Skip to content

build(deps): bump mermaid from 11.15.0 to 11.16.0#890

Open
dependabot[bot] wants to merge 1 commit into
Currentfrom
dependabot/npm_and_yarn/mermaid-11.16.0
Open

build(deps): bump mermaid from 11.15.0 to 11.16.0#890
dependabot[bot] wants to merge 1 commit into
Currentfrom
dependabot/npm_and_yarn/mermaid-11.16.0

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jul 3, 2026

Copy link
Copy Markdown
Contributor

Bumps mermaid from 11.15.0 to 11.16.0.

Release notes

Sourced from mermaid's releases.

mermaid@11.16.0

Minor Changes

  • #7535 ea1c48f Thanks @​ragelink! - feat(cynefin): Adds the Cynefin framework as a new diagram type (beta) to Mermaid (available as cynefin-beta). The Cynefin framework, created by Dave Snowden, is a decision-making framework that categorizes problems into five complexity domains, widely used in agile, incident management, strategy, and organizational design.

  • #7721 f45cc2c Thanks @​notionparallax! - feat(treeView): add box-drawing character input support for treeView diagrams

  • #7550 f1f4d45 Thanks @​DominicBurkart! - feat(xychart): add per-point text labels for xychart line plots

  • #7527 b4d0442 Thanks @​notionparallax! - feat(treeView): Extends the existing treeView-beta diagram with features useful for representing file/directory structures.

  • #7793 a6f097d Thanks @​SSDWGG! - feat(er): support optional ER attribute types with a ? suffix

  • #7772 37f2e36 Thanks @​devareddy05! - feat(gantt): support multiple excludes / includes lines so long exclusion lists can be split into commented groups (#6270)

  • #7708 4e63e9d Thanks @​txmxthy! - feat(architecture): add align row|column {ids…} directive to architecture-beta diagrams so authors can declare horizontal or vertical alignment of services explicitly.

  • #7760 05223be Thanks @​ngdaniels! - feat(pie): Enhance Pie Chart - Enable donut chart, Set legend position, and highlight slice

  • #7251 216e4e9 Thanks @​ydah! - feat(railroad): Add support for Railroad Diagrams (Syntax Diagrams) with four input syntaxes: IR (railroad-beta), EBNF (railroad-ebnf-beta), ABNF (railroad-abnf-beta), and PEG (railroad-peg-beta).

  • #7774 e5c75e6 Thanks @​ngdaniels! - feat(xychart): enable rotate label on X-axis

  • #7791 974fa7b Thanks @​knsv-bot! - feat(swimlane): add swimlane as a standalone diagram type with a dedicated layered orthogonal layout algorithm

Patch Changes

... (truncated)

Commits
  • 7c0cafc Version Packages: v11.16.0 (#7916)
  • 26acd1a Merge pull request #7915 from mermaid-js/release/11.16.0
  • 5a8eae7 Merge branch 'master' into release/11.16.0
  • dd5ea77 Merge pull request #7913 from mermaid-js/pebr/fix-changesets
  • 658ee66 docs: fix missing bumps of @mermaid-js/parser
  • 04259a1 docs: fix author and commit on examples changeset
  • c9dcfb1 docs: update changeset diagram scopes
  • a34dab9 docs: remove swimlane/cynefin bugfix changesets
  • e81f31f docs: remove local-editor changeset
  • 7223f03 Minor correction
  • Additional commits viewable in compare view

@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code labels Jul 3, 2026
Bumps [mermaid](https://github.com/mermaid-js/mermaid) from 11.15.0 to 11.16.0.
- [Release notes](https://github.com/mermaid-js/mermaid/releases)
- [Commits](https://github.com/mermaid-js/mermaid/compare/mermaid@11.15.0...mermaid@11.16.0)

---
updated-dependencies:
- dependency-name: mermaid
  dependency-version: 11.16.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot force-pushed the dependabot/npm_and_yarn/mermaid-11.16.0 branch from a1be4fc to b357df0 Compare July 3, 2026 23:59
@socket-security

Copy link
Copy Markdown

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff Package Supply Chain
Security
Vulnerability Quality Maintenance License
Updatednpm/​mermaid@​11.15.0 ⏵ 11.16.088 +14100100 +195100

View full report

@socket-security

Copy link
Copy Markdown

Warning

Review the following alerts detected in dependencies.

According to your organization's Security Policy, it is recommended to resolve "Warn" alerts. Learn more about Socket for GitHub.

Action Severity Alert  (click "▶" to expand/collapse)
Warn High
Obfuscated code: npm mermaid is 90.0% likely obfuscated

Confidence: 0.90

Location: Package overview

From: package.jsonnpm/mermaid@11.16.0

ℹ Read more on: This package | This alert | What is obfuscated code?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/mermaid@11.16.0. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

Warn High
Obfuscated code: npm robust-predicates is 90.0% likely obfuscated

Confidence: 0.90

Location: Package overview

From: ?npm/mermaid@11.16.0npm/robust-predicates@3.0.3

ℹ Read more on: This package | This alert | What is obfuscated code?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/robust-predicates@3.0.3. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

View full report

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants