Update dependency mermaid to v10 (main)

[mend-for-github-com]

ℹ️ Note

This PR body was truncated due to platform limits.

This PR contains the following updates:

Package	Type	Update	Change
mermaid	dependencies	major	^8.11.0 → ^10.0.0

By merging this PR, the issue #1426 will be automatically resolved and closed:

Severity	CVSS Score	Vulnerability	Reachability
High	7.5	WS-2022-0322	Unreachable
Medium	4.7	CVE-2026-41148
Medium	4.7	CVE-2026-41149
Medium	4.7	CVE-2026-41150
Medium	4.7	CVE-2026-41159
Medium	4.1	CVE-2022-31108	Unreachable

---

Release Notes

mermaid-js/mermaid (mermaid)

v10.9.6

Compare Source

Backports the following security fixes from Mermaid v11.15.0:

• CVE-2026-41150: fix(gantt): limit loop if excluding all dates (a59ea56)
• CVE-2026-41148: fix: prevent unbalanced CSS styles in classDefs (8fead23)
• CVE-2026-41149: fix: create CSS styles using the CSSOM (4e2d512)
• CVE-2026-41159: fix: block stylis scope escape (a9d9f0d)
• CVE-2026-41907: fix: loosen uuid dependency range to allow v14
  We don't use this vulnerable code, but it allows users to silence this warning.
  (e8c7043)

And other dependency updates.

Full Changelog: mermaid-js/mermaid@v10.9.5...v10.9.6

v10.9.5

Compare Source

This release backports the update of the dependency dagre-d3-es to 7.0.13 for CVE-2025-57347 from v11.12.1.

We've also updated the v10.x branch to support newer versions of DOMPurify, cherry-picked from fe3cffb, avoiding CVE-2025-26791.

Full Changelog: mermaid-js/mermaid@v10.9.4...v10.9.5

v10.9.4

Compare Source

This release backports the fix for GHSA-7rqq-prvp-x9jh from v11.10.0, preventing a potential XSS attack in labels in sequence diagrams.

See: 9d68517 (on main branch)
See: 7509b06 (backported commit)

Full Changelog: mermaid-js/mermaid@v10.9.3...v10.9.4

v10.9.3

Compare Source

Updates the bundled version of dependencies in the following files:

• dist/mermaid.min.js
• dist/mermaid.js
• dist/mermaid.esm.mjs
• dist/mermaid.esm.min.mjs

If you are not using these files (e.g. you are using the default NPM export of mermaid, e.g. import mermaid from 'mermaid', or you are using dist/mermaid.core.mjs), this release is identical to v10.9.2.

This is to avoid potential security issues in KaTeX and DOMPurify, see:

• GHSA-mmhx-hmjr-r674
• GHSA-64fm-8hw2-v72w
• GHSA-cvr6-37gx-v8wc
• GHSA-f98w-7cxr-ff2h
• GHSA-3wc5-fcw2-2329

These dependencies have already been updated in v11.0.0.

Changelog

Chore

• Updates the bundled version of KaTeX to 0.16.11 (2bedd0e)
• Updates the bundled version of DOMPurify to 3.1.6 (92a07ff)

Full Changelog: mermaid-js/mermaid@v10.9.2...v10.9.3

v10.9.2

Compare Source

This release back-ports #​5914 to the v10 release line to fix #​5904 (an incompatibility between mermaid and DOMPurify v3.1.7)

Patch Changes

• #​5914 402abdf [10] fix: ban version v3.1.7 of DOMPurify

Full Changelog: mermaid-js/mermaid@v10.9.1...v10.9.2

v10.9.1

Compare Source

What's Changed

BugFixes

• Cleaning of labels in Block diagram by @​knsv

Docs

• docs(integrations): update link to Mermaid app for Slack by @​JackuB in #​5370
• Update new diagram doc to reflect focus on Langium by @​sidharthv96 in #​5372
• feat: Make the examples interactive in the documentation site by @​sidharthv96 in #​5376
• DOCS: add latest blog posts by @​huynhicode in #​5368
• DOCS: update Announcement bar link by @​huynhicode in #​5394
• DOCS: Add Press Release by @​huynhicode in #​5400
• DOCS: add Turing machine blog post by @​huynhicode in #​5425
• DOCS: update latest news by @​huynhicode in #​5455
• 📝🐛 fix schema link by @​dudeofawesome in #​5456
• DOCS: Add AI in Software Diagramming blog post by @​huynhicode in #​5492
• DOCS: update Mermaid Chart page by @​huynhicode in #​5495
• DOCS: Add blog post - Documentation Software by @​huynhicode in #​5519

New Contributors

• @​dudeofawesome made their first contribution in #​5456

Full Changelog: mermaid-js/mermaid@v10.9.0...v10.9.1

v10.9.0

Compare Source

Release Notes

We now have Katex support!

Demo

🚀 Features

• Bump @​zenuml/core and update render options in mermaid-zenuml (#​5257) @​dontry
• Implement "until" keyword in gantt charts (#​5224) @​fzag
• Integrated Katex typesetting into flowcharts (#​2885) @​NicolasNewman

🧰 Maintenance

• Add gitgraph parallel commits to docs (#​5336) @​NicolasCwy
• Update recommended Vitest extension (#​5322) @​NicolasCwy
• Correcting path to docker-entrypoint.sh (#​5327) @​bstordrup
• Fix chrome webstore url causing 404 (#​5352) @​Abrifq
• Fix color and arrow for merge commit (gitGraph) (#​5152) @​macherel
• Fix link to Contributors section in README (#​5298) @​BaumiCoder
• Fix macOS onboarding issues (#​5262) @​thedustin
• Fix netlify deploy (#​5332) @​sidharthv96
• Link to webhelp (#​5316) @​BaumiCoder
• Update contribute (#​5268) @​FutzMonitor
• Updates Timeline Documentation (#​5315) @​FutzMonitor
• [Docs] Updated chrome extension url's to new store (#​5297) @​Abrifq
• chore: Update CSpell configuration (#​5286) @​Jason3S
• feat: add name field to the actors (#​5284) @​ad1992
• fix typo cutomers => customers (#​5269) @​elgalu

📚 Documentation

• Add new extension to integrations (#​5287) @​BoDonkey
• Added link to Blazorade Mermaid to the community integrations page. (#​5333) @​MikaBerglund
• Replace version number placeholder (#​5304) @​BaumiCoder

🎉 Thanks to all contributors helping with this release! 🎉

v10.8.0

Compare Source

v10.8.0

Features

• Adding new diagram type - Block Diagram by @​knsv in #​5221

• Feature/5114 add parallel commit config by @​mathbraga in #​5161

• Changes to Gantt Parsers to allow hashes and semicolons to titles, sections, and task data. by @​FutzMonitor in #​5095

• Feature/4653 add actor-top class to sequence diagram by @​Ronid1 in #​5241

Documentation

• Updated gantt chart docs to show all config options by @​murdoa in #​5192
• Contribution documentation improvements by @​nirname in #​5132
• Update flowchart.md - how to use font-awesome #​5195 by @​arukiidou in #​5196
• Add more detailed docs for Gantt tasks by @​sorenisanerd in #​5194
• Docs/4974 reorder integration links by @​Ronid1 in #​5066
• docs: fix swimm link by @​Yokozuna59 in #​5219
• Update Slack community links to Discord by @​Olegt0rr in #​5225
• Docs: Mermaid chart updates by @​huynhicode in #​5232
• Fix typos in timeline syntax samples by @​sblom in #​5139

Bug fixes

• Bug/5059 fix external connection after updating edges by @​mathbraga in #​5127
• [Fix] Sequence diagram actor menu popup by @​vitorsss in #​5160
• fix: Dompurify Hooks by @​sidharthv96 in #​5236
• Accurate pie chart labeling for text alignment by @​JenningsWilliam in #​5141
• fix: Redirect of old URLs by @​sidharthv96 in #​5250
• Fixed Typo in ErrorRenderer.ts by @​FutzMonitor in #​5256

Chores

• Revert "Revert 5041 feature/4935 subgraph title margin config option" by @​mathbraga in #​5205
• build(deps-dev): bump follow-redirects from 1.15.2 to 1.15.5 by @​dependabot in #​5200
• chore(deps): update all patch dependencies (patch) by @​renovate in #​5150
• E2E Image comparison by @​sidharthv96 in #​5208
• E2E test by @​sidharthv96 in #​5210
• Optimise caching of test results by @​sidharthv96 in #​5213
• Update update-browserlist.yml to fix deprecation and action fails by @​Abrifq in #​5151
• UpdateCypress by @​sidharthv96 in #​5228
• Use node v20 by @​sidharthv96 in #​5248
• Convert Mindmap to TS by @​sidharthv96 in #​5247
• chore: Add interface naming Convention by @​sidharthv96 in #​5254

New Contributors

• @​murdoa made their first contribution in #​5192
• @​arukiidou made their first contribution in #​5196
• @​sorenisanerd made their first contribution in #​5194
• @​Ronid1 made their first contribution in #​5066
• @​Olegt0rr made their first contribution in #​5225
• @​vitorsss made their first contribution in #​5160
• @​sblom made their first contribution in #​5139
• @​JenningsWilliam made their first contribution in #​5141

Full Changelog: mermaid-js/mermaid@v10.7.0...v10.8.0

v10.7.0

Compare Source

Release Notes

• 3952 lexical ids (#​5028) @​jgreywolf
• Add new Atlassian integrations (#​5021) @​nashtechlabs
• Adds Unison programming language to community integrations list (#​5180) @​rlmark
• Bump GitHub workflow actions to latest versions (#​5026) @​deining
• Changes to .prettierignore (#​5109) @​FutzMonitor
• Chore: Typo fixed in multiple files (#​4947) @​SusheelThapa
• DOCS: update Flowchart page (#​5169) @​huynhicode
• DOCS: update announcement bar (#​5193) @​huynhicode
• Docs: Ecosystem section pages - verbiage updates (#​5124) @​huynhicode
• Docs: Update latest news (#​5147) @​huynhicode
• Docs: add Mermaid for Slack integration (#​4824) @​JackuB
• Docs: add latest blog post - JetBrains extension (#​5158) @​huynhicode
• Docs: update Latest News section (#​5048) @​huynhicode
• Documentation: clarify sentence (#​5025) @​deining
• Fix issue with generic class not rendering (#​5098) @​jgreywolf
• Holiday 2023 promo (#​5080) @​huynhicode
• Referenced the PmWiki's Cookbook recipe enabling MermaidJs schematics… (#​5085) @​d-faure
• Release/10.7.0 (#​5188) @​sidharthv96
• Update NiceGuy.io links in integrations-community.md (#​5120) @​Abrifq
• Update all minor dependencies (minor) (#​5047) @​renovate
• Update all patch dependencies (patch) (#​5046) @​renovate
• Update all patch dependencies (patch) (#​5033) @​renovate
• Update generics docs (#​5130) @​jgreywolf
• Update index.md (#​5012) @​StefonSimmons
• Update integrations-community.md (Add Codemia to the list of productivity tools using Mermaid) (#​5189) @​markqian
• Updated README with expandable table of content. (#​4961) @​claesgill
• add links to make it easier (#​4952) @​ajdamico
• bug: #​4905 change shiki theme to github-light (#​4924) @​raiman264
• build(deps-dev): bump vite from 4.4.9 to 4.4.12 (#​5115) @​dependabot
• chore(deps): update all minor dependencies (minor) (#​5172) @​renovate
• chore(deps): update all minor dependencies (minor) (#​5131) @​renovate
• chore(deps): update all minor dependencies (minor) (#​5099) @​renovate
• chore(deps): update all minor dependencies (minor) (#​5071) @​renovate
• chore(deps): update all patch dependencies (patch) (#​5070) @​renovate
• chore(deps): update all patch dependencies (patch) (#​5015) @​renovate
• docs: Update classDiagram.md (#​4973) @​SahilNagpure07
• docs: fixed typo (#​4893) @​0xflotus
• feat(gantt): update styles (#​4930) @​Mister-Hope
• fix: #​5064 Handle case when line has only one point (#​5065) @​sidharthv96
• fix: getMessageAPI so it considers entity codes (#​5002) @​ad1992
• fix: render the participants in same order as they are created (#​5017) @​ad1992
• fix: target blank removed from anchor tag (#​4933) @​REVERB283
• prevent-inherited-lineheights-on-edgeterminal-4083 (#​4915) @​Patronud

🚀 Features

• Added functionality to support style keyword (#​5111) @​jgreywolf
• Feature/4935 subgraph title margin config option (#​5041) @​mathbraga
• Revert 5041 feature/4935 subgraph title margin config option (#​5197) @​sidharthv96
• feat #​5042: Add flowchart.maxEdges config. (#​5086) @​sidharthv96

🐛 Bug Fixes

• Bug/#​4497 Unable to Cherry Pick Merge Commit Solved (#​4944) @​RounakJoshi09
• Bug/4912 GitGraph routing and colouring for merges and cherry-picks (#​4927) @​guypursey
• Fix - static class attributes are not rendered underlined (#​5013) @​SteffenLm
• Revert "fix: render the participants in same order as they are created" (#​5198) @​sidharthv96
• bug/#​3251_linkStyle-can't-specify-ids Fixed (#​4934) @​RounakJoshi09
• fix(tooltip): remove redundant scroll offset (#​4958) @​csholmq
• fix/1294_exhaustive-clear-sequenceDb-variables (#​4941) @​rflban
• fix: #​5100 Add viewbox to sankey (#​5102) @​sidharthv96
• fix: Adjust piechart viewbox for mobile devices with small width (#​4288) @​iwestlin
• fix: clean comments in text in getDiagramFromText API so flowchart works well (#​5076) @​ad1992
• fix: flowchart image without text (#​5063) @​bonyuta0204

🧰 Maintenance

• Use release-drafter/release-drafter GitHub Action to label our PRs (#​4868) @​aloisklink
• build: use tsx instead of ts-node-esm (#​5104) @​aloisklink
• tests: update #registerExternalDiagrams testTimeout from 5 seconds to 20 seconds (#​5055) @​omer-priel

📚 Documentation

• Docs: update Getting Started page (#​5112) @​huynhicode
• Docs: update Latest News section (#​5107) @​huynhicode
• Docs: update latest news (#​4959) @​huynhicode
• Update XYChart's nav link in the docs template (#​5014) @​Abrifq
• feat: Track outbound links in docs site. (#​5116) @​sidharthv96

🎉 Thanks to all contributors helping with this release! 🎉

v10.6.1: 10.6.1

Compare Source

What's Changed

Bugfixes

• fix(flow): fix invalid ellipseText regex (#​5016) @​aloisklink
  • This was causing freezes in flowcharts that had a ( char in ellipse nodes

Documentation

• Docs: add Docusaurus to "Integrations - Community" page (#​4975) @​huynhicode
• Fix typo in build-docs.yml (#​4991) @​sadikkuzu
• Update README.md (#​4979) @​karthxk07
• docs: Add NotesHub to integrations-community page (#​4994) @​alex-titarenko

Chores

• chore(deps): update all minor dependencies (minor) (#​4997) @​renovate
• chore(deps): update all patch dependencies (patch) (#​4976) @​renovate

🎉 Thanks to all contributors helping with this release! 🎉

v10.6.0: 10.6.0

Compare Source

What's Changed

• Add new chart xychart by @​subhash-halder in #​4413

Fix

• bug/4849_center_axis_labels by @​dreathed in #​4860
• Better handling of large flowcharts and long edges @​knsv

Docs

• Add new Atlassian integrations by @​janjonas in #​4862
• docs: fix typo by @​dennis0324 in #​4887
• Update notes on orientation in GitGraph documentation by @​guypursey in #​4897
• Enhancment: twitter logo in doc by @​chaursiyasanjeet in #​4925
• Update link for the Mermaid integration in JetBrains IDEs by @​FirstTimeInForever in #​4883

Chores

• Wait for marker_unique_id.html E2E test to render before taking a screenshot by @​aloi
  sklink in #​4847
• Wait for theme-directives.html E2E test to render before taking a screenshot by @​aloisklink in #​4846
• chore(deps): update all patch dependencies (patch) by @​renovate in #​4851
• chore(dev-deps): update @typescript-eslint/* plugins to v6 (major) by @​aloisklink in #​4857
• chore: shorten flow-huge.spec.js test case using .repeat by @​Yokozuna59 in #​4859
• Publish Live Editor previews for the develop & next branches by @​sidharthv96 in #​4841
• chore(deps): update all minor dependencies (minor) by @​renovate in #​4870
• chore(deps): update all patch dependencies (patch) by @​renovate in #​4869
• Commented out broken test by @​nirname in #​4913
• chore(deps): update all patch dependencies (patch) by @​renovate in #​4891
• fix(class): avoid duplicate definition of fill by @​Mister-Hope in #​4929
• chore(deps): update all minor dependencies (minor) by @​renovate in #​4892
• making consitent config imports from diagramAPI by @​dreathed in #​4889
• fix(typos): Fix minor typos in the source code by @​mribeirodantas in #​4928
• chore(deps): update all patch dependencies (patch) by @​renovate in #​4945
• Bump @​babel/traverse from 7.22.10 to 7.23.2 by @​dependabot in #​4951
• Replace rehype-mermaidjs with rehype-mermaid by @​remcohaszing in #​4970

New Contributors

• @​dreathed made their first contribution in #​4860
• @​janjonas made their first contribution in #​4862
• @​dennis0324 made their first contribution in #​4887
• @​FirstTimeInForever made their first contribution in #​4883
• @​guypursey made their first contribution in #​4897
• @​chaursiyasanjeet made their first contribution in #​4925
• @​mribeirodantas made their first contribution in #​4928

Full Changelog: mermaid-js/mermaid@v10.5.1...v10.6.0

v10.5.1

Compare Source

What's Changed

• Fix: Fix for subgraphs when using flowchart-elk by @​knsv
• Docs: update Latest News section by @​huynhicode in #​4822
• Docs: update Ecosystem section by @​huynhicode in #​4817
• Docs: update Latest News section (Git Graph blog post) by @​huynhicode in #​4871
• Docs: Add Product Hunt info by @​huynhicode in #​4900
• Revert PH changes by @​sidharthv96 in #​4903

Full Changelog: mermaid-js/mermaid@v10.5.0...v10.5.1

v10.5.0: 10.5.0

Compare Source

What's Changed

Features

• feat(er): add entity name alias by @​tomperr in #​4758

Bugfixes

• Fix Twitter fontawesome class in flowchart.md by @​GingerNinjaNicko in #​4723
• fix(pie): align slices and legend orders by @​Yokozuna59 in #​4774
• Update class member handling by @​jgreywolf in #​4534
• fix(er): allow underscore as leading char by @​tomperr in #​4776
• Align arrows on sequence diagram by @​sidharthv96 in #​4804
• fix: Allow hollow markers on edges by @​sidharthv96 in #​4788
• fix: Fix for vulnerability making it possible to add javascript in class names by @​knsv

Documentation

• Docs/2910 Remove n00b and fix some docs by @​nirname in #​4767
• fix: typos by @​omahs in #​4801
• "CSS" instead of "css" in flowchart.md by @​jakeboone02 in #​4797
• fix(docs): Correct repeated text in flowchart.md by @​andriy-koz in #​4810
• Update link to Discourse theme component by @​gschlager in #​4811
• New Mermaid Live Editor for Confluence Cloud by @​zhifeiyue in #​4814
• Update classDiagram.md by @​jgreywolf in #​4781
• Support member definition to initialize class by @​sidharthv96 in #​4786
• fix: Add support for ~test Array~string~ back in Class by @​sidharthv96 in #​4805
• Added support for millisecond and second to gantt tickInterval by @​vertxxyz in #​4778
• Add directive support to all diagrams by preprocessing by @​sidharthv96 in #​4759
• Update README.md by @​jgreywolf in #​4780

Chores

• chore(deps): update all minor dependencies (minor) by @​renovate in #​4783
• chore(deps): update all patch dependencies (patch) by @​renovate in #​4782
• chore(deps): update all patch dependencies (patch) by @​renovate in #​4809
• chore: move commonDb into diagrams/common/commonDb by @​Yokozuna59 in #​4802
• Use utf8 encoding in Jupyter example by @​jonashaag in #​4701
• Update flowchart.md by @​Ogglas in #​4792
• Update flowchart.md by @​dsblank in #​4798
• Refactor cypress/helpers/util.ts by @​RohanHandore in #​4340
• refactor: Fix typings in utils.ts by @​sidharthv96 in #​4826
• Support ClassDefs in external diagrams by @​sidharthv96 in #​4819
• Fix: flowchartElk Arrow overlap by @​sidharthv96 in #​4830
• Give markers unique id's per graph by @​chadfawcett in #​4825

New Contributors

• @​GingerNinjaNicko made their first contribution in #​4723
• @​omahs made their first contribution in #​4801
• @​jakeboone02 made their first contribution in #​4797
• @​andriy-koz made their first contribution in #​4810
• @​gschlager made their first contribution in #​4811
• @​zhifeiyue made their first contribution in #​4814
• @​vertxxyz made their first contribution in #​4778
• @​jonashaag made their first contribution in #​4701
• @​Ogglas made their first contribution in #​4792
• @​dsblank made their first contribution in #​4798
• @​RohanHandore made their first contribution in #​4340
• @​chadfawcett made their first contribution in #​4825

Full Changelog: mermaid-js/mermaid@v10.4.0...v10.5.0

v10.4.0

Compare Source

Features

• feat: Support config in frontmatter. by @​sidharthv96 in #​4750
• feat(sankey): Show values by @​sidharthv96 in #​4748

Docs

• docs: Add development example page. by @​sidharthv96 in #​4714
• Documentation for #​2509 by @​jason-curtis in #​4740
• Fixes to Docs sidebar, main page and badges by @​nirname in #​4742
• Split development documentation into several pages by @​nirname in #​4744
• Docs: update Latest News section by @​huynhicode in #​4768

Chores

• Update all minor dependencies (minor) by @​renovate in #​4732
• Update all patch dependencies (patch) by @​renovate in #​4731
• convert assignWithDepth to TS by @​Yokozuna59 in #​4717
• convert diagrams/common/svgDrawCommon.js to ts by @​Yokozuna59 in #​4724
• ci(release-drafter): add more release notes categories by @​aloisklink in #​4752
• chore(deps): update all patch dependencies (patch) by @​renovate in #​4753
• standardized pie definitions by @​Yokozuna59 in #​4501
• Remove Circular Dependencies by @​sidharthv96 in #​4761
• chore: Enforce type imports by @​sidharthv96 in #​4763
• chore: Preview PRs with mermaid-live-editor on Netlify by @​sidharthv96 in #​4769

New Contributors

• @​jason-curtis made their first contribution in #​4740

Full Changelog: mermaid-js/mermaid@v10.3.1...v10.4.0

v10.3.1

Compare Source

What's Changed

Bugfixes

• fix style in contributors section of intro by @​keer4n in #​4670
• fix: #​4676 redirect fix by @​sidharthv96 in #​4693
• #​2139 Applying user defined classes properly when calculating shape width by @​knsv in #​4722
• Bug/4645 graph node containing keyword by @​ibrahimWassouf in #​4657
• fix: Remove triple parsing of diagrams by @​sidharthv96 in [#​4697](https://redirect.github.com/me