fix: bump mermaid to ^11.15.0 to address 4 security advisories#33
fix: bump mermaid to ^11.15.0 to address 4 security advisories#33polvallverdu wants to merge 1 commit into
Conversation
Fixes GHSA-ghcm-xqfw-q4vr, GHSA-xcj9-5m2h-648r, GHSA-87f9-hvmw-gh4p, GHSA-6m6c-36f7-fhxh — all resolved in mermaid >= 11.15.0.
|
No actionable comments were generated in the recent review. 🎉 ℹ️ Recent review info⚙️ Run configurationConfiguration used: defaults Review profile: CHILL Plan: Pro Run ID: ⛔ Files ignored due to path filters (1)
📒 Files selected for processing (1)
📝 WalkthroughWalkthroughThe ChangesMermaid Dependency Bump
Estimated code review effort🎯 1 (Trivial) | ⏱️ ~2 minutes Poem
🚥 Pre-merge checks | ✅ 5✅ Passed checks (5 passed)
✏️ Tip: You can configure your own custom pre-merge checks in the settings. ✨ Finishing Touches🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
Closes #32
What
Bumps the
mermaiddependency lower bound from^11.11.0to^11.15.0, which resolves four moderate-severity security advisories:classDefin state diagrams → HTML injectionclassDefs→ CSS injectionAll four are patched in mermaid ≥ 11.15.0. The lockfile has been updated accordingly.
Why this matters
Because
mermaidis shipped as a direct (non-peer) dependency, downstream consumers inherit the vulnerability and cannot easily override it. Runningpnpm auditin any project that depends onsvelte-streamdowncurrently surfaces all four advisories.Summary by CodeRabbit