Headline
CVE-2021-43861: Release 8.13.8 · mermaid-js/mermaid
Mermaid is a Javascript based diagramming and charting tool that uses Markdown-inspired text definitions and a renderer to create and modify complex diagrams. Prior to version 8.13.8, malicious diagrams can run javascript code at diagram readers’ machines. Users should upgrade to version 8.13.8 to receive a patch. There are no known workarounds aside from upgrading.
- Releases
- 8.13.8
Release Notes
Fix for vulnerability with links from actors in sequence diagrams
Fix for insuffiucient url sanitization (#2596)
Add Notion to integrations.md (#2593) @kale-stew
Update TiddlyWiki integrations (#2584) @jasonmhoule
Bump @commitlint/cli from 15.0.0 to 16.0.0 (#2590) @dependabot
Bump @commitlint/config-conventional from 15.0.0 to 16.0.0 (#2591) @dependabot
Bump cypress from 9.1.1 to 9.2.0 (#2586) @dependabot
Bump eslint-plugin-jsdoc from 37.3.0 to 37.4.0 (#2589) @dependabot
Bump lint-staged from 12.1.3 to 12.1.4 (#2587) @dependabot
Bump webpack-dev-server from 4.6.0 to 4.7.1 (#2588) @dependabot
Bump @babel/core from 7.16.0 to 7.16.5 (#2575) @dependabot
Bump @babel/eslint-parser from 7.16.3 to 7.16.5 (#2579) @dependabot
Bump @babel/preset-env from 7.16.4 to 7.16.5 (#2576) @dependabot
Bump @babel/register from 7.16.0 to 7.16.5 (#2569) @dependabot
Bump babel-jest from 27.4.4 to 27.4.5 (#2571) @dependabot
Bump concurrently from 6.4.0 to 6.5.1 (#2570) @dependabot
Bump eslint from 8.4.1 to 8.5.0 (#2572) @dependabot
Bump eslint-plugin-jsdoc from 37.2.0 to 37.3.0 (#2573) @dependabot
Bump jest from 27.4.4 to 27.4.5 (#2578) @dependabot
Bump lint-staged from 12.1.2 to 12.1.3 (#2577) @dependabot
Bump terser-webpack-plugin from 5.2.5 to 5.3.0 (#2574) @dependabot
🎉 Thanks to all contributors helping with this release! 🎉