Skip to content

Update mermaid and dompurify #1656

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 2 commits into from
Apr 4, 2025
Merged

Update mermaid and dompurify #1656

merged 2 commits into from
Apr 4, 2025

Conversation

Steve-Mcl
Copy link
Contributor

@Steve-Mcl Steve-Mcl commented Apr 2, 2025
edited
Loading

Description

An issue with dompurify in versions < 3.2.4 means we need to update mermaid to the 11.x stream

$ npm list dompurify
@flowfuse/[email protected] C:\Users\sdmcl\repos\github\node-red-dashboard
├── [email protected]
└─┬ [email protected]
  └── [email protected]

Currently, our dep version of mermaid is on the 10.x stream and latest 10.x version on npm specifies "dompurify": "^3.0.5 <3.1.7"
Since the affected versions of dompurify are < 3.2.4 and the mermaid v10.x dep version of dompurify is oddly specific, I suggest we bite the bullet on mermaid & update it to 11.x stream

NOTE:

The largest build artifact after bumping mermaid 10.x > 11.x breached the existing maximumFileSizeToCacheInBytes limit of 3000000 causing an excception during build...

BEFORE:

../dist/assets/index-u2-eCxOI.js 2,894.88 kB │ gzip: 874.95 kB

AFTER:

../dist/assets/index-DjK0W9yJ.js 3,253.47 kB │ gzip: 948.45 kB
(This is likely due to new mermaid and updated dompurify)

Related Issue(s)

https://github.com/FlowFuse/node-red-dashboard/security/dependabot/52

Checklist

  • I have read the contribution guidelines
  • Suitable unit/system level tests have been added and they pass
  • Documentation has been updated
    • Upgrade instructions
    • Configuration details
    • Concepts
  • Changes flowforge.yml?
    • Issue/PR raised on FlowFuse/helm to update ConfigMap Template
    • Issue/PR raised on FlowFuse/CloudProject to update values for Staging/Production

Labels

  • Includes a DB migration? -> add the area:migration label

@Steve-Mcl
Copy link
Contributor Author

Tested locally:
image

[{"id":"d07893f2f3ca4906","type":"ui-markdown","z":"92c798dd07ceda90","group":"ddbaf975d02f5724","name":"graph","order":1,"width":0,"height":0,"content":"# mermaid\n\n```mermaid\ngraph TD;\n    A-->B;\n    A-->C;\n    B-->D;\n    C-->D;\n```","className":"","x":1070,"y":200,"wires":[[]]},{"id":"86b57bfaacdde90d","type":"ui-markdown","z":"92c798dd07ceda90","group":"4aa123d2e61eb060","name":"flow ch","order":1,"width":0,"height":0,"content":"\n```mermaid\nflowchart TD\n    A[Christmas] -->|Get money| B(Go shopping)\n    B --> C{Let me think}\n    C -->|One| D[Laptop]\n    C -->|Two| E[iPhone]\n    C -->|Three| F[fa:fa-car Car]\n```\n","className":"","x":1080,"y":260,"wires":[[]]},{"id":"5c2f2434a333f51e","type":"ui-markdown","z":"92c798dd07ceda90","group":"eeaafce5c413c5ab","name":"pets","order":1,"width":0,"height":0,"content":"\n\n```mermaid\npie title Pets adopted by volunteers\n    \"Dogs\" : 386\n    \"Cats\" : 85\n    \"Rats\" : 15\n```\n","className":"","x":1070,"y":320,"wires":[[]]},{"id":"ee99f5098548d5ad","type":"ui-markdown","z":"92c798dd07ceda90","group":"3a6dcfd299172e83","name":"gitGraph","order":1,"width":0,"height":0,"content":"\n\n```mermaid\ngitGraph\n    commit\n    commit\n    branch develop\n    checkout develop\n    commit\n    commit\n    checkout main\n    merge develop\n    commit\n    commit\n```\n","className":"","x":1080,"y":440,"wires":[[]]},{"id":"715673971ced47b2","type":"ui-markdown","z":"92c798dd07ceda90","group":"73093fffe1598fd3","name":"packet","order":1,"width":0,"height":0,"content":"\n```mermaid\n---\ntitle: \"TCP Packet\"\n---\npacket-beta\n  0-15: \"Source Port\"\n  16-31: \"Destination Port\"\n  32-63: \"Sequence Number\"\n  64-95: \"Acknowledgment Number\"\n  96-99: \"Data Offset\"\n  100-105: \"Reserved\"\n  106: \"URG\"\n  107: \"ACK\"\n  108: \"PSH\"\n  109: \"RST\"\n  110: \"SYN\"\n  111: \"FIN\"\n  112-127: \"Window\"\n  128-143: \"Checksum\"\n  144-159: \"Urgent Pointer\"\n  160-191: \"(Options and Padding)\"\n  192-255: \"Data (variable length)\"\n\n```","className":"","x":1070,"y":380,"wires":[[]]},{"id":"ddbaf975d02f5724","type":"ui-group","name":"Markdown Rendering","page":"5fe79c5f0d5f729c","width":"6","height":"1","order":5,"showTitle":false,"className":"","visible":"true","disabled":"false"},{"id":"4aa123d2e61eb060","type":"ui-group","name":"mm2","page":"5fe79c5f0d5f729c","width":6,"height":1,"order":4,"showTitle":true,"className":"","visible":"true","disabled":"false","groupType":"default"},{"id":"eeaafce5c413c5ab","type":"ui-group","name":"mm3","page":"5fe79c5f0d5f729c","width":6,"height":1,"order":3,"showTitle":true,"className":"","visible":"true","disabled":"false","groupType":"default"},{"id":"3a6dcfd299172e83","type":"ui-group","name":"mm5","page":"5fe79c5f0d5f729c","width":6,"height":1,"order":1,"showTitle":true,"className":"","visible":"true","disabled":"false","groupType":"default"},{"id":"73093fffe1598fd3","type":"ui-group","name":"mm4","page":"5fe79c5f0d5f729c","width":6,"height":1,"order":2,"showTitle":true,"className":"","visible":"true","disabled":"false","groupType":"default"},{"id":"5fe79c5f0d5f729c","type":"ui-page","name":"Markdown","ui":"243c6cd627bbbd46","path":"/markdown-viewer","icon":"language-markdown-outline","layout":"grid","theme":"9d8bfd7e0d216779","breakpoints":[{"name":"Default","px":"0","cols":"3"},{"name":"Tablet","px":"576","cols":"6"},{"name":"Small Desktop","px":"768","cols":"9"},{"name":"Desktop","px":"1024","cols":"12"}],"order":3,"className":"","visible":true,"disabled":false},{"id":"243c6cd627bbbd46","type":"ui-base","name":"node-red test dash","path":"/dashboard","appIcon":"https://cdn.quasar.dev/logo-v2/favicon/favicon.ico","includeClientData":true,"acceptsClientConfig":["ui-notification","ui-control"],"showPathInSidebar":true,"headerContent":"page","navigationStyle":"default","titleBarStyle":"default","showReconnectNotification":true,"notificationDisplayTime":1,"showDisconnectNotification":true},{"id":"9d8bfd7e0d216779","type":"ui-theme","name":"Default Theme","colors":{"surface":"#ffffff","primary":"#15617e","bgPage":"#eeeeee","groupBg":"#ffffff","groupOutline":"#cccccc"},"sizes":{"pagePadding":"12px","groupGap":"12px","groupBorderRadius":"4px","widgetGap":"12px"}}]

@Steve-Mcl Steve-Mcl requested a review from joepavitt April 3, 2025 08:00
@joepavitt
Copy link
Collaborator

Tested locally, including running the E2E tests which are failing in GH atm.

@joepavitt joepavitt merged commit b84aeb3 into main Apr 4, 2025
1 of 2 checks passed
@joepavitt joepavitt deleted the update-mermaid branch April 4, 2025 14:05
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@joepavitt joepavitt joepavitt approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@Steve-Mcl @joepavitt