GitHub/outline
1
0
Fork 0
mirror of https://github.com/outline/outline.git synced 2026-06-13 11:25:03 +03:00
Code Issues Packages Projects Releases Wiki Activity

security: downgrade mermaid to v10.9.5 to fix CVE-2025-57347 and CVE-2025-26791

Browse Source 
- Updated mermaid dependency from 11.10.1 to 10.9.5
- Updated CDN reference in ProsemirrorHelper.tsx to use v10
- This addresses security vulnerabilities in the v11 branch
- v10.9.5 is a security backport released on Nov 4, 2024
This commit is contained in:
codegen-sh[bot]
2025-11-04 16:28:25 +00:00
parent e4268c9a1f
commit f04b4c7cd5
3 changed files with 358 additions and 549 deletions
Download Patch File Download Diff File Expand all files Collapse all files
package.json
+1 -1
View File
@@ -172,7 +172,7 @@
"markdown-it": "^14.1.0",
"markdown-it-container": "^3.0.0",
"markdown-it-emoji": "^3.0.0",
"mermaid": "11.10.1",
"mermaid": "10.9.5",
"mime-types": "^3.0.1",
"mobx": "^4.15.4",
"mobx-react": "^6.3.1",
server/models/helpers/ProsemirrorHelper.tsx
+1 -1
View File
@@ -546,7 +546,7 @@ export class ProsemirrorHelper {
// Inject Mermaid script
if (mermaidElements.length) {
element.innerHTML = `
import mermaid from 'https://cdn.jsdelivr.net/npm/mermaid@11/dist/mermaid.esm.min.mjs';
import mermaid from 'https://cdn.jsdelivr.net/npm/mermaid@10/dist/mermaid.esm.min.mjs';
mermaid.initialize({
startOnLoad: true,
fontFamily: "inherit",
yarn.lock
+356 -547
View File
File diff suppressed because it is too large Load Diff