chore(deps): update dependency mermaid to v10.9.3 [security]

[renovate]

This PR contains the following updates:

Package	Change	Age	Confidence
mermaid	10.4.0 -> 10.9.3

GitHub Vulnerability Alerts

GHSA-m4gq-x24j-jpmf

The following bundled files within the Mermaid NPM package contain a bundled version of DOMPurify that is vulnerable to GHSA-mmhx-hmjr-r674, potentially resulting in an XSS attack.

This affects the built:

• dist/mermaid.min.js
• dist/mermaid.js
• dist/mermaid.esm.mjs
• dist/mermaid.esm.min.mjs

This will also affect users that use the above files via a CDN link, e.g. https://cdn.jsdelivr.net/npm/[email protected]/dist/mermaid.min.js

Users that use the default NPM export of mermaid, e.g. import mermaid from 'mermaid', or the dist/mermaid.core.mjs file, do not use this bundled version of DOMPurify, and can easily update using their package manager with something like npm audit fix.

Patches

• develop branch: 6c785c93166c151d27d328ddf68a13d9d65adc00
• backport to v10: 92a07ffe40aab2769dd1c3431b4eb5beac282b34

---

Release Notes

mermaid-js/mermaid (mermaid)

v10.9.3

Compare Source

Updates the bundled version of dependencies in the following files:

• dist/mermaid.min.js
• dist/mermaid.js
• dist/mermaid.esm.mjs
• dist/mermaid.esm.min.mjs

If you are not using these files (e.g. you are using the default NPM export of mermaid, e.g. import mermaid from 'mermaid', or you are using dist/mermaid.core.mjs), this release is identical to v10.9.2.

This is to avoid potential security issues in KaTeX and DOMPurify, see:

• GHSA-mmhx-hmjr-r674
• GHSA-64fm-8hw2-v72w
• GHSA-cvr6-37gx-v8wc
• GHSA-f98w-7cxr-ff2h
• GHSA-3wc5-fcw2-2329

These dependencies have already been updated in v11.0.0.

Changelog

Chore

• Updates the bundled version of KaTeX to 0.16.11 (2bedd0e)
• Updates the bundled version of DOMPurify to 3.1.6 (92a07ff)

Full Changelog: mermaid-js/mermaid@v10.9.2...v10.9.3

v10.9.2

Compare Source

This release back-ports #​5914 to the v10 release line to fix #​5904 (an incompatibility between mermaid and DOMPurify v3.1.7)

Patch Changes

• #​5914 402abdf [10] fix: ban version v3.1.7 of DOMPurify

Full Changelog: mermaid-js/mermaid@v10.9.1...v10.9.2

v10.9.1

Compare Source

What's Changed

BugFixes

• Cleaning of labels in Block diagram by @​knsv

Docs

• docs(integrations): update link to Mermaid app for Slack by @​JackuB in #​5370
• Update new diagram doc to reflect focus on Langium by @​sidharthv96 in #​5372
• feat: Make the examples interactive in the documentation site by @​sidharthv96 in #​5376
• DOCS: add latest blog posts by @​huynhicode in #​5368
• DOCS: update Announcement bar link by @​huynhicode in #​5394
• DOCS: Add Press Release by @​huynhicode in #​5400
• DOCS: add Turing machine blog post by @​huynhicode in #​5425
• DOCS: update latest news by @​huynhicode in #​5455
• 📝🐛 fix schema link by @​dudeofawesome in #​5456
• DOCS: Add AI in Software Diagramming blog post by @​huynhicode in #​5492
• DOCS: update Mermaid Chart page by @​huynhicode in #​5495
• DOCS: Add blog post - Documentation Software by @​huynhicode in #​5519

New Contributors

• @​dudeofawesome made their first contribution in #​5456

Full Changelog: mermaid-js/mermaid@v10.9.0...v10.9.1

v10.9.0

Compare Source

Release Notes

We now have Katex support!

Demo

🚀 Features

• Bump @​zenuml/core and update render options in mermaid-zenuml (#​5257) @​dontry
• Implement "until" keyword in gantt charts (#​5224) @​fzag
• Integrated Katex typesetting into flowcharts (#​2885) @​NicolasNewman

🧰 Maintenance

• Add gitgraph parallel commits to docs (#​5336) @​NicolasCwy
• Update recommended Vitest extension (#​5322) @​NicolasCwy
• Correcting path to docker-entrypoint.sh (#​5327) @​bstordrup
• Fix chrome webstore url causing 404 (#​5352) @​Abrifq
• Fix color and arrow for merge commit (gitGraph) (#​5152) @​macherel
• Fix link to Contributors section in README (#​5298) @​BaumiCoder
• Fix macOS onboarding issues (#​5262) @​thedustin
• Fix netlify deploy (#​5332) @​sidharthv96
• Link to webhelp (#​5316) @​BaumiCoder
• Update contribute (#​5268) @​FutzMonitor
• Updates Timeline Documentation (#​5315) @​FutzMonitor
• [Docs] Updated chrome extension url's to new store (#​5297) @​Abrifq
• chore: Update CSpell configuration (#​5286) @​Jason3S
• feat: add name field to the actors (#​5284) @​ad1992
• fix typo cutomers => customers (#​5269) @​elgalu

📚 Documentation

• Add new extension to integrations (#​5287) @​BoDonkey
• Added link to Blazorade Mermaid to the community integrations page. (#​5333) @​MikaBerglund
• Replace version number placeholder (#​5304) @​BaumiCoder

🎉 Thanks to all contributors helping with this release! 🎉

v10.8.0

Compare Source

v10.8.0

Features

• Adding new diagram type - Block Diagram by @​knsv in #​5221

• Feature/5114 add parallel commit config by @​mathbraga in #​5161

• Changes to Gantt Parsers to allow hashes and semicolons to titles, sections, and task data. by @​FutzMonitor in #​5095

• Feature/4653 add actor-top class to sequence diagram by @​Ronid1 in #​5241

Documentation

• Updated gantt chart docs to show all config options by @​murdoa in #​5192
• Contribution documentation improvements by @​nirname in #​5132
• Update flowchart.md - how to use font-awesome #​5195 by @​arukiidou in #​5196
• Add more detailed docs for Gantt tasks by @​sorenisanerd in #​5194
• Docs/4974 reorder integration links by @​Ronid1 in #​5066
• docs: fix swimm link by @​Yokozuna59 in #​5219
• Update Slack community links to Discord by @​Olegt0rr in #​5225
• Docs: Mermaid chart updates by @​huynhicode in #​5232
• Fix typos in timeline syntax samples by @​sblom in #​5139

Bug fixes

• Bug/5059 fix external connection after updating edges by @​mathbraga in #​5127
• [Fix] Sequence diagram actor menu popup by @​vitorsss in #​5160
• fix: Dompurify Hooks by @​sidharthv96 in #​5236
• Accurate pie chart labeling for text alignment by @​JenningsWilliam in #​5141
• fix: Redirect of old URLs by @​sidharthv96 in #​5250
• Fixed Typo in ErrorRenderer.ts by @​FutzMonitor in #​5256

Chores

• Revert "Revert 5041 feature/4935 subgraph title margin config option" by @​mathbraga in #​5205
• build(deps-dev): bump follow-redirects from 1.15.2 to 1.15.5 by @​dependabot in #​5200
• chore(deps): update all patch dependencies (patch) by @​renovate in #​5150
• E2E Image comparison by @​sidharthv96 in #​5208
• E2E test by @​sidharthv96 in #​5210
• Optimise caching of test results by @​sidharthv96 in #​5213
• Update update-browserlist.yml to fix deprecation and action fails by @​Abrifq in #​5151
• UpdateCypress by @​sidharthv96 in #​5228
• Use node v20 by @​sidharthv96 in #​5248
• Convert Mindmap to TS by @​sidharthv96 in #​5247
• chore: Add interface naming Convention by @​sidharthv96 in #​5254

New Contributors

• @​murdoa made their first contribution in #​5192
• @​arukiidou made their first contribution in #​5196
• @​sorenisanerd made their first contribution in #​5194
• @​Ronid1 made their first contribution in #​5066
• @​Olegt0rr made their first contribution in #​5225
• @​vitorsss made their first contribution in #​5160
• @​sblom made their first contribution in #​5139
• @​JenningsWilliam made their first contribution in #​5141

Full Changelog: mermaid-js/mermaid@v10.7.0...v10.8.0

v10.7.0

Compare Source

Release Notes

• 3952 lexical ids (#​5028) @​jgreywolf
• Add new Atlassian integrations (#​5021) @​nashtechlabs
• Adds Unison programming language to community integrations list (#​5180) @​rlmark
• Bump GitHub workflow actions to latest versions (#​5026) @​deining
• Changes to .prettierignore (#​5109) @​FutzMonitor
• Chore: Typo fixed in multiple files (#​4947) @​SusheelThapa
• DOCS: update Flowchart page (#​5169) @​huynhicode
• DOCS: update announcement bar (#​5193) @​huynhicode
• Docs: Ecosystem section pages - verbiage updates (#​5124) @​huynhicode
• Docs: Update latest news (#​5147) @​huynhicode
• Docs: add Mermaid for Slack integration (#​4824) @​JackuB
• Docs: add latest blog post - JetBrains extension (#​5158) @​huynhicode
• Docs: update Latest News section (#​5048) @​huynhicode
• Documentation: clarify sentence (#​5025) @​deining
• Fix issue with generic class not rendering (#​5098) @​jgreywolf
• Holiday 2023 promo (#​5080) @​huynhicode
• Referenced the PmWiki's Cookbook recipe enabling MermaidJs schematics… (#​5085) @​d-faure
• Release/10.7.0 (#​5188) @​sidharthv96
• Update NiceGuy.io links in integrations-community.md (#​5120) @​Abrifq
• Update all minor dependencies (minor) (#​5047) @​renovate
• Update all patch dependencies (patch) (#​5046) @​renovate
• Update all patch dependencies (patch) (#​5033) @​renovate
• Update generics docs (#​5130) @​jgreywolf
• Update index.md (#​5012) @​StefonSimmons
• Update integrations-community.md (Add Codemia to the list of productivity tools using Mermaid) (#​5189) @​markqian
• Updated README with expandable table of content. (#​4961) @​claesgill
• add links to make it easier (#​4952) @​ajdamico
• bug: #​4905 change shiki theme to github-light (#​4924) @​raiman264
• build(deps-dev): bump vite from 4.4.9 to 4.4.12 (#​5115) @​dependabot
• chore(deps): update all minor dependencies (minor) (#​5172) @​renovate
• chore(deps): update all minor dependencies (minor) (#​5131) @​renovate
• chore(deps): update all minor dependencies (minor) (#​5099) @​renovate
• chore(deps): update all minor dependencies (minor) (#​5071) @​renovate
• chore(deps): update all patch dependencies (patch) (#​5070) @​renovate
• chore(deps): update all patch dependencies (patch) (#​5015) @​renovate
• docs: Update classDiagram.md (#​4973) @​SahilNagpure07
• docs: fixed typo (#​4893) @​0xflotus
• feat(gantt): update styles (#​4930) @​Mister-Hope
• fix: #​5064 Handle case when line has only one point (#​5065) @​sidharthv96
• fix: getMessageAPI so it considers entity codes (#​5002) @​ad1992
• fix: render the participants in same order as they are created (#​5017) @​ad1992
• fix: target blank removed from anchor tag (#​4933) @​REVERB283
• prevent-inherited-lineheights-on-edgeterminal-4083 (#​4915) @​Patronud

🚀 Features

• Added functionality to support style keyword (#​5111) @​jgreywolf
• Feature/4935 subgraph title margin config option (#​5041) @​mathbraga
• Revert 5041 feature/4935 subgraph title margin config option (#​5197) @​sidharthv96
• feat #​5042: Add flowchart.maxEdges config. (#​5086) @​sidharthv96

🐛 Bug Fixes

• Bug/#​4497 Unable to Cherry Pick Merge Commit Solved (#​4944) @​RounakJoshi09
• Bug/4912 GitGraph routing and colouring for merges and cherry-picks (#​4927) @​guypursey
• Fix - static class attributes are not rendered underlined (#​5013) @​SteffenLm
• Revert "fix: render the participants in same order as they are created" (#​5198) @​sidharthv96
• bug/#​3251_linkStyle-can't-specify-ids Fixed (#​4934) @​RounakJoshi09
• fix(tooltip): remove redundant scroll offset (#​4958) @​csholmq
• fix/1294_exhaustive-clear-sequenceDb-variables (#​4941) @​rflban
• fix: #​5100 Add viewbox to sankey (#​5102) @​sidharthv96
• fix: Adjust piechart viewbox for mobile devices with small width (#​4288) @​iwestlin
• fix: clean comments in text in getDiagramFromText API so flowchart works well (#​5076) @​ad1992
• fix: flowchart image without text (#​5063) @​bonyuta0204

🧰 Maintenance

• Use release-drafter/release-drafter GitHub Action to label our PRs (#​4868) @​aloisklink
• build: use tsx instead of ts-node-esm (#​5104) @​aloisklink
• tests: update #registerExternalDiagrams testTimeout from 5 seconds to 20 seconds (#​5055) @​omer-priel

📚 Documentation

• Docs: update Getting Started page (#​5112) @​huynhicode
• Docs: update Latest News section (#​5107) @​huynhicode
• Docs: update latest news (#​4959) @​huynhicode
• Update XYChart's nav link in the docs template (#​5014) @​Abrifq
• feat: Track outbound links in docs site. (#​5116) @​sidharthv96

🎉 Thanks to all contributors helping with this release! 🎉

v10.6.1: 10.6.1

Compare Source

What's Changed

Bugfixes

• fix(flow): fix invalid ellipseText regex (#​5016) @​aloisklink
  • This was causing freezes in flowcharts that had a ( char in ellipse nodes

Documentation

• Docs: add Docusaurus to "Integrations - Community" page (#​4975) @​huynhicode
• Fix typo in build-docs.yml (#​4991) @​sadikkuzu
• Update README.md (#​4979) @​karthxk07
• docs: Add NotesHub to integrations-community page (#​4994) @​alex-titarenko

Chores

• chore(deps): update all minor dependencies (minor) (#​4997) @​renovate
• chore(deps): update all patch dependencies (patch) (#​4976) @​renovate

🎉 Thanks to all contributors helping with this release! 🎉

v10.6.0: 10.6.0

Compare Source

What's Changed

• Add new chart xychart by @​subhash-halder in #​4413

Fix

• bug/4849_center_axis_labels by @​dreathed in #​4860
• Better handling of large flowcharts and long edges @​knsv

Docs

• Add new Atlassian integrations by @​janjonas in #​4862
• docs: fix typo by @​dennis0324 in #​4887
• Update notes on orientation in GitGraph documentation by @​guypursey in #​4897
• Enhancment: twitter logo in doc by @​chaursiyasanjeet in #​4925
• Update link for the Mermaid integration in JetBrains IDEs by @​FirstTimeInForever in #​4883

Chores

• Wait for marker_unique_id.html E2E test to render before taking a screenshot by @​aloi
  sklink in #​4847
• Wait for theme-directives.html E2E test to render before taking a screenshot by @​aloisklink in #​4846
• chore(deps): update all patch dependencies (patch) by @​renovate in #​4851
• chore(dev-deps): update @typescript-eslint/* plugins to v6 (major) by @​aloisklink in #​4857
• chore: shorten flow-huge.spec.js test case using .repeat by @​Yokozuna59 in #​4859
• Publish Live Editor previews for the develop & next branches by @​sidharthv96 in #​4841
• chore(deps): update all minor dependencies (minor) by @​renovate in #​4870
• chore(deps): update all patch dependencies (patch) by @​renovate in #​4869
• Commented out broken test by @​nirname in #​4913
• chore(deps): update all patch dependencies (patch) by @​renovate in #​4891
• fix(class): avoid duplicate definition of fill by @​Mister-Hope in #​4929
• chore(deps): update all minor dependencies (minor) by @​renovate in #​4892
• making consitent config imports from diagramAPI by @​dreathed in #​4889
• fix(typos): Fix minor typos in the source code by @​mribeirodantas in #​4928
• chore(deps): update all patch dependencies (patch) by @​renovate in #​4945
• Bump @​babel/traverse from 7.22.10 to 7.23.2 by @​dependabot in #​4951
• Replace rehype-mermaidjs with rehype-mermaid by @​remcohaszing in #​4970

New Contributors

• @​dreathed made their first contribution in #​4860
• @​janjonas made their first contribution in #​4862
• @​dennis0324 made their first contribution in #​4887
• @​FirstTimeInForever made their first contribution in #​4883
• @​guypursey made their first contribution in #​4897
• @​chaursiyasanjeet made their first contribution in #​4925
• @​mribeirodantas made their first contribution in #​4928

Full Changelog: mermaid-js/mermaid@v10.5.1...v10.6.0

v10.5.1

Compare Source

What's Changed

• Fix: Fix for subgraphs when using flowchart-elk by @​knsv
• Docs: update Latest News section by @​huynhicode in #​4822
• Docs: update Ecosystem section by @​huynhicode in #​4817
• Docs: update Latest News section (Git Graph blog post) by @​huynhicode in #​4871
• Docs: Add Product Hunt info by @​huynhicode in #​4900
• Revert PH changes by @​sidharthv96 in #​4903

Full Changelog: mermaid-js/mermaid@v10.5.0...v10.5.1

v10.5.0: 10.5.0

Compare Source

What's Changed

Features

• feat(er): add entity name alias by @​tomperr in #​4758

Bugfixes

• Fix Twitter fontawesome class in flowchart.md by @​GingerNinjaNicko in #​4723
• fix(pie): align slices and legend orders by @​Yokozuna59 in #​4774
• Update class member handling by @​jgreywolf in #​4534
• fix(er): allow underscore as leading char by @​tomperr in #​4776
• Align arrows on sequence diagram by @​sidharthv96 in #​4804
• fix: Allow hollow markers on edges by @​sidharthv96 in #​4788
• fix: Fix for vulnerability making it possible to add javascript in class names by @​knsv

Documentation

• Docs/2910 Remove n00b and fix some docs by @​nirname in #​4767
• fix: typos by @​omahs in #​4801
• "CSS" instead of "css" in flowchart.md by @​jakeboone02 in #​4797
• fix(docs): Correct repeated text in flowchart.md by @​andriy-koz in #​4810
• Update link to Discourse theme component by @​gschlager in #​4811
• New Mermaid Live Editor for Confluence Cloud by @​zhifeiyue in #​4814
• Update classDiagram.md by @​jgreywolf in #​4781
• Support member definition to initialize class by @​sidharthv96 in #​4786
• fix: Add support for ~test Array~string~ back in Class by @​sidharthv96 in #​4805
• Added support for millisecond and second to gantt tickInterval by @​vertxxyz in #​4778
• Add directive support to all diagrams by preprocessing by @​sidharthv96 in #​4759
• Update README.md by @​jgreywolf in #​4780

Chores

• chore(deps): update all minor dependencies (minor) by @​renovate in #​4783
• chore(deps): update all patch dependencies (patch) by @​renovate in #​4782
• chore(deps): update all patch dependencies (patch) by @​renovate in #​4809
• chore: move commonDb into diagrams/common/commonDb by @​Yokozuna59 in #​4802
• Use utf8 encoding in Jupyter example by @​jonashaag in #​4701
• Update flowchart.md by @​Ogglas in #​4792
• Update flowchart.md by @​dsblank in #​4798
• Refactor cypress/helpers/util.ts by @​RohanHandore in #​4340
• refactor: Fix typings in utils.ts by @​sidharthv96 in #​4826
• Support ClassDefs in external diagrams by @​sidharthv96 in #​4819
• Fix: flowchartElk Arrow overlap by @​sidharthv96 in #​4830
• Give markers unique id's per graph by @​chadfawcett in #​4825

New Contributors

• @​GingerNinjaNicko made their first contribution in #​4723
• @​omahs made their first contribution in #​4801
• @​jakeboone02 made their first contribution in #​4797
• @​andriy-koz made their first contribution in #​4810
• @​gschlager made their first contribution in #​4811
• @​zhifeiyue made their first contribution in #​4814
• @​vertxxyz made their first contribution in #​4778
• @​jonashaag made their first contribution in #​4701
• @​Ogglas made their first contribution in #​4792
• @​dsblank made their first contribution in #​4798
• @​RohanHandore made their first contribution in #​4340
• @​chadfawcett made their first contribution in #​4825

Full Changelog: mermaid-js/mermaid@v10.4.0...v10.5.0

---

Configuration

📅 Schedule: Branch creation - "" in timezone America/Los_Angeles, Automerge - At any time (no schedule defined).

🚦 Automerge: Enabled.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[renovate]

⚠️ Artifact update problem

Renovate failed to update an artifact related to this branch. You probably do not want to merge this PR as-is.

♻ Renovate will retry this branch, including artifacts, only when one of the following happens:

• any of the package files in this branch needs updating, or
• the branch becomes conflicted, or
• you click the rebase/retry checkbox if found above, or
• you rename this PR's title to start with "rebase!" to trigger it manually

The artifact failure details are included below:

File name: package-lock.json

npm ERR! code ERESOLVE
npm ERR! ERESOLVE unable to resolve dependency tree
npm ERR! 
npm ERR! While resolving: [email protected]
npm ERR! Found: [email protected]
npm ERR! node_modules/react
npm ERR!   react@"17.0.2" from the root project
npm ERR!   peer react@"^16.14.0 || ^17 || ^18 || ^19" from @easyops-cn/[email protected]
npm ERR!   node_modules/@easyops-cn/docusaurus-search-local
npm ERR!     @easyops-cn/docusaurus-search-local@"^0.52.0" from the root project
npm ERR! 
npm ERR! Could not resolve dependency:
npm ERR! peer react@"^18.0.0 || ^19.0.0" from @docusaurus/[email protected]
npm ERR! node_modules/@docusaurus/plugin-content-docs
npm ERR!   @docusaurus/plugin-content-docs@"^2 || ^3" from @easyops-cn/[email protected]
npm ERR!   node_modules/@easyops-cn/docusaurus-search-local
npm ERR!     @easyops-cn/docusaurus-search-local@"^0.52.0" from the root project
npm ERR!   peer @docusaurus/plugin-content-docs@"*" from @docusaurus/[email protected]
npm ERR!   node_modules/@docusaurus/theme-common
npm ERR!     peer @docusaurus/theme-common@"^2 || ^3" from @easyops-cn/[email protected]
npm ERR!     node_modules/@easyops-cn/docusaurus-search-local
npm ERR!       @easyops-cn/docusaurus-search-local@"^0.52.0" from the root project
npm ERR!     1 more (@docusaurus/plugin-content-docs)
npm ERR! 
npm ERR! Fix the upstream dependency conflict, or retry
npm ERR! this command with --force, or --legacy-peer-deps
npm ERR! to accept an incorrect (and potentially broken) dependency resolution.
npm ERR! 
npm ERR! See /runner/cache/others/npm/eresolve-report.txt for a full report.

npm ERR! A complete log of this run can be found in:
npm ERR!     /runner/cache/others/npm/_logs/2025-11-08T15_32_20_674Z-debug-0.log