Archon icon indicating copy to clipboard operation
Archon copied to clipboard
verified publisher icon coleam00

Bump mermaid from 11.6.0 to 11.10.1 in /docs

Open dependabot[bot] opened this issue 4 months ago • 3 comments

Bumps mermaid from 11.6.0 to 11.10.1.

Release notes

Sourced from mermaid's releases.

[email protected]

Patch Changes

[email protected]

Minor Changes

Patch Changes

  • #6857 b9ef683 Thanks @​knsv! - feat: Exposing elk configuration forceNodeModelOrder and considerModelOrder to the mermaid configuration

  • #6653 2c0931d Thanks @​darshanr0107! - chore: Remove the "-beta" suffix from the XYChart, Block, Sankey diagrams to reflect their stable status

  • #6683 33e08da Thanks @​darshanr0107! - fix: Position the edge label in state diagram correctly relative to the edge

  • #6693 814b68b Thanks @​darshanr0107! - fix: Apply correct dateFormat in Gantt chart to show only day when specified

  • #6734 fce7cab Thanks @​darshanr0107! - fix: handle exclude dates properly in Gantt charts when using dateFormat: 'YYYY-MM-DD HH:mm:ss'

  • #6733 fc07f0d Thanks @​omkarht! - fix: fixed connection gaps in flowchart for roundedRect, stadium and diamond shape

  • #6876 12e01bd Thanks @​sidharthv96! - fix: sanitize icon labels and icon SVGs

    Resolves CVE-2025-54880 reported by @​fourcube

  • #6801 01aaef3 Thanks @​sidharthv96! - fix: Update casing of ID in requirement diagram

  • #6796 c36cd05 Thanks @​HashanCP! - fix: Make flowchart elk detector regex match less greedy

  • #6702 8bb29fc Thanks @​qraqras! - fix(block): overflowing blocks no longer affect later lines

    This may change the layout of block diagrams that have overflowing lines (i.e. block diagrams that use up more columns that the columns specifier).

  • #6717 71b04f9 Thanks @​darshanr0107! - fix: log warning for blocks exceeding column width

    This update adds a validation check that logs a warning message when a block's width exceeds the defined column layout.

  • #6820 c99bce6 Thanks @​kriss-u! - fix: Add escaped class literal name on namespace

  • #6332 6cc1926 Thanks @​ajuckel! - fix: Allow equals sign in sequenceDiagram labels

  • #6651 9da6fb3 Thanks @​darshanr0107! - Add validation for negative values in pie charts:

    Prevents crashes during parsing by validating values post-parsing.

    Provides clearer, user-friendly error messages for invalid negative inputs.

... (truncated)

Commits
  • af3bbdc Merge pull request #6894 from mermaid-js/changeset-release/master
  • 8813cf2 Version Packages
  • d145c0e Merge pull request #6890 from mermaid-js/develop
  • 29886b8 Merge pull request #6886 from mermaid-js/6721/Bidirectional-arrows--render-in...
  • e0b45c2 chore: added changeset
  • d4c7696 fix: correct rendering of bidirectional arrows with autonumber
  • 7171237 Merge pull request #6865 from mermaid-js/renovate/peter-evans-create-pull-req...
  • 066883f Merge branch 'develop' into renovate/peter-evans-create-pull-request-digest
  • 96778f7 Merge pull request #6880 from mermaid-js/changeset-release/master
  • d4c058b Version Packages
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) You can disable automated security fix PRs for this repo from the Security Alerts page.

dependabot[bot] avatar Aug 22 '25 22:08 dependabot[bot]

[!IMPORTANT]

Review skipped

Review was skipped due to path filters

:no_entry: Files ignored due to path filters (1)
  • docs/package-lock.json is excluded by !**/package-lock.json

CodeRabbit blocks several paths by default. You can override this behavior by explicitly including those paths in the path filters. For example, including **/dist/** will override the default block on the dist directory, by removing the pattern from both the lists.

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

✨ Finishing Touches
🧪 Generate unit tests
  • [ ] Create PR with unit tests
  • [ ] Post copyable unit tests in a comment
  • [ ] Commit unit tests in branch dependabot/npm_and_yarn/docs/mermaid-11.10.1
🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

  • Review comments: Directly reply to a review comment made by CodeRabbit. Example:
    • I pushed a fix in commit <commit_id>, please review it.
    • Open a follow-up GitHub issue for this discussion.
  • Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query.
  • PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
    • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
    • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.

Support

Need help? Create a ticket on our support page for assistance with any issues or questions.

CodeRabbit Commands (Invoked using PR/Issue comments)

Type @coderabbitai help to get the list of available commands.

Other keywords and placeholders

  • Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
  • Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
  • Add @coderabbitai anywhere in the PR title to generate the title automatically.

CodeRabbit Configuration File (.coderabbit.yaml)

  • You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
  • Please see the configuration documentation for more information.
  • If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Status, Documentation and Community

  • Visit our Status Page to check the current availability of CodeRabbit.
  • Visit our Documentation for detailed information on how to use CodeRabbit.
  • Join our Discord Community to get help, request features, and share feedback.
  • Follow us on X/Twitter for updates and announcements.

coderabbitai[bot] avatar Aug 22 '25 22:08 coderabbitai[bot]

@coderabbitai review

Wirasm avatar Aug 25 '25 06:08 Wirasm

✅ Actions performed

Review triggered.

Note: CodeRabbit is an incremental review system and does not re-review already reviewed commits. This command is applicable only when automatic reviews are paused.

coderabbitai[bot] avatar Aug 25 '25 06:08 coderabbitai[bot]

OK, I won't notify you again about this release, but will get in touch when a new version is available. If you'd rather skip all updates until the next major or minor version, let me know by commenting @dependabot ignore this major version or @dependabot ignore this minor version.

If you change your mind, just re-open this PR and I'll resolve any conflicts on it.

dependabot[bot] avatar Oct 19 '25 09:10 dependabot[bot]

● Analysis of PR #446

PR Details:

  • Title: Bump mermaid from 11.6.0 to 11.10.1 in /docs
  • Type: Dependabot security update
  • State: OPEN (since August 22, 2025)
  • Target: Updates mermaid dependency in docs/package-lock.json
  • All CI Checks: ✅ Passing

🔍 Assessment

This PR is NOT needed and should be CLOSED ❌

Reasons:

  1. Directory doesn't exist: The docs/ directory that this PR targets has been removed from the repository (confirmed by ls -la docs/ showing "No docs directory found")
  2. Git history shows removal: Found commit 6f173e4 remove prp docs which removed the docs directory
  3. File changes are obsolete: The PR only modifies docs/package-lock.json, which no longer exists in the main branch
  4. PR is stale: Open for over 30 days (since August 22), and Dependabot has disabled automatic rebases
  5. Security fix is irrelevant: While the PR includes a CVE fix (CVE-2025-54880), it's for a directory/dependency that's no longer part of the codebase

✅ Recommendation

Close PR #446 - The docs directory and its dependencies were intentionally removed from the repository, making this dependency update obsolete.

leex279 avatar Oct 19 '25 09:10 leex279