From 85ec96a72d06d45cf5d2b88af6ef0aca2d16c187 Mon Sep 17 00:00:00 2001 From: Alois Klink Date: Tue, 22 Oct 2024 17:32:05 +0900 Subject: [PATCH] chore: bump mermaid version to v10.9.3 Updates the bundled version of dependencies in the following files: - `dist/mermaid.min.js` - `dist/mermaid.js` - `dist/mermaid.esm.mjs` - `dist/mermaid.esm.min.mjs` **If you are not using these files (e.g. you are using the default NPM export of `mermaid`, e.g. `import mermaid from 'mermaid'`, or you are using `dist/mermaid.core.mjs`), this release is identical to v10.9.2.** This is to avoid potential security issues in KaTeX and DOMPurify, see: - https://github.com/cure53/DOMPurify/security/advisories/GHSA-mmhx-hmjr-r674 - https://github.com/advisories/GHSA-64fm-8hw2-v72w - https://github.com/advisories/GHSA-cvr6-37gx-v8wc - https://github.com/advisories/GHSA-f98w-7cxr-ff2h - https://github.com/advisories/GHSA-3wc5-fcw2-2329 These dependencies have already been updated in [v11.0.0](https://github.com/mermaid-js/mermaid/releases/tag/v11.0.0). Changelog ========= Chore ----- - Updates the bundled version of KaTeX to 0.16.11 (2bedd0ef87df92a9971ba3490a43d9c1f535e13e) - Updates the bundled version of DOMPurify to 3.1.6 (92a07ffe40aab2769dd1c3431b4eb5beac282b34) --- packages/mermaid/package.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/packages/mermaid/package.json b/packages/mermaid/package.json index fc3edf542e..c98c2cbb8e 100644 --- a/packages/mermaid/package.json +++ b/packages/mermaid/package.json @@ -1,6 +1,6 @@ { "name": "mermaid", - "version": "10.9.2", + "version": "10.9.3", "description": "Markdown-ish syntax for generating flowcharts, sequence diagrams, class diagrams, gantt charts and git graphs.", "type": "module", "module": "./dist/mermaid.core.mjs",