fix(deps): update dependency katex to v0.16.21 [security] #6424

renovate · 2025-01-17T22:38:54Z

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence
katex (source)	`0.16.10` -> `0.16.21`

GitHub Vulnerability Alerts

CVE-2025-23207

Impact

KaTeX users who render untrusted mathematical expressions with renderToString could encounter malicious input using \htmlData that runs arbitrary JavaScript, or generate invalid HTML.

Patches

Upgrade to KaTeX v0.16.21 to remove this vulnerability.

Workarounds

Avoid use of or turn off the trust option, or set it to forbid \htmlData commands.
Forbid inputs containing the substring "\\htmlData".
Sanitize HTML output from KaTeX.

Details

\htmlData did not validate its attribute name argument, allowing it to generate invalid or malicious HTML that runs scripts.

For more information

If you have any questions or comments about this advisory:

Open an issue or security advisory in the KaTeX repository
Email us at [email protected]

Release Notes

KaTeX/KaTeX (katex)

`v0.16.21`

Compare Source

Bug Fixes

escape \htmlData attribute name (57914ad)

`v0.16.20`

Compare Source

Bug Fixes

\providecommand does not overwrite existing macro (#4000) (6d30fe4), closes #3928

`v0.16.19`

Compare Source

Bug Fixes

types: improve strict function type (#4009) (4228b4e)

`v0.16.18`

Compare Source

Bug Fixes

Actually publish TypeScript type definitions (#4008) (629b873)

`v0.16.17`

Compare Source

Bug Fixes

MathML combines multidigit numbers with sup/subscript, comma separators, and multicharacter text when outputting to DOM (#3999) (7d79e22), closes #3995

`v0.16.16`

Compare Source

Features

ESM exports, TypeScript types (#3992) (ea9c173)

`v0.16.15`

Compare Source

Features

italic sans-serif in math mode via \mathsfit command (#3998) (2218901)

`v0.16.14`

Compare Source

Features

\dddot and \ddddot support (#3834) (bda35cd), closes #2744

`v0.16.13`

Compare Source

Bug Fixes

\vdots and \rule support in text mode (#3997) (0e08352), closes #3990

`v0.16.12`

Compare Source

Features

css: configurable margin for display math (#3638) (3405001)

`v0.16.11`

Compare Source

Features

add \emph (#3963) (9f34da4), closes #3566

Configuration

📅 Schedule: Branch creation - "" in timezone Europe/Paris, Automerge - At any time (no schedule defined).

🚦 Automerge: Enabled.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

socket-security · 2025-01-17T22:42:54Z

All alerts resolved. Learn more about Socket for GitHub.

This PR previously contained dependency changes with security issues that have been resolved, removed, or ignored.

View full report

renovate bot added the dependencies Pull requests that update a dependency file label Jan 17, 2025

renovate bot enabled auto-merge (squash) January 17, 2025 22:38

renovate bot had a problem deploying to review January 17, 2025 22:38 Error

renovate bot force-pushed the renovate/npm-katex-vulnerability branch from d13ce3a to 7fdb247 Compare January 20, 2025 14:54

renovate bot had a problem deploying to review January 20, 2025 14:55 Error

carolineBda approved these changes Jan 21, 2025

View reviewed changes

renovate bot force-pushed the renovate/npm-katex-vulnerability branch from 7fdb247 to 0937b7f Compare January 21, 2025 10:20

renovate bot had a problem deploying to review January 21, 2025 10:20 Error

renovate bot force-pushed the renovate/npm-katex-vulnerability branch from 0937b7f to fbca246 Compare January 21, 2025 12:08

renovate bot had a problem deploying to review January 21, 2025 12:08 Error

renovate bot force-pushed the renovate/npm-katex-vulnerability branch from fbca246 to 7e722d8 Compare January 21, 2025 12:19

renovate bot had a problem deploying to review January 21, 2025 12:20 Error

renovate bot force-pushed the renovate/npm-katex-vulnerability branch from 7e722d8 to 0ee6aef Compare January 21, 2025 13:36

renovate bot had a problem deploying to review January 21, 2025 13:36 Error

renovate bot force-pushed the renovate/npm-katex-vulnerability branch from 0ee6aef to 642f79c Compare January 23, 2025 09:05

renovate bot had a problem deploying to review January 23, 2025 09:05 Error

renovate bot force-pushed the renovate/npm-katex-vulnerability branch from 642f79c to 51e50e3 Compare January 23, 2025 10:35

renovate bot had a problem deploying to review January 23, 2025 10:36 Error

renovate bot force-pushed the renovate/npm-katex-vulnerability branch from 51e50e3 to dec89a3 Compare January 28, 2025 10:39

renovate bot had a problem deploying to review January 28, 2025 10:39 Error

renovate bot force-pushed the renovate/npm-katex-vulnerability branch from dec89a3 to 0215f0f Compare January 28, 2025 16:02

renovate bot had a problem deploying to review January 28, 2025 16:02 Error

renovate bot force-pushed the renovate/npm-katex-vulnerability branch from 0215f0f to 016eb3f Compare January 30, 2025 16:54

renovate bot had a problem deploying to review January 30, 2025 16:54 Error

renovate bot force-pushed the renovate/npm-katex-vulnerability branch from 016eb3f to 7e9757e Compare February 3, 2025 10:55

renovate bot had a problem deploying to review February 3, 2025 10:55 Error

renovate bot force-pushed the renovate/npm-katex-vulnerability branch from 7e9757e to 14833bc Compare February 4, 2025 14:02

renovate bot had a problem deploying to review February 4, 2025 14:02 Error

renovate bot force-pushed the renovate/npm-katex-vulnerability branch from 14833bc to 1c32a99 Compare February 4, 2025 14:29

renovate bot had a problem deploying to review March 31, 2025 08:58 Error

renovate bot force-pushed the renovate/npm-katex-vulnerability branch from 8f63979 to 7fc666a Compare April 4, 2025 09:55

renovate bot had a problem deploying to review April 4, 2025 09:55 Error

renovate bot force-pushed the renovate/npm-katex-vulnerability branch from 7fc666a to 682818f Compare April 4, 2025 12:25

renovate bot requested a deployment to review April 4, 2025 12:25 Waiting

renovate bot force-pushed the renovate/npm-katex-vulnerability branch from 682818f to 367a3dc Compare April 17, 2025 11:31

renovate bot had a problem deploying to review April 17, 2025 11:31 Error

renovate bot force-pushed the renovate/npm-katex-vulnerability branch from 367a3dc to 5f15cfd Compare April 17, 2025 13:20

renovate bot had a problem deploying to review April 17, 2025 13:20 Error

renovate bot force-pushed the renovate/npm-katex-vulnerability branch from 5f15cfd to df03fb7 Compare April 18, 2025 14:11

renovate bot had a problem deploying to review April 18, 2025 14:11 Error

renovate bot force-pushed the renovate/npm-katex-vulnerability branch from df03fb7 to a709c32 Compare April 22, 2025 08:31

renovate bot had a problem deploying to review April 22, 2025 08:31 Error

renovate bot force-pushed the renovate/npm-katex-vulnerability branch from a709c32 to 3b80107 Compare April 22, 2025 09:07

renovate bot had a problem deploying to review April 22, 2025 09:07 Error

renovate bot force-pushed the renovate/npm-katex-vulnerability branch from 3b80107 to de000d6 Compare April 24, 2025 08:36

renovate bot had a problem deploying to review April 24, 2025 08:36 Error

renovate bot force-pushed the renovate/npm-katex-vulnerability branch from de000d6 to bf50aa7 Compare April 24, 2025 14:17

renovate bot had a problem deploying to review April 24, 2025 14:17 Error

renovate bot force-pushed the renovate/npm-katex-vulnerability branch from bf50aa7 to 602a7b4 Compare April 24, 2025 15:18

renovate bot had a problem deploying to review April 24, 2025 15:18 Error

renovate bot force-pushed the renovate/npm-katex-vulnerability branch from 602a7b4 to f62601d Compare April 24, 2025 19:58

renovate bot had a problem deploying to review April 24, 2025 19:58 Error

renovate bot force-pushed the renovate/npm-katex-vulnerability branch from f62601d to 4450590 Compare April 25, 2025 10:04

renovate bot had a problem deploying to review April 25, 2025 10:04 Error

renovate bot force-pushed the renovate/npm-katex-vulnerability branch from 4450590 to 12c6e6e Compare April 30, 2025 08:29

renovate bot had a problem deploying to review April 30, 2025 08:29 Error

fix(deps): update dependency katex to v0.16.21 [security]

9ff4830

renovate bot force-pushed the renovate/npm-katex-vulnerability branch from 12c6e6e to 9ff4830 Compare April 30, 2025 09:39

renovate bot requested a deployment to review April 30, 2025 09:39 Waiting

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

fix(deps): update dependency katex to v0.16.21 [security] #6424

fix(deps): update dependency katex to v0.16.21 [security] #6424

renovate bot commented Jan 17, 2025

socket-security bot commented Jan 17, 2025 •

edited

Loading

fix(deps): update dependency katex to v0.16.21 [security] #6424

Are you sure you want to change the base?

fix(deps): update dependency katex to v0.16.21 [security] #6424

Conversation

renovate bot commented Jan 17, 2025

GitHub Vulnerability Alerts

Impact

Patches

Workarounds

Details

For more information

Release Notes

Bug Fixes

Bug Fixes

Bug Fixes

Bug Fixes

Bug Fixes

Features

Features

Features

Bug Fixes

Features

Features

Configuration

socket-security bot commented Jan 17, 2025 • edited Loading

socket-security bot commented Jan 17, 2025 •

edited

Loading