chore(deps): bump mermaid from 11.9.0 to 11.10.0 in /docs

[dependabot]

Bumps mermaid from 11.9.0 to 11.10.0.

Release notes

Sourced from mermaid's releases.

mermaid@11.10.0

Minor Changes

• #6744 daf8d8d Thanks @​SpecularAura! - feat: Added support for per link curve styling in flowchart diagram using edge ids

Patch Changes

• #6857 b9ef683 Thanks @​knsv! - feat: Exposing elk configuration forceNodeModelOrder and considerModelOrder to the mermaid configuration

• #6653 2c0931d Thanks @​darshanr0107! - chore: Remove the "-beta" suffix from the XYChart, Block, Sankey diagrams to reflect their stable status

• #6683 33e08da Thanks @​darshanr0107! - fix: Position the edge label in state diagram correctly relative to the edge

• #6693 814b68b Thanks @​darshanr0107! - fix: Apply correct dateFormat in Gantt chart to show only day when specified

• #6734 fce7cab Thanks @​darshanr0107! - fix: handle exclude dates properly in Gantt charts when using dateFormat: 'YYYY-MM-DD HH:mm:ss'

• #6733 fc07f0d Thanks @​omkarht! - fix: fixed connection gaps in flowchart for roundedRect, stadium and diamond shape

• #6876 12e01bd Thanks @​sidharthv96! - fix: sanitize icon labels and icon SVGs

  Resolves CVE-2025-54880 reported by @​fourcube

• #6801 01aaef3 Thanks @​sidharthv96! - fix: Update casing of ID in requirement diagram

• #6796 c36cd05 Thanks @​HashanCP! - fix: Make flowchart elk detector regex match less greedy

• #6702 8bb29fc Thanks @​qraqras! - fix(block): overflowing blocks no longer affect later lines

  This may change the layout of block diagrams that have overflowing lines (i.e. block diagrams that use up more columns that the columns specifier).

• #6717 71b04f9 Thanks @​darshanr0107! - fix: log warning for blocks exceeding column width

  This update adds a validation check that logs a warning message when a block's width exceeds the defined column layout.

• #6820 c99bce6 Thanks @​kriss-u! - fix: Add escaped class literal name on namespace

• #6332 6cc1926 Thanks @​ajuckel! - fix: Allow equals sign in sequenceDiagram labels

• #6651 9da6fb3 Thanks @​darshanr0107! - Add validation for negative values in pie charts:

  Prevents crashes during parsing by validating values post-parsing.

  Provides clearer, user-friendly error messages for invalid negative inputs.

• #6803 e48b0ba Thanks @​omkarht! - chore: migrate to class-based ArchitectureDB implementation

• #6838 4d62d59 Thanks @​saurabhg772244! - fix: node border style for handdrawn shapes

... (truncated)

Commits

• 96778f7 Merge pull request #6880 from mermaid-js/changeset-release/master
• d4c058b Version Packages
• b638a0a temp: Remove peerDeps from examples
• fd9aa36 chore: Update peerDependencies for examples
• 46a9f1b temp: Disable cspell check as it's blocking release
• 83c6224 Merge pull request #6878 from mermaid-js/develop
• d8161b1 fix: move fourcube to contributor
• 8223141 chore: add fourcube to cspell
• 99f98a6 Merge pull request #6877 from mermaid-js/update-timings
• ef28f54 chore: update E2E timings
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  You can disable automated security fix PRs for this repo from the Security Alerts page.

Summary by CodeRabbit

• Documentation
  • Updated documentation tooling by bumping Mermaid to v11.10.0, enabling the latest diagram features and fixes.
• Chores
  • Performed dependency maintenance in the docs package. No changes to app functionality or public APIs.

[coderabbitai]

Walkthrough

Bumps the Mermaid dependency version in docs/package.json from ^11.9.0 to ^11.10.0. No other files or dependencies changed. No public/exported declarations affected.

Changes

Cohort / File(s)	Summary
Docs dependency bump docs/package.json	Update Mermaid dependency from ^11.9.0 to ^11.10.0.

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~2 minutes

Possibly related PRs

• chore(deps): bump deps in docs #5843 — Also updates docs/package.json to bump Mermaid (to ^11.9.0); this PR advances it further to ^11.10.0.

Suggested reviewers

• akaladarshi
• hanabi1224
• LesnyRumcajs

✨ Finishing Touches

🧪 Generate unit tests

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch dependabot/npm_and_yarn/docs/mermaid-11.10.0

---

🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  • I pushed a fix in commit <commit_id>, please review it.
  • Open a follow-up GitHub issue for this discussion.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.

Support

Need help? Create a ticket on our support page for assistance with any issues or questions.

CodeRabbit Commands (Invoked using PR/Issue comments)

Type @coderabbitai help to get the list of available commands.

Other keywords and placeholders

• Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
• Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
• Add @coderabbitai anywhere in the PR title to generate the title automatically.

CodeRabbit Configuration File (.coderabbit.yaml)

• You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
• Please see the configuration documentation for more information.
• If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Status, Documentation and Community

• Visit our Status Page to check the current availability of CodeRabbit.
• Visit our Documentation for detailed information on how to use CodeRabbit.
• Join our Discord Community to get help, request features, and share feedback.
• Follow us on X/Twitter for updates and announcements.

[coderabbitai]

Actionable comments posted: 0

🧹 Nitpick comments (2)

docs/package.json (2)

26-26: Consolidate Mermaid integrations
A quick scan confirms you’re loading both the mdx-mermaid MDX plugin and the built-in @docusaurus/theme-mermaid theme in your docs site. If you don’t rely on any mdx-mermaid–specific features, you can simplify your setup and reduce bundle size by removing mdx-mermaid.

Locations to update:

• docs/package.json
  • Remove the "mdx-mermaid": "^2.0.3" dependency
• docs/docusaurus.config.js
  • Delete the const mermaidPlugin = require("mdx-mermaid"); line
  • Remove the ["mdx-mermaid", …] entry from the mdx.plugins array

After that, you can rely solely on:

"@docusaurus/theme-mermaid": "^3.8.1",
"mermaid": "^11.10.0"

and drop mdx-mermaid from your build.

---

50-52: DOMPurify resolution correctly satisfies Mermaid 11.10.0 but still pins to 3.2.6
As verified in docs/yarn.lock, Mermaid 11.10.0 depends on dompurify@^3.2.5, which under our "resolutions": { "dompurify": "3.2.6" } is resolved to 3.2.6—so you’re not reverting any of Mermaid’s sanitization fixes. However, this resolution will block any later patch releases of DOMPurify beyond 3.2.6.

• If DOMPurify ≥3.2.7 or newer include further security/bug fixes, consider bumping the resolution to the latest version.
• Or remove the resolution entirely to allow automatic patch‐level updates per the semver range.

Let me know if you’d like a follow-up PR to bump or remove this pin.

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

💡 Knowledge Base configuration:

• MCP integration is disabled by default for public repositories
• Jira integration is disabled by default for public repositories
• Linear integration is disabled by default for public repositories

You can enable these sources in your CodeRabbit configuration.

📥 Commits

Reviewing files that changed from the base of the PR and between 0c296cd and d098992.

⛔ Files ignored due to path filters (1)

• docs/yarn.lock is excluded by !**/yarn.lock, !**/*.lock

📒 Files selected for processing (1)

• docs/package.json (1 hunks)

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (2)

• GitHub Check: Check
• GitHub Check: Deploy to Cloudflare Pages

🔇 Additional comments (2)

docs/package.json (2)

26-26: LGTM: Safe minor bump to mermaid 11.10.0 (security + fixes).

Minor version update with upstream fixes (including sanitization/CVE patch) looks good for docs. No breaking changes expected for typical Docusaurus usage.

---

26-26: ✅ No direct CommonJS mermaid imports detected
I scanned the JS/TS files and found no require('mermaid') calls or manual mermaid.* usages. The only Mermaid integrations are in docs/docusaurus.config.js via:

• require("mdx-mermaid") remark plugin
• the built-in @docusaurus/theme-mermaid plugin

Both handle the ESM-only v11 API under the hood, so there’s no runtime breakage.