​4997) @​renovate
• chore(deps): update all patch dependencies (patch) (#​4976) @​renovate

🎉 Thanks to all contributors helping with this release! 🎉

v10.6.0: 10.6.0

Compare Source

What's Changed

• Add new chart xychart by @​subhash-halder in #​4413

Fix

• bug/4849_center_axis_labels by @​dreathed in #​4860
• Better handling of large flowcharts and long edges @​knsv

Docs

• Add new Atlassian integrations by @​janjonas in #​4862
• docs: fix typo by @​dennis0324 in #​4887
• Update notes on orientation in GitGraph documentation by @​guypursey in #​4897
• Enhancment: twitter logo in doc by @​chaursiyasanjeet in #​4925
• Update link for the Mermaid integration in JetBrains IDEs by @​FirstTimeInForever in #​4883

Chores

• Wait for marker_unique_id.html E2E test to render before taking a screenshot by @​aloi
  sklink in #​4847
• Wait for theme-directives.html E2E test to render before taking a screenshot by @​aloisklink in #​4846
• chore(deps): update all patch dependencies (patch) by @​renovate in #​4851
• chore(dev-deps): update @typescript-eslint/* plugins to v6 (major) by @​aloisklink in #​4857
• chore: shorten flow-huge.spec.js test case using .repeat by @​Yokozuna59 in #​4859
• Publish Live Editor previews for the develop & next branches by @​sidharthv96 in #​4841
• chore(deps): update all minor dependencies (minor) by @​renovate in #​4870
• chore(deps): update all patch dependencies (patch) by @​renovate in #​4869
• Commented out broken test by @​nirname in #​4913
• chore(deps): update all patch dependencies (patch) by @​renovate in #​4891
• fix(class): avoid duplicate definition of fill by @​Mister-Hope in #​4929
• chore(deps): update all minor dependencies (minor) by @​renovate in #​4892
• making consitent config imports from diagramAPI by @​dreathed in #​4889
• fix(typos): Fix minor typos in the source code by @​mribeirodantas in #​4928
• chore(deps): update all patch dependencies (patch) by @​renovate in #​4945
• Bump @​babel/traverse from 7.22.10 to 7.23.2 by @​dependabot in #​4951
• Replace rehype-mermaidjs with rehype-mermaid by @​remcohaszing in #​4970

New Contributors

• @​dreathed made their first contribution in #​4860
• @​janjonas made their first contribution in #​4862
• @​dennis0324 made their first contribution in #​4887
• @​FirstTimeInForever made their first contribution in #​4883
• @​guypursey made their first contribution in #​4897
• @​chaursiyasanjeet made their first contribution in #​4925
• @​mribeirodantas made their first contribution in #​4928

Full Changelog: mermaid-js/mermaid@v10.5.1...v10.6.0

v10.5.1

Compare Source

What's Changed

• Fix: Fix for subgraphs when using flowchart-elk by @​knsv
• Docs: update Latest News section by @​huynhicode in #​4822
• Docs: update Ecosystem section by @​huynhicode in #​4817
• Docs: update Latest News section (Git Graph blog post) by @​huynhicode in #​4871
• Docs: Add Product Hunt info by @​huynhicode in #​4900
• Revert PH changes by @​sidharthv96 in #​4903

Full Changelog: mermaid-js/mermaid@v10.5.0...v10.5.1

---

Configuration

📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[safedep]

SafeDep Report Summary

Package Details

Package	Malware	Vulnerability	Risky License	Report
call-bind @ 1.0.8 pnpm-lock.yaml				🔗
commander @ 8.3.0 pnpm-lock.yaml				🔗
cytoscape @ 3.33.2 pnpm-lock.yaml				🔗
debug @ 4.4.3 pnpm-lock.yaml				🔗
elkjs @ 0.9.3 pnpm-lock.yaml				🔗
is-string @ 1.1.1 pnpm-lock.yaml				🔗
katex @ 0.16.45 pnpm-lock.yaml				🔗
mermaid @ 10.9.3 pnpm-lock.yaml				🔗

View complete scan results →

_{This report is generated by SafeDep Github App}

[github-actions]

📦 Next.js Bundle Analysis for mx-kami

This analysis was generated by the Next.js Bundle Analysis action. 🤖

⚠️ Global Bundle Size Increased

Page	Size (compressed)
global	220.43 KB (🟡 +73 B)

Details

The global bundle is the javascript bundle that loads alongside every page. It is in its own category because its impact is much higher - an increase to its size means that every page on your website loads slower, and a decrease means every page loads faster.

Any third party scripts you have added directly to your app using the <script> tag are not accounted for in this analysis

If you want further insight into what is behind the changes, give @next/bundle-analyzer a try!

Seven Pages Changed Size

The following pages changed size from the code in this PR compared to its base branch:

Page	Size (compressed)	First Load	% of Budget (350 KB)
/[locale]/[page]	51.03 KB	271.46 KB	77.56% (+/- <0.01%)
/[locale]/friends	55.81 KB	276.25 KB	78.93% (+/- <0.01%)
/[locale]/notes/[id]	74.03 KB	294.46 KB	84.13% (+/- <0.01%)
/[locale]/posts/[category]/[slug]	78.46 KB	298.9 KB	85.40% (+/- <0.01%)
/[locale]/preview	54.91 KB	275.34 KB	78.67% (+/- <0.01%)
/[locale]/projects/[id]	50.17 KB	270.6 KB	77.32% (+/- <0.01%)
/[locale]/recently	95.53 KB	315.97 KB	90.28% (+/- <0.01%)

Details

Only the gzipped size is provided here based on an expert tip.

First Load is the size of the global bundle plus the bundle for the individual page. If a user were to show up to your website and land on a given page, the first load size represents the amount of javascript that user would need to download. If next/link is used, subsequent page loads would only need to download that page's bundle (the number in the "Size" column), since the global bundle has already been downloaded.

Any third party scripts you have added directly to your app using the <script> tag are not accounted for in this analysis

The "Budget %" column shows what percentage of your performance budget the First Load total takes up. For example, if your budget was 100kb, and a given page's first load size was 10kb, it would be 10% of your budget. You can also see how much this has increased or decreased compared to the base branch of your PR. If this percentage has increased by 20% or more, there will be a red status indicator applied, indicating that special attention should be given to this. If you see "+/- <0.01%" it means that there was a change in bundle size, but it is a trivial enough amount that it can be ignored.