fix(deps): update dependency katex to v0.16.21 [security]

[renovate]

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence
katex (source)	0.16.11 -> 0.16.21

GitHub Vulnerability Alerts

CVE-2025-23207

Impact

KaTeX users who render untrusted mathematical expressions with renderToString could encounter malicious input using \htmlData that runs arbitrary JavaScript, or generate invalid HTML.

Patches

Upgrade to KaTeX v0.16.21 to remove this vulnerability.

Workarounds

• Avoid use of or turn off the trust option, or set it to forbid \htmlData commands.
• Forbid inputs containing the substring "\\htmlData".
• Sanitize HTML output from KaTeX.

Details

\htmlData did not validate its attribute name argument, allowing it to generate invalid or malicious HTML that runs scripts.

For more information

If you have any questions or comments about this advisory:

• Open an issue or security advisory in the KaTeX repository
• Email us at [email protected]

---

Release Notes

KaTeX/KaTeX (katex)

v0.16.21

Compare Source

Bug Fixes

• escape \htmlData attribute name (57914ad)

v0.16.20

Compare Source

Bug Fixes

• \providecommand does not overwrite existing macro (#​4000) (6d30fe4), closes #​3928

v0.16.19

Compare Source

Bug Fixes

• types: improve strict function type (#​4009) (4228b4e)

v0.16.18

Compare Source

Bug Fixes

• Actually publish TypeScript type definitions (#​4008) (629b873)

v0.16.17

Compare Source

Bug Fixes

• MathML combines multidigit numbers with sup/subscript, comma separators, and multicharacter text when outputting to DOM (#​3999) (7d79e22), closes #​3995

v0.16.16

Compare Source

Features

• ESM exports, TypeScript types (#​3992) (ea9c173)

v0.16.15

Compare Source

Features

• italic sans-serif in math mode via \mathsfit command (#​3998) (2218901)

v0.16.14

Compare Source

Features

• \dddot and \ddddot support (#​3834) (bda35cd), closes #​2744

v0.16.13

Compare Source

Bug Fixes

• \vdots and \rule support in text mode (#​3997) (0e08352), closes #​3990

v0.16.12

Compare Source

Features

• css: configurable margin for display math (#​3638) (3405001)

---

Configuration

📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Enabled.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[changeset-bot]

⚠️ No Changeset found

Latest commit: abea507

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

This PR includes no changesets

When changesets are added to this PR, you'll see the packages that this PR includes changesets for and the associated semver types

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR

[netlify]

✅ Deploy Preview for mermaid-js ready!

Name	Link
🔨 Latest commit	abea507
🔍 Latest deploy log	https://app.netlify.com/sites/mermaid-js/deploys/67a8b8904b2a0f000880adc6
😎 Deploy Preview	https://deploy-preview-6200--mermaid-js.netlify.app
📱 Preview on mobile	Toggle QR Code... Use your smartphone camera to open QR code link.

---

To edit notification comments on pull requests, go to your Netlify site configuration.

[pkg-pr-new]

Open in Stackblitz

npm i https://pkg.pr.new/mermaid-js/mermaid@6200

npm i https://pkg.pr.new/mermaid-js/mermaid/@mermaid-js/mermaid-zenuml@6200

npm i https://pkg.pr.new/mermaid-js/mermaid/@mermaid-js/layout-elk@6200

npm i https://pkg.pr.new/mermaid-js/mermaid/@mermaid-js/parser@6200

commit: abea507

[codecov]

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 4.47%. Comparing base (8dd0e7a) to head (f41ef0f).

Additional details and impacted files

@@           Coverage Diff           @@
##           develop   #6200   +/-   ##
=======================================
  Coverage     4.47%   4.47%           
=======================================
  Files          385     384    -1     
  Lines        54191   54180   -11     
  Branches       598     623   +25     
=======================================
  Hits          2425    2425           
+ Misses       51766   51755   -11     

Flag	Coverage Δ
unit	4.47% <ø> (+<0.01%)	⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

see 1 file with indirect coverage changes