Skip to content

[Snyk] Upgrade katex from 0.16.28 to 0.17.0#372

Merged
cscheid merged 3 commits into
mainfrom
snyk-upgrade-145b733a975d295d58c852dd038219d0
Jul 3, 2026
Merged

[Snyk] Upgrade katex from 0.16.28 to 0.17.0#372
cscheid merged 3 commits into
mainfrom
snyk-upgrade-145b733a975d295d58c852dd038219d0

Conversation

@posit-snyk-bot

Copy link
Copy Markdown

snyk-top-banner

Snyk has created this PR to upgrade katex from 0.16.28 to 0.17.0.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.


  • The recommended version is 20 versions ahead of your current version.

  • The recommended version was released a month ago.

Breaking Change Risk

Merge Risk: High

Notice: This assessment is enhanced by AI.

Release notes
Package name: katex from katex GitHub release notes

Important

  • Check the changes in this PR to ensure they won't cause issues with your project.
  • This PR was automatically created by Snyk using the credentials of a real user.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

Snyk has created this PR to upgrade katex from 0.16.28 to 0.17.0.

See this package in npm:
katex

See this project in Snyk:
https://app.snyk.io/org/open-source-6kz/project/7f0ffa9e-a324-4f12-b953-fb15cb258ad2?utm_source=github&utm_medium=referral&page=upgrade-pr
@posit-snyk-bot

Copy link
Copy Markdown
Author

Merge Risk: High

The upgrade to KaTeX v0.17.0 introduces several significant breaking changes that require developer action, even though it is a minor version update.

Key Breaking Changes:

  • trust Setting Required: Commands like \href, \url, and \includegraphics will no longer function by default. You must now explicitly set the trust option to true when calling katex.render to enable them. This change was made for security reasons.
  • ECMAScript Module Imports: For build tools that support conditional exports (like modern versions of webpack or Rollup), import katex from 'katex'; will now resolve to the ECMAScript module. This may affect your build configuration or import statements.
  • \relax Command Behavior: The \relax command is now implemented as a function that stops parsing. This may alter the rendering of expressions that previously relied on its old behavior (e.g., \kern2\relax em will no longer work).

Recommendation:
Before merging, you must review all calls to the KaTeX rendering API and add the trust: true option if you need to support commands like \href or \url. Additionally, verify that your project's build system correctly handles the new module export format.

Source: KaTeX CHANGELOG.

Notice 🤖: This content was augmented using artificial intelligence. AI-generated content may contain errors and should be reviewed for accuracy before use.

@posit-snyk-bot

posit-snyk-bot commented Jul 3, 2026

Copy link
Copy Markdown
Author

Snyk checks have passed. No issues have been found so far.

Status Scan Engine Critical High Medium Low Total (0)
Open Source Security 0 0 0 0 0 issues
Licenses 0 0 0 0 0 issues

💻 Catch issues earlier using the plugins for VS Code, JetBrains IDEs, Visual Studio, and Eclipse.

cscheid and others added 2 commits July 3, 2026 11:16
PR #372 bumped katex to 0.17.0 only in
hub-client/quarto-hub-sandboxed-preview, tripping the
katex_cdn_version_matches_npm_pin invariant test. Complete the coupled
bump: root package.json + lockfile and DEFAULT_KATEX_URL_BASE.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
@cscheid cscheid merged commit 351b248 into main Jul 3, 2026
8 checks passed
@cscheid cscheid deleted the snyk-upgrade-145b733a975d295d58c852dd038219d0 branch July 3, 2026 16:19
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

3 participants