Closed MgenGlder closed 1 year ago
Hello, I'm checking to see if there is an update on when this fix will be released? Thanks!
@weedySeaDragon Hey! 👋🏾 Is there any possibility this could get looked at? I would also love to take this on myself but I would need permissions to release to npm.
@MgenGlder I'm just a contributor & don't have any input or control about releases. But @knsv certainly does :-) (and maybe @aloisklink and @sidharthv96 can help)
But @knsv certainly does :-) (and maybe @aloisklink and @sidharthv96 can help)
I also can't control releases, unfortunately.
@sidharthv96 did mention a couple days ago that a new release should be coming soon, but maybe there was some bugs encountered during testing. See https://mermaid-talk.slack.com/archives/CL1LQC1QU/p1669962476721549?thread_ts=1669930601.500959&cid=CL1LQC1QU
If bugs are blocking a new release, though, somebody with release permissions could just cherry-pick commit https://github.com/mermaid-js/mermaid/pull/3809/commits/fd76e0e27095997c2ac21902c0629cd6600e30d9 onto the v9.2.2
tag to make a v9.2.3
release. In that case, the v9.2.3
would be missing a bunch of other features/bug-fixes, but at least it would have this security issue fixed.
Edit: You could try using the 9.3.0-rc.6 pre-release on NPM, but as it's a release candidate, there's a good chance that there are still some bugs there that haven't been squashed.
Yes, a bug with dagre-d3-es was holding up the release. https://github.com/mermaid-js/mermaid-live-editor/pull/1119
That issue has been resolved. New release coming in few hours after a final round of testing (if we don't find some other bugs).
Meanwhile, can you try if 9.3.0-rc.7 resolves your problem and also works as expected?
This is awesome! Thank you everyone (and @MgenGlder for driving!)
Agreed, definitely a community effort here! And many thanks to @sidharthv96 for taking this home.
Description
Hello 👋🏾
Is it possible to release a patch that includes only the security vulnerability updates? In particular, was interested in the recent
dagre-d3
updates by @aloisklink that gets rid of a critical vulnerability. This would help out those of us that use these in public enterprise-grade applications where security is a big concern.Thanks!
Steps to reproduce
Screenshots
No response
Code Sample
No response
Setup
No response
Additional Context
No response