fix(types): improve `strict` function type #4009

Mister-Hope · 2024-12-20T17:52:31Z

No description provided.

types/katex.d.ts

edemaine

Looks like a good start! Here are some suggested changes.

types/katex.d.ts

Mister-Hope · 2024-12-29T08:03:28Z

All done

edemaine

Thanks!

## [0.16.19](v0.16.18...v0.16.19) (2024-12-29) ### Bug Fixes * **types:** improve `strict` function type ([#4009](#4009)) ([4228b4e](4228b4e))

KaTeX-bot · 2024-12-29T14:52:30Z

🎉 This PR is included in version 0.16.19 🎉

The release is available on:

Your semantic-release bot 📦🚀

This PR contains the following updates: | Package | Type | Update | Change | |---|---|---|---| | [katex](https://katex.org) ([source](https://github.com/KaTeX/KaTeX)) | dependencies | patch | [`0.16.18` -> `0.16.20`](https://renovatebot.com/diffs/npm/katex/0.16.18/0.16.20) | --- ### Release Notes <details> <summary>KaTeX/KaTeX (katex)</summary> ### [`v0.16.20`](https://github.com/KaTeX/KaTeX/blob/HEAD/CHANGELOG.md#01620-2025-01-12) [Compare Source](KaTeX/KaTeX@v0.16.19...v0.16.20) ##### Bug Fixes - \providecommand does not overwrite existing macro ([#4000](KaTeX/KaTeX#4000)) ([6d30fe4](KaTeX/KaTeX@6d30fe4)), closes [#3928](KaTeX/KaTeX#3928) ### [`v0.16.19`](https://github.com/KaTeX/KaTeX/blob/HEAD/CHANGELOG.md#01619-2024-12-29) [Compare Source](KaTeX/KaTeX@v0.16.18...v0.16.19) ##### Bug Fixes - **types:** improve `strict` function type ([#4009](KaTeX/KaTeX#4009)) ([4228b4e](KaTeX/KaTeX@4228b4e)) </details> --- ### Configuration 📅 **Schedule**: Branch creation - "* 0-3 * * *" (UTC), Automerge - "* 0-3 * * *" (UTC). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] If you want to rebase/retry this PR, check this box --- This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate).  Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/6548 Reviewed-by: Michael Kriese <[email protected]> Co-authored-by: Renovate Bot <[email protected]> Co-committed-by: Renovate Bot <[email protected]>

This PR contains the following updates: | Package | Type | Update | Change | |---|---|---|---| | [katex](https://katex.org) ([source](https://github.com/KaTeX/KaTeX)) | dependencies | patch | [`0.16.18` -> `0.16.21`](https://renovatebot.com/diffs/npm/katex/0.16.18/0.16.21) | --- > ⚠️ **Warning** > > Some dependencies could not be looked up. Check the Dependency Dashboard for more information. --- ### KaTeX \htmlData does not validate attribute names [CVE-2025-23207](https://nvd.nist.gov/vuln/detail/CVE-2025-23207) / [GHSA-cg87-wmx4-v546](GHSA-cg87-wmx4-v546) <details> <summary>More information</summary> #### Details ##### Impact KaTeX users who render untrusted mathematical expressions with `renderToString` could encounter malicious input using `\htmlData` that runs arbitrary JavaScript, or generate invalid HTML. ##### Patches Upgrade to KaTeX v0.16.21 to remove this vulnerability. ##### Workarounds - Avoid use of or turn off the `trust` option, or set it to forbid `\htmlData` commands. - Forbid inputs containing the substring `"\\htmlData"`. - Sanitize HTML output from KaTeX. ##### Details `\htmlData` did not validate its attribute name argument, allowing it to generate invalid or malicious HTML that runs scripts. ##### For more information If you have any questions or comments about this advisory: - Open an issue or security advisory in the [KaTeX repository](https://github.com/KaTeX/KaTeX/) - Email us at [[email protected]](mailto:[email protected]) #### Severity - CVSS Score: 6.3 / 10 (Medium) - Vector String: `CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L` #### References - [https://github.com/KaTeX/KaTeX/security/advisories/GHSA-cg87-wmx4-v546](https://github.com/KaTeX/KaTeX/security/advisories/GHSA-cg87-wmx4-v546) - [https://nvd.nist.gov/vuln/detail/CVE-2025-23207](https://nvd.nist.gov/vuln/detail/CVE-2025-23207) - [https://github.com/KaTeX/KaTeX/commit/ff289955e81aab89086eef09254cbf88573d415c](https://github.com/KaTeX/KaTeX/commit/ff289955e81aab89086eef09254cbf88573d415c) - [https://github.com/KaTeX/KaTeX](https://github.com/KaTeX/KaTeX) This data is provided by [OSV](https://osv.dev/vulnerability/GHSA-cg87-wmx4-v546) and the [GitHub Advisory Database](https://github.com/github/advisory-database) ([CC-BY 4.0](https://github.com/github/advisory-database/blob/main/LICENSE.md)). </details> --- ### Release Notes <details> <summary>KaTeX/KaTeX (katex)</summary> ### [`v0.16.21`](https://github.com/KaTeX/KaTeX/blob/HEAD/CHANGELOG.md#01621-2025-01-17) [Compare Source](KaTeX/KaTeX@v0.16.20...v0.16.21) ##### Bug Fixes - escape \htmlData attribute name ([57914ad](KaTeX/KaTeX@57914ad)) ### [`v0.16.20`](https://github.com/KaTeX/KaTeX/blob/HEAD/CHANGELOG.md#01620-2025-01-12) [Compare Source](KaTeX/KaTeX@v0.16.19...v0.16.20) ##### Bug Fixes - \providecommand does not overwrite existing macro ([#4000](KaTeX/KaTeX#4000)) ([6d30fe4](KaTeX/KaTeX@6d30fe4)), closes [#3928](KaTeX/KaTeX#3928) ### [`v0.16.19`](https://github.com/KaTeX/KaTeX/blob/HEAD/CHANGELOG.md#01619-2024-12-29) [Compare Source](KaTeX/KaTeX@v0.16.18...v0.16.19) ##### Bug Fixes - **types:** improve `strict` function type ([#4009](KaTeX/KaTeX#4009)) ([4228b4e](KaTeX/KaTeX@4228b4e)) </details> --- ### Configuration 📅 **Schedule**: Branch creation - "" (UTC), Automerge - "* 0-3 * * *" (UTC). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] If you want to rebase/retry this PR, check this box --- This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate).  Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/6694 Reviewed-by: Gusted <[email protected]> Co-authored-by: Renovate Bot <[email protected]> Co-committed-by: Renovate Bot <[email protected]>

This PR contains the following updates: | Package | Type | Update | Change | |---|---|---|---| | [katex](https://katex.org) ([source](https://github.com/KaTeX/KaTeX)) | dependencies | patch | [`0.16.10` -> `0.16.21`](https://renovatebot.com/diffs/npm/katex/0.16.10/0.16.21) | --- ### KaTeX \htmlData does not validate attribute names [CVE-2025-23207](https://nvd.nist.gov/vuln/detail/CVE-2025-23207) / [GHSA-cg87-wmx4-v546](GHSA-cg87-wmx4-v546) <details> <summary>More information</summary> #### Details ##### Impact KaTeX users who render untrusted mathematical expressions with `renderToString` could encounter malicious input using `\htmlData` that runs arbitrary JavaScript, or generate invalid HTML. ##### Patches Upgrade to KaTeX v0.16.21 to remove this vulnerability. ##### Workarounds - Avoid use of or turn off the `trust` option, or set it to forbid `\htmlData` commands. - Forbid inputs containing the substring `"\\htmlData"`. - Sanitize HTML output from KaTeX. ##### Details `\htmlData` did not validate its attribute name argument, allowing it to generate invalid or malicious HTML that runs scripts. ##### For more information If you have any questions or comments about this advisory: - Open an issue or security advisory in the [KaTeX repository](https://github.com/KaTeX/KaTeX/) - Email us at [[email protected]](mailto:[email protected]) #### Severity - CVSS Score: 6.3 / 10 (Medium) - Vector String: `CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L` #### References - [https://github.com/KaTeX/KaTeX/security/advisories/GHSA-cg87-wmx4-v546](https://github.com/KaTeX/KaTeX/security/advisories/GHSA-cg87-wmx4-v546) - [https://nvd.nist.gov/vuln/detail/CVE-2025-23207](https://nvd.nist.gov/vuln/detail/CVE-2025-23207) - [https://github.com/KaTeX/KaTeX/commit/ff289955e81aab89086eef09254cbf88573d415c](https://github.com/KaTeX/KaTeX/commit/ff289955e81aab89086eef09254cbf88573d415c) - [https://github.com/KaTeX/KaTeX](https://github.com/KaTeX/KaTeX) This data is provided by [OSV](https://osv.dev/vulnerability/GHSA-cg87-wmx4-v546) and the [GitHub Advisory Database](https://github.com/github/advisory-database) ([CC-BY 4.0](https://github.com/github/advisory-database/blob/main/LICENSE.md)). </details> --- ### Release Notes <details> <summary>KaTeX/KaTeX (katex)</summary> ### [`v0.16.21`](https://github.com/KaTeX/KaTeX/blob/HEAD/CHANGELOG.md#01621-2025-01-17) [Compare Source](KaTeX/KaTeX@v0.16.20...v0.16.21) ##### Bug Fixes - escape \htmlData attribute name ([57914ad](KaTeX/KaTeX@57914ad)) ### [`v0.16.20`](https://github.com/KaTeX/KaTeX/blob/HEAD/CHANGELOG.md#01620-2025-01-12) [Compare Source](KaTeX/KaTeX@v0.16.19...v0.16.20) ##### Bug Fixes - \providecommand does not overwrite existing macro ([#4000](KaTeX/KaTeX#4000)) ([6d30fe4](KaTeX/KaTeX@6d30fe4)), closes [#3928](KaTeX/KaTeX#3928) ### [`v0.16.19`](https://github.com/KaTeX/KaTeX/blob/HEAD/CHANGELOG.md#01619-2024-12-29) [Compare Source](KaTeX/KaTeX@v0.16.18...v0.16.19) ##### Bug Fixes - **types:** improve `strict` function type ([#4009](KaTeX/KaTeX#4009)) ([4228b4e](KaTeX/KaTeX@4228b4e)) ### [`v0.16.18`](https://github.com/KaTeX/KaTeX/blob/HEAD/CHANGELOG.md#01618-2024-12-18) [Compare Source](KaTeX/KaTeX@v0.16.17...v0.16.18) ##### Bug Fixes - Actually publish TypeScript type definitions ([#4008](KaTeX/KaTeX#4008)) ([629b873](KaTeX/KaTeX@629b873)) ### [`v0.16.17`](https://github.com/KaTeX/KaTeX/blob/HEAD/CHANGELOG.md#01617-2024-12-17) [Compare Source](KaTeX/KaTeX@v0.16.16...v0.16.17) ##### Bug Fixes - MathML combines multidigit numbers with sup/subscript, comma separators, and multicharacter text when outputting to DOM ([#3999](KaTeX/KaTeX#3999)) ([7d79e22](KaTeX/KaTeX@7d79e22)), closes [#3995](KaTeX/KaTeX#3995) ### [`v0.16.16`](https://github.com/KaTeX/KaTeX/blob/HEAD/CHANGELOG.md#01616-2024-12-17) [Compare Source](KaTeX/KaTeX@v0.16.15...v0.16.16) ##### Features - ESM exports, TypeScript types ([#3992](KaTeX/KaTeX#3992)) ([ea9c173](KaTeX/KaTeX@ea9c173)) ### [`v0.16.15`](https://github.com/KaTeX/KaTeX/blob/HEAD/CHANGELOG.md#01615-2024-12-09) [Compare Source](KaTeX/KaTeX@v0.16.14...v0.16.15) ##### Features - italic sans-serif in math mode via `\mathsfit` command ([#3998](KaTeX/KaTeX#3998)) ([2218901](KaTeX/KaTeX@2218901)) ### [`v0.16.14`](https://github.com/KaTeX/KaTeX/blob/HEAD/CHANGELOG.md#01614-2024-12-08) [Compare Source](KaTeX/KaTeX@v0.16.13...v0.16.14) ##### Features - \dddot and \ddddot support ([#3834](KaTeX/KaTeX#3834)) ([bda35cd](KaTeX/KaTeX@bda35cd)), closes [#2744](KaTeX/KaTeX#2744) ### [`v0.16.13`](https://github.com/KaTeX/KaTeX/blob/HEAD/CHANGELOG.md#01613-2024-12-08) [Compare Source](KaTeX/KaTeX@v0.16.12...v0.16.13) ##### Bug Fixes - `\vdots` and `\rule` support in text mode ([#3997](KaTeX/KaTeX#3997)) ([0e08352](KaTeX/KaTeX@0e08352)), closes [#3990](KaTeX/KaTeX#3990) ### [`v0.16.12`](https://github.com/KaTeX/KaTeX/blob/HEAD/CHANGELOG.md#01612-2024-12-08) [Compare Source](KaTeX/KaTeX@v0.16.11...v0.16.12) ##### Features - **css:** configurable margin for display math ([#3638](KaTeX/KaTeX#3638)) ([3405001](KaTeX/KaTeX@3405001)) ### [`v0.16.11`](https://github.com/KaTeX/KaTeX/blob/HEAD/CHANGELOG.md#01611-2024-07-02) [Compare Source](KaTeX/KaTeX@v0.16.10...v0.16.11) ##### Features - add \emph ([#3963](KaTeX/KaTeX#3963)) ([9f34da4](KaTeX/KaTeX@9f34da4)), closes [#3566](KaTeX/KaTeX#3566) </details> --- ### Configuration 📅 **Schedule**: Branch creation - "" (UTC), Automerge - "* 0-3 * * *" (UTC). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] If you want to rebase/retry this PR, check this box --- This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate).  Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/6693 Reviewed-by: Gusted <[email protected]> Co-authored-by: Renovate Bot <[email protected]> Co-committed-by: Renovate Bot <[email protected]>

feat: improve logger type

846abd9

Mister-Hope mentioned this pull request Dec 20, 2024

feat: ESM exports, TypeScript types #3992

Merged

Mister-Hope commented Dec 20, 2024

View reviewed changes

types/katex.d.ts Outdated Show resolved Hide resolved

Mister-Hope commented Dec 20, 2024

View reviewed changes

types/katex.d.ts Outdated Show resolved Hide resolved

edemaine requested changes Dec 22, 2024

View reviewed changes

Update katex.d.ts

7b9b4c6

Mister-Hope requested a review from edemaine December 29, 2024 08:03

edemaine changed the title ~~feat: improve logger type~~ fix(types): improve strict function type Dec 29, 2024

edemaine approved these changes Dec 29, 2024

View reviewed changes

edemaine merged commit 4228b4e into KaTeX:main Dec 29, 2024
8 checks passed

KaTeX-bot added a commit that referenced this pull request Dec 29, 2024

chore(release): 0.16.19 [ci skip]

88b5056

## [0.16.19](v0.16.18...v0.16.19) (2024-12-29) ### Bug Fixes * **types:** improve `strict` function type ([#4009](#4009)) ([4228b4e](4228b4e))

KaTeX-bot added the released label Dec 29, 2024

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

fix(types): improve `strict` function type #4009

fix(types): improve `strict` function type #4009

Mister-Hope commented Dec 20, 2024

edemaine left a comment

Mister-Hope commented Dec 29, 2024

edemaine left a comment

KaTeX-bot commented Dec 29, 2024

fix(types): improve strict function type #4009

fix(types): improve strict function type #4009

Conversation

Mister-Hope commented Dec 20, 2024

edemaine left a comment

Choose a reason for hiding this comment

Mister-Hope commented Dec 29, 2024

edemaine left a comment

Choose a reason for hiding this comment

KaTeX-bot commented Dec 29, 2024

fix(types): improve `strict` function type #4009

fix(types): improve `strict` function type #4009