From 7dfeae3c149054b4b5f7d98cbeb49c606543b37d Mon Sep 17 00:00:00 2001
From: Alois Klink <alois@aloisklink.com>
Date: Tue, 1 Oct 2024 23:55:36 +0900
Subject: [PATCH] fix: ban version v3.1.7 of DOMPurify

[DOMPurify v3.1.7][1] forbids the use of `<foreignElement>` for HTML
inside of an `<svg>` element, which breaks many mermaid diagrams.

It is likely that v3.1.8 will add a new option that will allow us to
re-enable this behaviour, but v3.1.7 definitely does not work.

[1]: https://github.com/cure53/DOMPurify/releases/tag/3.1.7

See: https://github.com/cure53/DOMPurify/issues/1002
Fix: https://github.com/mermaid-js/mermaid/issues/5904
---
 packages/mermaid/package.json | 2 +-
 pnpm-lock.yaml                | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/packages/mermaid/package.json b/packages/mermaid/package.json
index 2469af2ff87..9c0756b81fd 100644
--- a/packages/mermaid/package.json
+++ b/packages/mermaid/package.json
@@ -77,7 +77,7 @@
     "d3-sankey": "^0.12.3",
     "dagre-d3-es": "7.0.10",
     "dayjs": "^1.11.10",
-    "dompurify": "^3.0.11",
+    "dompurify": "^3.0.11 <3.1.7",
     "katex": "^0.16.9",
     "khroma": "^2.1.0",
     "lodash-es": "^4.17.21",
diff --git a/pnpm-lock.yaml b/pnpm-lock.yaml
index b23b384b61a..b80fb5d8d91 100644
--- a/pnpm-lock.yaml
+++ b/pnpm-lock.yaml
@@ -237,7 +237,7 @@ importers:
         specifier: ^1.11.10
         version: 1.11.13
       dompurify:
-        specifier: ^3.0.11
+        specifier: ^3.0.11 <3.1.7
         version: 3.1.6
       katex:
         specifier: ^0.16.9