[10] fix: ban version v3.1.7 of DOMPurify

[DOMPurify v3.1.7][1] forbids the use of `<foreignElement>` for HTML inside of an `<svg>` element, which breaks many mermaid diagrams. It is likely that v3.1.8 will add a new option that will allow us to re-enable this behaviour, but v3.1.7 definitely does not work. (cherry picked from commit de2c05c) [1]: https://github.com/cure53/DOMPurify/releases/tag/3.1.7 See: cure53/DOMPurify#1002 Fix: #5904
mermaid-js · Oct 2, 2024 · 402abdf · 402abdf
1 parent 8d815f8
commit 402abdf
Show file tree

Hide file tree

Showing 2 changed files with 2 additions and 2 deletions.
diff --git a/packages/mermaid/package.json b/packages/mermaid/package.json
@@ -68,7 +68,7 @@
     "d3-sankey": "^0.12.3",
     "dagre-d3-es": "7.0.10",
     "dayjs": "^1.11.7",
-    "dompurify": "^3.0.5",
+    "dompurify": "^3.0.5 <3.1.7",
     "elkjs": "^0.9.0",
     "katex": "^0.16.9",
     "khroma": "^2.0.0",

diff --git a/pnpm-lock.yaml b/pnpm-lock.yaml