mirror of
https://github.com/mermaid-js/mermaid.git
synced 2025-10-10 01:29:49 +02:00
Compare commits
2 Commits
renovate/p
...
patch/dagr
| Author | SHA1 | Date | |
|---|---|---|---|
|
3feb4e5551 | ||
|
|
b945696721 |
2
.github/workflows/scorecard.yml
vendored
2
.github/workflows/scorecard.yml
vendored
@@ -20,7 +20,7 @@ jobs:
|
||||
with:
|
||||
persist-credentials: false
|
||||
- name: Run analysis
|
||||
uses: ossf/scorecard-action@4eaacf0543bb3f2c246792bd56e8cdeffafb205a # v2.4.3
|
||||
uses: ossf/scorecard-action@05b42c624433fc40578a4040d5cf5e36ddca8cde # v2.4.2
|
||||
with:
|
||||
results_file: results.sarif
|
||||
results_format: sarif
|
||||
|
||||
17
package.json
17
package.json
@@ -63,12 +63,12 @@
|
||||
]
|
||||
},
|
||||
"devDependencies": {
|
||||
"@applitools/eyes-cypress": "^3.55.4",
|
||||
"@applitools/eyes-cypress": "^3.55.2",
|
||||
"@argos-ci/cypress": "^6.1.3",
|
||||
"@changesets/changelog-github": "^0.5.1",
|
||||
"@changesets/cli": "^2.29.7",
|
||||
"@cspell/eslint-plugin": "^8.19.4",
|
||||
"@cypress/code-coverage": "^3.14.7",
|
||||
"@cypress/code-coverage": "^3.14.6",
|
||||
"@eslint/js": "^9.26.0",
|
||||
"@rollup/plugin-typescript": "^12.1.4",
|
||||
"@types/cors": "^2.8.19",
|
||||
@@ -77,7 +77,7 @@
|
||||
"@types/jsdom": "^21.1.7",
|
||||
"@types/lodash": "^4.17.20",
|
||||
"@types/mdast": "^4.0.4",
|
||||
"@types/node": "^22.18.9",
|
||||
"@types/node": "^22.18.6",
|
||||
"@types/rollup-plugin-visualizer": "^5.0.3",
|
||||
"@vitest/coverage-v8": "^3.2.4",
|
||||
"@vitest/spy": "^3.2.4",
|
||||
@@ -91,7 +91,7 @@
|
||||
"cspell": "^9.2.1",
|
||||
"cypress": "^14.5.4",
|
||||
"cypress-image-snapshot": "^4.0.1",
|
||||
"cypress-split": "^1.24.24",
|
||||
"cypress-split": "^1.24.23",
|
||||
"esbuild": "^0.25.10",
|
||||
"eslint": "^9.26.0",
|
||||
"eslint-config-prettier": "^10.1.8",
|
||||
@@ -121,13 +121,13 @@
|
||||
"prettier": "^3.6.2",
|
||||
"prettier-plugin-jsdoc": "^1.3.3",
|
||||
"rimraf": "^6.0.1",
|
||||
"rollup-plugin-visualizer": "^6.0.4",
|
||||
"rollup-plugin-visualizer": "^6.0.3",
|
||||
"start-server-and-test": "^2.1.2",
|
||||
"tslib": "^2.8.1",
|
||||
"tsx": "^4.20.6",
|
||||
"tsx": "^4.20.5",
|
||||
"typescript": "~5.7.3",
|
||||
"typescript-eslint": "^8.38.0",
|
||||
"vite": "^7.1.9",
|
||||
"vite": "^7.0.7",
|
||||
"vite-plugin-istanbul": "^7.0.0",
|
||||
"vitest": "^3.2.4"
|
||||
},
|
||||
@@ -136,7 +136,8 @@
|
||||
},
|
||||
"pnpm": {
|
||||
"patchedDependencies": {
|
||||
"roughjs": "patches/roughjs.patch"
|
||||
"roughjs": "patches/roughjs.patch",
|
||||
"dagre-d3-es@7.0.11": "patches/dagre-d3-es@7.0.11.patch"
|
||||
},
|
||||
"onlyBuiltDependencies": [
|
||||
"canvas",
|
||||
|
||||
@@ -33,7 +33,7 @@
|
||||
],
|
||||
"license": "MIT",
|
||||
"dependencies": {
|
||||
"@zenuml/core": "^3.41.5"
|
||||
"@zenuml/core": "^3.41.4"
|
||||
},
|
||||
"devDependencies": {
|
||||
"mermaid": "workspace:^"
|
||||
|
||||
@@ -76,10 +76,10 @@
|
||||
"cytoscape-fcose": "^2.2.0",
|
||||
"d3": "^7.9.0",
|
||||
"d3-sankey": "^0.12.3",
|
||||
"dagre-d3-es": "7.0.12",
|
||||
"dagre-d3-es": "7.0.11",
|
||||
"dayjs": "^1.11.18",
|
||||
"dompurify": "^3.2.5",
|
||||
"katex": "^0.16.23",
|
||||
"katex": "^0.16.22",
|
||||
"khroma": "^2.1.0",
|
||||
"lodash-es": "^4.17.21",
|
||||
"marked": "^16.3.0",
|
||||
@@ -89,7 +89,7 @@
|
||||
"uuid": "^11.1.0"
|
||||
},
|
||||
"devDependencies": {
|
||||
"@adobe/jsonschema2md": "^8.0.6",
|
||||
"@adobe/jsonschema2md": "^8.0.5",
|
||||
"@iconify/types": "^2.0.0",
|
||||
"@types/cytoscape": "^3.21.9",
|
||||
"@types/cytoscape-fcose": "^2.2.4",
|
||||
|
||||
@@ -21,19 +21,19 @@
|
||||
"font-awesome": "^4.7.0",
|
||||
"jiti": "^2.4.2",
|
||||
"mermaid": "workspace:^",
|
||||
"vue": "^3.5.22"
|
||||
"vue": "^3.5.21"
|
||||
},
|
||||
"devDependencies": {
|
||||
"@iconify-json/carbon": "^1.2.13",
|
||||
"@unocss/reset": "^66.5.2",
|
||||
"@unocss/reset": "^66.5.1",
|
||||
"@vite-pwa/vitepress": "^1.0.0",
|
||||
"@vitejs/plugin-vue": "^6.0.1",
|
||||
"fast-glob": "^3.3.3",
|
||||
"https-localhost": "^4.7.1",
|
||||
"pathe": "^2.0.3",
|
||||
"unocss": "^66.5.2",
|
||||
"unplugin-vue-components": "^28.8.0",
|
||||
"vite": "^7.1.9",
|
||||
"unocss": "^66.5.1",
|
||||
"unplugin-vue-components": "^28.4.1",
|
||||
"vite": "^7.0.7",
|
||||
"vite-plugin-pwa": "^1.0.3",
|
||||
"vitepress": "1.6.4",
|
||||
"workbox-window": "^7.3.0"
|
||||
|
||||
33
patches/dagre-d3-es@7.0.11.patch
Normal file
33
patches/dagre-d3-es@7.0.11.patch
Normal file
@@ -0,0 +1,33 @@
|
||||
diff --git a/src/dagre/position/bk.js b/src/dagre/position/bk.js
|
||||
index d4aabdcef2c788873b799489cf27d48aaa0a2ee6..72beff8b3830f1e3241455400f68843888b60a06 100644
|
||||
--- a/src/dagre/position/bk.js
|
||||
+++ b/src/dagre/position/bk.js
|
||||
@@ -129,6 +129,16 @@ function findOtherInnerSegmentNode(g, v) {
|
||||
}
|
||||
}
|
||||
|
||||
+/**
|
||||
+ * Check if a key is safe to use as an object property to prevent prototype pollution
|
||||
+ * @param {*} key - The key to check
|
||||
+ * @returns {boolean} - True if the key is safe, false otherwise
|
||||
+ */
|
||||
+function isSafeKey(key) {
|
||||
+ // Reject prototype pollution vectors
|
||||
+ return key !== '__proto__' && key !== 'constructor' && key !== 'prototype';
|
||||
+}
|
||||
+
|
||||
function addConflict(conflicts, v, w) {
|
||||
if (v > w) {
|
||||
var tmp = v;
|
||||
@@ -136,6 +146,11 @@ function addConflict(conflicts, v, w) {
|
||||
w = tmp;
|
||||
}
|
||||
|
||||
+ // Validate keys to prevent prototype pollution
|
||||
+ if (!isSafeKey(v) || !isSafeKey(w)) {
|
||||
+ return;
|
||||
+ }
|
||||
+
|
||||
var conflictsV = conflicts[v];
|
||||
if (!conflictsV) {
|
||||
conflicts[v] = conflictsV = {};
|
||||
846
pnpm-lock.yaml
generated
846
pnpm-lock.yaml
generated
File diff suppressed because it is too large
Load Diff
Reference in New Issue
Block a user