From 402abdf8838d4239bbbd08a0b5ce1e9116751c9f Mon Sep 17 00:00:00 2001
From: Alois Klink <alois@aloisklink.com>
Date: Tue, 1 Oct 2024 23:55:36 +0900
Subject: [PATCH] [10] fix: ban version v3.1.7 of DOMPurify

[DOMPurify v3.1.7][1] forbids the use of `<foreignElement>` for HTML
inside of an `<svg>` element, which breaks many mermaid diagrams.

It is likely that v3.1.8 will add a new option that will allow us to
re-enable this behaviour, but v3.1.7 definitely does not work.

(cherry picked from commit de2c05cd5463af68d19dd7b6b3f1303d69ddb2dd)

[1]: https://github.com/cure53/DOMPurify/releases/tag/3.1.7

See: https://github.com/cure53/DOMPurify/issues/1002
Fix: https://github.com/mermaid-js/mermaid/issues/5904
---
 packages/mermaid/package.json | 2 +-
 pnpm-lock.yaml                | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/packages/mermaid/package.json b/packages/mermaid/package.json
index 1175761ac8..bfc0c12a4e 100644
--- a/packages/mermaid/package.json
+++ b/packages/mermaid/package.json
@@ -68,7 +68,7 @@
     "d3-sankey": "^0.12.3",
     "dagre-d3-es": "7.0.10",
     "dayjs": "^1.11.7",
-    "dompurify": "^3.0.5",
+    "dompurify": "^3.0.5 <3.1.7",
     "elkjs": "^0.9.0",
     "katex": "^0.16.9",
     "khroma": "^2.0.0",
diff --git a/pnpm-lock.yaml b/pnpm-lock.yaml
index faac50fae9..f17a2e37c8 100644
--- a/pnpm-lock.yaml
+++ b/pnpm-lock.yaml
@@ -227,7 +227,7 @@ importers:
         specifier: ^1.11.7
         version: 1.11.10
       dompurify:
-        specifier: ^3.0.5
+        specifier: ^3.0.5 <3.1.7
         version: 3.0.9
       elkjs:
         specifier: ^0.9.0