chore(deps): update dependency mermaid to v10.9.3 [security]

[renovate]

This PR contains the following updates:

Package	Change	Age	Confidence
mermaid	10.6.1 → 10.9.3

GitHub Vulnerability Alerts

GHSA-m4gq-x24j-jpmf

The following bundled files within the Mermaid NPM package contain a bundled version of DOMPurify that is vulnerable to GHSA-mmhx-hmjr-r674, potentially resulting in an XSS attack.

This affects the built:

• dist/mermaid.min.js
• dist/mermaid.js
• dist/mermaid.esm.mjs
• dist/mermaid.esm.min.mjs

This will also affect users that use the above files via a CDN link, e.g. https://cdn.jsdelivr.net/npm/[email protected]/dist/mermaid.min.js

Users that use the default NPM export of mermaid, e.g. import mermaid from 'mermaid', or the dist/mermaid.core.mjs file, do not use this bundled version of DOMPurify, and can easily update using their package manager with something like npm audit fix.

Patches

• develop branch: 6c785c93166c151d27d328ddf68a13d9d65adc00
• backport to v10: 92a07ffe40aab2769dd1c3431b4eb5beac282b34

---

Release Notes

mermaid-js/mermaid (mermaid)

v10.9.3

Compare Source

Updates the bundled version of dependencies in the following files:

• dist/mermaid.min.js
• dist/mermaid.js
• dist/mermaid.esm.mjs
• dist/mermaid.esm.min.mjs

If you are not using these files (e.g. you are using the default NPM export of mermaid, e.g. import mermaid from 'mermaid', or you are using dist/mermaid.core.mjs), this release is identical to v10.9.2.

This is to avoid potential security issues in KaTeX and DOMPurify, see:

• GHSA-mmhx-hmjr-r674
• GHSA-64fm-8hw2-v72w
• GHSA-cvr6-37gx-v8wc
• GHSA-f98w-7cxr-ff2h
• GHSA-3wc5-fcw2-2329

These dependencies have already been updated in v11.0.0.

Changelog

Chore

• Updates the bundled version of KaTeX to 0.16.11 (2bedd0e)
• Updates the bundled version of DOMPurify to 3.1.6 (92a07ff)

Full Changelog: mermaid-js/mermaid@v10.9.2...v10.9.3

v10.9.2

Compare Source

This release back-ports #​5914 to the v10 release line to fix #​5904 (an incompatibility between mermaid and DOMPurify v3.1.7)

Patch Changes

• #​5914 402abdf [10] fix: ban version v3.1.7 of DOMPurify

Full Changelog: mermaid-js/mermaid@v10.9.1...v10.9.2

v10.9.1

Compare Source

What's Changed

BugFixes

• Cleaning of labels in Block diagram by @​knsv

Docs

• docs(integrations): update link to Mermaid app for Slack by @​JackuB in #​5370
• Update new diagram doc to reflect focus on Langium by @​sidharthv96 in #​5372
• feat: Make the examples interactive in the documentation site by @​sidharthv96 in #​5376
• DOCS: add latest blog posts by @​huynhicode in #​5368
• DOCS: update Announcement bar link by @​huynhicode in #​5394
• DOCS: Add Press Release by @​huynhicode in #​5400
• DOCS: add Turing machine blog post by @​huynhicode in #​5425
• DOCS: update latest news by @​huynhicode in #​5455
• 📝🐛 fix schema link by @​dudeofawesome in #​5456
• DOCS: Add AI in Software Diagramming blog post by @​huynhicode in #​5492
• DOCS: update Mermaid Chart page by @​huynhicode in #​5495
• DOCS: Add blog post - Documentation Software by @​huynhicode in #​5519

New Contributors

• @​dudeofawesome made their first contribution in #​5456

Full Changelog: mermaid-js/mermaid@v10.9.0...v10.9.1

v10.9.0

Compare Source

Release Notes

We now have Katex support!

Demo

🚀 Features

• Bump @​zenuml/core and update render options in mermaid-zenuml (#​5257) @​dontry
• Implement "until" keyword in gantt charts (#​5224) @​fzag
• Integrated Katex typesetting into flowcharts (#​2885) @​NicolasNewman

🧰 Maintenance

• Add gitgraph parallel commits to docs (#​5336) @​NicolasCwy
• Update recommended Vitest extension (#​5322) @​NicolasCwy
• Correcting path to docker-entrypoint.sh (#​5327) @​bstordrup
• Fix chrome webstore url causing 404 (#​5352) @​Abrifq
• Fix color and arrow for merge commit (gitGraph) (#​5152) @​macherel
• Fix link to Contributors section in README (#​5298) @​BaumiCoder
• Fix macOS onboarding issues (#​5262) @​thedustin
• Fix netlify deploy (#​5332) @​sidharthv96
• Link to webhelp (#​5316) @​BaumiCoder
• Update contribute (#​5268) @​FutzMonitor
• Updates Timeline Documentation (#​5315) @​FutzMonitor
• [Docs] Updated chrome extension url's to new store (#​5297) @​Abrifq
• chore: Update CSpell configuration (#​5286) @​Jason3S
• feat: add name field to the actors (#​5284) @​ad1992
• fix typo cutomers => customers (#​5269) @​elgalu

📚 Documentation

• Add new extension to integrations (#​5287) @​BoDonkey
• Added link to Blazorade Mermaid to the community integrations page. (#​5333) @​MikaBerglund
• Replace version number placeholder (#​5304) @​BaumiCoder

🎉 Thanks to all contributors helping with this release! 🎉

v10.8.0

Compare Source

v10.8.0

Features

• Adding new diagram type - Block Diagram by @​knsv in #​5221

• Feature/5114 add parallel commit config by @​mathbraga in #​5161

• Changes to Gantt Parsers to allow hashes and semicolons to titles, sections, and task data. by @​FutzMonitor in #​5095

• Feature/4653 add actor-top class to sequence diagram by @​Ronid1 in #​5241

Documentation

• Updated gantt chart docs to show all config options by @​murdoa in #​5192
• Contribution documentation improvements by @​nirname in #​5132
• Update flowchart.md - how to use font-awesome #​5195 by @​arukiidou in #​5196
• Add more detailed docs for Gantt tasks by @​sorenisanerd in #​5194
• Docs/4974 reorder integration links by @​Ronid1 in #​5066
• docs: fix swimm link by @​Yokozuna59 in #​5219
• Update Slack community links to Discord by @​Olegt0rr in #​5225
• Docs: Mermaid chart updates by @​huynhicode in #​5232
• Fix typos in timeline syntax samples by @​sblom in #​5139

Bug fixes

• Bug/5059 fix external connection after updating edges by @​mathbraga in #​5127
• [Fix] Sequence diagram actor menu popup by @​vitorsss in #​5160
• fix: Dompurify Hooks by @​sidharthv96 in #​5236
• Accurate pie chart labeling for text alignment by @​JenningsWilliam in #​5141
• fix: Redirect of old URLs by @​sidharthv96 in #​5250
• Fixed Typo in ErrorRenderer.ts by @​FutzMonitor in #​5256

Chores

• Revert "Revert 5041 feature/4935 subgraph title margin config option" by @​mathbraga in #​5205
• build(deps-dev): bump follow-redirects from 1.15.2 to 1.15.5 by @​dependabot in #​5200
• chore(deps): update all patch dependencies (patch) by @​renovate in #​5150
• E2E Image comparison by @​sidharthv96 in #​5208
• E2E test by @​sidharthv96 in #​5210
• Optimise caching of test results by @​sidharthv96 in #​5213
• Update update-browserlist.yml to fix deprecation and action fails by @​Abrifq in #​5151
• UpdateCypress by @​sidharthv96 in #​5228
• Use node v20 by @​sidharthv96 in #​5248
• Convert Mindmap to TS by @​sidharthv96 in #​5247
• chore: Add interface naming Convention by @​sidharthv96 in #​5254

New Contributors

• @​murdoa made their first contribution in #​5192
• @​arukiidou made their first contribution in #​5196
• @​sorenisanerd made their first contribution in #​5194
• @​Ronid1 made their first contribution in #​5066
• @​Olegt0rr made their first contribution in #​5225
• @​vitorsss made their first contribution in #​5160
• @​sblom made their first contribution in #​5139
• @​JenningsWilliam made their first contribution in #​5141

Full Changelog: mermaid-js/mermaid@v10.7.0...v10.8.0

v10.7.0

Compare Source

Release Notes

• 3952 lexical ids (#​5028) @​jgreywolf
• Add new Atlassian integrations (#​5021) @​nashtechlabs
• Adds Unison programming language to community integrations list (#​5180) @​rlmark
• Bump GitHub workflow actions to latest versions (#​5026) @​deining
• Changes to .prettierignore (#​5109) @​FutzMonitor
• Chore: Typo fixed in multiple files (#​4947) @​SusheelThapa
• DOCS: update Flowchart page (#​5169) @​huynhicode
• DOCS: update announcement bar (#​5193) @​huynhicode
• Docs: Ecosystem section pages - verbiage updates (#​5124) @​huynhicode
• Docs: Update latest news (#​5147) @​huynhicode
• Docs: add Mermaid for Slack integration (#​4824) @​JackuB
• Docs: add latest blog post - JetBrains extension (#​5158) @​huynhicode
• Docs: update Latest News section (#​5048) @​huynhicode
• Documentation: clarify sentence (#​5025) @​deining
• Fix issue with generic class not rendering (#​5098) @​jgreywolf
• Holiday 2023 promo (#​5080) @​huynhicode
• Referenced the PmWiki's Cookbook recipe enabling MermaidJs schematics… (#​5085) @​d-faure
• Release/10.7.0 (#​5188) @​sidharthv96
• Update NiceGuy.io links in integrations-community.md (#​5120) @​Abrifq
• Update all minor dependencies (minor) (#​5047) @​renovate
• Update all patch dependencies (patch) (#​5046) @​renovate
• Update all patch dependencies (patch) (#​5033) @​renovate
• Update generics docs (#​5130) @​jgreywolf
• Update index.md (#​5012) @​StefonSimmons
• Update integrations-community.md (Add Codemia to the list of productivity tools using Mermaid) (#​5189) @​markqian
• Updated README with expandable table of content. (#​4961) @​claesgill
• add links to make it easier (#​4952) @​ajdamico
• bug: #​4905 change shiki theme to github-light (#​4924) @​raiman264
• build(deps-dev): bump vite from 4.4.9 to 4.4.12 (#​5115) @​dependabot
• chore(deps): update all minor dependencies (minor) (#​5172) @​renovate
• chore(deps): update all minor dependencies (minor) (#​5131) @​renovate
• chore(deps): update all minor dependencies (minor) (#​5099) @​renovate
• chore(deps): update all minor dependencies (minor) (#​5071) @​renovate
• chore(deps): update all patch dependencies (patch) (#​5070) @​renovate
• chore(deps): update all patch dependencies (patch) (#​5015) @​renovate
• docs: Update classDiagram.md (#​4973) @​SahilNagpure07
• docs: fixed typo (#​4893) @​0xflotus
• feat(gantt): update styles (#​4930) @​Mister-Hope
• fix: #​5064 Handle case when line has only one point (#​5065) @​sidharthv96
• fix: getMessageAPI so it considers entity codes (#​5002) @​ad1992
• fix: render the participants in same order as they are created (#​5017) @​ad1992
• fix: target blank removed from anchor tag (#​4933) @​REVERB283
• prevent-inherited-lineheights-on-edgeterminal-4083 (#​4915) @​Patronud

🚀 Features

• Added functionality to support style keyword (#​5111) @​jgreywolf
• Feature/4935 subgraph title margin config option (#​5041) @​mathbraga
• Revert 5041 feature/4935 subgraph title margin config option (#​5197) @​sidharthv96
• feat #​5042: Add flowchart.maxEdges config. (#​5086) @​sidharthv96

🐛 Bug Fixes

• Bug/#​4497 Unable to Cherry Pick Merge Commit Solved (#​4944) @​RounakJoshi09
• Bug/4912 GitGraph routing and colouring for merges and cherry-picks (#​4927) @​guypursey
• Fix - static class attributes are not rendered underlined (#​5013) @​SteffenLm
• Revert "fix: render the participants in same order as they are created" (#​5198) @​sidharthv96
• bug/#​3251_linkStyle-can't-specify-ids Fixed (#​4934) @​RounakJoshi09
• fix(tooltip): remove redundant scroll offset (#​4958) @​csholmq
• fix/1294_exhaustive-clear-sequenceDb-variables (#​4941) @​rflban
• fix: #​5100 Add viewbox to sankey (#​5102) @​sidharthv96
• fix: Adjust piechart viewbox for mobile devices with small width (#​4288) @​iwestlin
• fix: clean comments in text in getDiagramFromText API so flowchart works well (#​5076) @​ad1992
• fix: flowchart image without text (#​5063) @​bonyuta0204

🧰 Maintenance

• Use release-drafter/release-drafter GitHub Action to label our PRs (#​4868) @​aloisklink
• build: use tsx instead of ts-node-esm (#​5104) @​aloisklink
• tests: update #registerExternalDiagrams testTimeout from 5 seconds to 20 seconds (#​5055) @​omer-priel

📚 Documentation

• Docs: update Getting Started page (#​5112) @​huynhicode
• Docs: update Latest News section (#​5107) @​huynhicode
• Docs: update latest news (#​4959) @​huynhicode
• Update XYChart's nav link in the docs template (#​5014) @​Abrifq
• feat: Track outbound links in docs site. (#​5116) @​sidharthv96

🎉 Thanks to all contributors helping with this release! 🎉

---

Configuration

📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

1 Skipped Deployment

Project	Deployment	Review	Updated (UTC)
wiki	Ignored	Preview	Dec 31, 2025 3:09pm