markdown icon indicating copy to clipboard operation
markdown copied to clipboard
verified publisher icon nextjournal

drop dependency on katex

Open mk opened this issue 2 years ago • 1 comments

There's a dependency on katex which shows up in Clerk's js bundle.

Screen Shot 2023-06-07 at 17 54 12

Would be nice if we could drop this or make it optional, as Clerk isn't using it for display (but loading it dynamically). I tried dropping it in https://github.com/nextjournal/clerk/commit/0303e730a2fa5d7fc2f7a79d57f0f298a6eea9d6 but that lets SSR fail.

mk avatar Jun 07 '23 15:06 mk

Update: As of March 2024, there are a 4 reported and patched moderate vulnerabilities in Katex focused on normalizing URLs and escaping filenames. They have been patched as of 0.16.10 , but the jump from the 0.12 version used to the patched version is listed as a breaking change.

rainbow-bamboo avatar Jan 04 '25 03:01 rainbow-bamboo