Version Details and Security Vulnerabilities

📦

mermaid

10.6.0

Comparision Betweeen 10.6.0 and 10.5.1

Identify the differences between the current version of the package and the previous one.

Version

Dependencies

Dev Dependencies

Peer Dependencies

Distributed Files

331

311

Unpacked Size

20.59 MB

20.23 MB

Security Vulnerabilities

This site is an independent open-source project and is not affiliated with, endorsed by, or sponsored by npm, Inc. or GitHub, Inc. The name “npm” is a registered trademark of npm, Inc., used here solely to describe compatibility and reference publicly available npm package data.

Version Details and Security Vulnerabilities

📦

mermaid

10.6.0

Comparision Betweeen 10.6.0 and 10.5.1

Identify the differences between the current version of the package and the previous one.

Version

Dependencies

Dev Dependencies

Peer Dependencies

Distributed Files

331

311

Unpacked Size

20.59 MB

20.23 MB

Security Vulnerabilities

Security Details

Comprehensive list of direct or transitive vulnerabilities for version 10.6.0 of the package mermaid.

All Security Vulnerabilities

All the vulnerabilities related to the version 10.6.0 of the package

Summary:

Prototype pollution vulnerability found in Mermaid's bundled version of DOMPurify

Details:

The following bundled files within the Mermaid NPM package contain a bundled version of DOMPurify that is vulnerable to https://github.com/cure53/DOMPurify/security/advisories/GHSA-mmhx-hmjr-r674, potentially resulting in an XSS attack.

This affects the built:

dist/mermaid.min.js
dist/mermaid.js
dist/mermaid.esm.mjs
dist/mermaid.esm.min.mjs

This will also affect users that use the above files via a CDN link, e.g. https://cdn.jsdelivr.net/npm/mermaid@10.9.2/dist/mermaid.min.js

Users that use the default NPM export of mermaid, e.g. import mermaid from 'mermaid', or the dist/mermaid.core.mjs file, do not use this bundled version of DOMPurify, and can easily update using their package manager with something like npm audit fix.

Patches

develop branch: 6c785c93166c151d27d328ddf68a13d9d65adc00
backport to v10: 92a07ffe40aab2769dd1c3431b4eb5beac282b34

Details about mermaid@10.6.0

Security Details

Comprehensive list of direct or transitive vulnerabilities for version 10.6.0 of the package mermaid.

All Security Vulnerabilities

All the vulnerabilities related to the version 10.6.0 of the package

Summary:

Prototype pollution vulnerability found in Mermaid's bundled version of DOMPurify

Details:

This affects the built:

dist/mermaid.min.js
dist/mermaid.js
dist/mermaid.esm.mjs
dist/mermaid.esm.min.mjs

This will also affect users that use the above files via a CDN link, e.g. https://cdn.jsdelivr.net/npm/mermaid@10.9.2/dist/mermaid.min.js

Patches

develop branch: 6c785c93166c151d27d328ddf68a13d9d65adc00
backport to v10: 92a07ffe40aab2769dd1c3431b4eb5beac282b34

Details about mermaid@10.6.0

Version Details and Security Vulnerabilities

mermaid

Comparision Betweeen 10.6.0 and 10.5.1

Security Vulnerabilities

Version Details and Security Vulnerabilities

mermaid

Comparision Betweeen 10.6.0 and 10.5.1

Security Vulnerabilities

Security Details

All

Transitive Dependencies

Package

All Security Vulnerabilities

Patches

Security Details

All

Transitive Dependencies

Package

All Security Vulnerabilities

Patches

Version Details and Security Vulnerabilities

mermaid

Comparision Betweeen 10.6.0 and 10.5.1

Security Vulnerabilities

Version Details and Security Vulnerabilities

mermaid

Comparision Betweeen 10.6.0 and 10.5.1

Security Vulnerabilities

Security Details

All

Transitive Dependencies

Package

All Security Vulnerabilities

mermaid@10.6.0 GHSA-m4gq-x24j-jpmf 7

Patches

Security Details

All

Transitive Dependencies

Package

All Security Vulnerabilities

mermaid@10.6.0 GHSA-m4gq-x24j-jpmf 7

Patches