rparini / cxroots-app / 12837828403
75%

DEFAULT BRANCH: master
Ran
Jobs 1
Files 4
Run time 1min
Badge
Embed ▾
README BADGES
x

If you need to use a raster PNG badge, change the '.svg' to '.png' in the link

Markdown

Textile

RDoc

HTML

Rst
coverage: 58.889%. Remained the same
12837828403

push

github

web-flow 
Update dependency katex to v0.16.21 [SECURITY] (#355)

This PR contains the following updates:

| Package | Change | Age | Adoption | Passing | Confidence |
|---|---|---|---|---|---|
| [katex](https://katex.org)
([source](https://redirect.github.com/KaTeX/KaTeX)) | [`0.16.19` ->
`0.16.21`](https://renovatebot.com/diffs/npm/katex/0.16.19/0.16.21) |
[![age](https://developer.mend.io/api/mc/badges/age/npm/katex/0.16.21?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/katex/0.16.21?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/katex/0.16.19/0.16.21?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/katex/0.16.19/0.16.21?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|

### GitHub Vulnerability Alerts

####
[CVE-2025-23207](https://redirect.github.com/KaTeX/KaTeX/security/advisories/GHSA-cg87-wmx4-v546)

### Impact
KaTeX users who render untrusted mathematical expressions with
`renderToString` could encounter malicious input using `\htmlData` that
runs arbitrary JavaScript, or generate invalid HTML.

### Patches
Upgrade to KaTeX v0.16.21 to remove this vulnerability.

### Workarounds
- Avoid use of or turn off the `trust` option, or set it to forbid
`\htmlData` commands.
- Forbid inputs containing the substring `"\\htmlData"`.
- Sanitize HTML output from KaTeX.

### Details
`\htmlData` did not validate its attribute name argument, allowing it to
generate invalid or malicious HTML that runs scripts.

### For more information
If you have any questions or comments about this advisory:

- Open an issue or security advisory in the [KaTeX
repository](https://redirect.github.com/KaTeX/KaTeX/)
- Email us at [katex-security@mit.edu](mailto:katex-security@mit.edu)

---

### Release Notes

<details>
<summary>KaTe... (continued)

16 of 23 branches covered (69.57%)

Branch coverage included in aggregate %.

37 of 67 relevant lines covered (55.22%)

0.88 hits per line

Jobs
ID Job ID Ran Files Coverage
1 12837828403.1 4
58.89
 GitHub Action Run
Source Files on build 12837828403