Weekly GitHub Report for Mermaid

Thank you for subscribing to our weekly newsletter! Each week, we deliver a comprehensive summary of your GitHub project's latest activity right to your inbox, including an overview of your project's issues, pull requests, contributors, and commit activity.

Table of Contents

• I. News
  • 1.1. Recent Version Releases
  • 1.2. Other Noteworthy Updates
• II. Issues
  • 2.1. Top 5 Active Issues
  • 2.2. Top 5 Stale Issues
  • 2.3. Open Issues
  • 2.4. Closed Issues
  • 2.5. Issue Discussion Insights

• III. Pull Requests
  • 3.1. Open Pull Requests
  • 3.2. Closed Pull Requests
  • 3.3. Pull Request Discussion Insights

• IV. Contributors
  • 4.1. Contributors

I. News

1.1 Recent Version Releases:

The current version of this repository is @mermaid-js/parser@0.4.0

1.2 Version Information:

On March 25, 2025, a minor update was released introducing a new Radar Chart feature, enhancing the charting capabilities of the platform. This addition reflects ongoing efforts to expand visualization options.

II. Issues

2.1 Top 5 Active Issues:

We consider active issues to be issues that that have been commented on most frequently within the last week. Bot comments are omitted.

1. [TYPE: BUG / ERROR] [STATUS: TRIAGE] Security issues raised by lodash-es: This issue highlights a critical security vulnerability in the lodash-es package version 4.17.21, which is used in multiple dependencies within the mermaid-js project. The reporter suggests upgrading lodash-es to version 4.17.23 to address the CVE-2025-13465 security advisory.
   • The single comment recommends resolving the issue by updating the langium dependency in @mermaid-js/parser to version 4.2.0 or higher, implying that this update will indirectly address the lodash-es vulnerability.
   • Number of comments this week: 1

Since there were fewer than 5 open issues, all of the open issues have been listed above.

2.2 Top 5 Stale Issues:

We consider stale issues to be issues that has had no activity within the last 30 days. The team should work together to get these issues resolved and closed as soon as possible.

As of our latest update, there are no stale issues for the project this week.

2.3 Open Issues

This section lists, groups, and then summarizes issues that were created within the last week in the repository.

Issues Opened This Week: 7

Summarized Issues:

• Security Vulnerabilities: This topic covers critical security issues found in the lodash-es package version 4.17.21 used by the mermaid-js project. The recommended solution is to upgrade lodash-es to version 4.17.23 to mitigate these vulnerabilities.
• issues/7345

• Diagram Parsing and Labeling Bugs: Several issues relate to parsing errors and labeling inconsistencies in Mermaid diagrams. These include the ER diagram parser failing to recognize the “1” cardinality alias, and the GitGraph LR layout misaligning multi-line branch label backgrounds, both causing visual or functional inaccuracies.
• issues/7351, issues/7362, issues/7362

• Diagram Export and Text Rendering Issues: Problems with text rendering and export are evident in diagrams containing Korean text, where the last characters are truncated during PNG export, and flowchart boxes no longer expand vertically to fit long text, resulting in truncation. These issues affect the readability and accuracy of exported diagrams.
• issues/7354, issues/7359, issues/7359

• Diagram Layout and Styling Consistency: This topic includes requests and reports about layout and styling inconsistencies across diagram types. It covers the need to add a class named after the diagram type to every SVG element for consistency, and multiple layout and spacing problems in C4 diagrams on Firefox, such as excessive padding and overlapping elements, which degrade the visual quality.
• issues/7353, issues/7358, issues/7358

2.4 Closed Issues

This section lists, groups, and then summarizes issues that were closed within the last week in the repository. This section also links the associated pull requests if applicable.

Issues Closed This Week: 0

Summarized Issues:

As of our latest update, there were no issues closed in the project this week.

2.5 Issue Discussion Insights

This section will analyze the tone and sentiment of discussions within this project's open and closed issues that occurred within the past week. It aims to identify potentially heated exchanges and to maintain a constructive project environment.

Based on our analysis, there are no instances of toxic discussions in the project's open or closed issues from the past week.

III. Pull Requests

3.1 Open Pull Requests

This section provides a summary of pull requests that were opened in the repository over the past week. The top three pull requests with the highest number of commits are highlighted as 'key' pull requests. Other pull requests are grouped based on similar characteristics for easier analysis. Up to 25 pull requests are displayed in this section, while any remaining pull requests beyond this limit are omitted for brevity.

Pull Requests Opened This Week: 4

Key Open Pull Requests

1. feat: implement neo look for mermaid diagrams: This pull request implements the "neo look" design for Mermaid diagrams by introducing new styling and layout refinements, including optimized shape dimensions, padding calculations, and streamlined marker attributes to enhance the visual appearance and consistency of various diagram elements.

• URL: pull/7350

• Associated Commits: d547f, d887f, 975e7, 78d20, 4df0d, ba226, 95be7, c8f3f

2. feature(er)/7319: allow nullable attribute types with ?: This pull request introduces support for nullable attribute types using the '?' notation in the Entity Relationship (ER) diagrams of the Mermaid project, following the design decisions from the related issue and including necessary tests and documentation updates.

• URL: pull/7348

• Associated Commits: 6daf3, 1c8bd, 5a5f6

3. Improve the accessibility of flowcharts: This pull request introduces an initial implementation to improve the accessibility of flowcharts by representing the graph as a list of nodes with outbound and optionally inbound edges as accessible links using aria-labels, enabling screen readers to better interpret flowchart structure while acknowledging that features like cluster handling, interactive node nesting, and customizable accessible names remain to be addressed in future updates.

• URL: pull/7349

• Associated Commits: 22aae, 46bff, c8692

Other Open Pull Requests

• Dependency updates and lockfile improvements: This topic covers pull requests focused on updating the project's dependencies and enhancing the lockfile validation process. These changes aim to improve security and maintain the integrity of the project's dependency management.
• pull/7361

3.2 Closed Pull Requests

This section provides a summary of pull requests that were closed in the repository over the past week. The top three pull requests with the highest number of commits are highlighted as 'key' pull requests. Other pull requests are grouped based on similar characteristics for easier analysis. Up to 25 pull requests are displayed in this section, while any remaining pull requests beyond this limit are omitted for brevity.

Pull Requests Closed This Week: 4

Key Closed Pull Requests

1. Security Research: Workflow Testing: This pull request is a security research proof of concept aimed at testing the behavior of the pull_request_target workflow in the GitHub Actions environment.

• URL: pull/7360

• Associated Commits: 7effd, b9836, ace03, 2f8d9, 717d3, 8b305, c1c14, b4a5f, 6670a, ddd47, ff15e, f3568, 99f17, c728d, 6d065, fa15c, 69b33, 6fecb, efe38, 44e8c, 7a869, d80a6, ac411, dbcad, 32ac2, 34f40, 39d7e, 96a76, 7def6, a6276, 2bb57, 18f51, 60f63, 835de, 76e17, feed9, fcd27, 3d768, 33b49, fed8a, bba5e, b136a, 3f46c, 49103, 700aa, c7f8a, 9af98, 13baf, 35d9c, e7719, 58137, f28f3, 1e7b7, ebefb, cf0d1, 97423, 62d2c, f2d78, 57530, 38c28, 7b076, 7f516, 287a9, b76cc, 6546a, c0e16, e4cf2, 0bd74, 54580, 5f96f, 4aac6, dfd59, 74318, 61f74, 98312, 6ca92, 7eb58, 15e28, d0f9d, 09b84, 9fdc4, 29ed5, 6bc66, 8065d, 09920, 881e7, 82ea5, fb66b, d2095, f45ea, 12694, 9585e, 9ec0e, df46b, 43b7d, 85a13, 847b3, 67e81, 3a126, c02cf, e7c78, 9448a, 4cf4d, f3769, ea590, 6b9f2, a8d89, 0d1f6, f2982, d74ad, 03e85, 96f87, 283ae, b33ce, ecf9e, 608d6, 9df18, 6e869, ff3b1, 8cf0d, 8add1, bf7c5, 3c752, 96ca7, a6c2b, 04ac5, 61c18, b1fe4, e20b0, a357c, 324cf, c9b5c, db9c6, d7eb9, 23468, de547, 6025e, 45423, 88fd1, 8bfd4, bf50c, 8d1cd, 1aa4c, 0843a, 87c56, a30b3, ac5fd, 88e8a, 73b86, b115a, 61412, 6bf2b, b4b90, 7e1a1, 56564, 4313f, ffd38, 7ff9b, a3a50, 53570, 4f6f6, 39d07, bbb9c, e0317, e5d3f, 09c60, ed96d, d435a, 7b167, 93aa6, 87e2d, b7c66, 7eb14, 9aadb, 80a68, d5bc0, d1b79, ba013, e0c21, a408b, aac86, 66f0c, 095f2, 3afe8, 71dd6, 9745f, c3ac1, 445e0, 59078, 49018, b11b6, aab9c, 47d06, 79d15, 4eece, a2deb, e22d1, 7d982, 7eed6, a72f2, c97af, a2923, 7cc17, cc186, 7fc56, b42f0, d247f, 6bd30, 4f12c, 4261d, 36dac, 78d8f, c9e21, c90ba, bd834, 96de0, e64a2, ae448, 11f37, 553c9, 09d06, d6db0, 64833, 2e87f, d673a, 8ca0a

• Associated Commits: 7effd, b9836, ace03, 2f8d9, 717d3, 8b305, c1c14, b4a5f, 6670a, ddd47, ff15e, f3568, 99f17, c728d, 6d065, fa15c, 69b33, 6fecb, efe38, 44e8c, 7a869, d80a6, ac411, dbcad, 32ac2, 34f40, 39d7e, 96a76, 7def6, a6276, 2bb57, 18f51, 60f63, 835de, 76e17, feed9, fcd27, 3d768, 33b49, fed8a, bba5e, b136a, 3f46c, 49103, 700aa, c7f8a, 9af98, 13baf, 35d9c, e7719, 58137, f28f3, 1e7b7, ebefb, cf0d1, 97423, 62d2c, f2d78, 57530, 38c28, 7b076, 7f516, 287a9, b76cc, 6546a, c0e16, e4cf2, 0bd74, 54580, 5f96f, 4aac6, dfd59, 74318, 61f74, 98312, 6ca92, 7eb58, 15e28, d0f9d, 09b84, 9fdc4, 29ed5, 6bc66, 8065d, 09920, 881e7, 82ea5, fb66b, d2095, f45ea, 12694, 9585e, 9ec0e, df46b, 43b7d, 85a13, 847b3, 67e81, 3a126, c02cf, e7c78, 9448a, 4cf4d, f3769, ea590, 6b9f2, a8d89, 0d1f6, f2982, d74ad, 03e85, 96f87, 283ae, b33ce, ecf9e, 608d6, 9df18, 6e869, ff3b1, 8cf0d, 8add1, bf7c5, 3c752, 96ca7, a6c2b, 04ac5, 61c18, b1fe4, e20b0, a357c, 324cf, c9b5c, db9c6, d7eb9, 23468, de547, 6025e, 45423, 88fd1, 8bfd4, bf50c, 8d1cd, 1aa4c, 0843a, 87c56, a30b3, ac5fd, 88e8a, 73b86, b115a, 61412, 6bf2b, b4b90, 7e1a1, 56564, 4313f, ffd38, 7ff9b, a3a50, 53570, 4f6f6, 39d07, bbb9c, e0317, e5d3f, 09c60, ed96d, d435a, 7b167, 93aa6, 87e2d, b7c66, 7eb14, 9aadb, 80a68, d5bc0, d1b79, ba013, e0c21, a408b, aac86, 66f0c, 095f2, 3afe8, 71dd6, 9745f, c3ac1, 445e0, 59078, 49018, b11b6, aab9c, 47d06, 79d15, 4eece, a2deb, e22d1, 7d982, 7eed6, a72f2, c97af, a2923, 7cc17, cc186, 7fc56, b42f0, d247f, 6bd30, 4f12c, 4261d, 36dac, 78d8f, c9e21, c90ba, bd834, 96de0, e64a2, ae448, 11f37, 553c9, 09d06, d6db0, 64833, 2e87f, d673a, 8ca0a

2. fix: tiny tree downstream import issues: This pull request fixes import issues caused by ESM versus CJS by moving the non-layered-tidy-tree-layout package to devDependencies, enabling esbuild to inline it during the build process.

• URL: pull/7355

• Associated Commits: 47e5b, 0f94b

• Associated Commits: 47e5b, 0f94b

3. refactor: update dagre-d3-es to v7.0.14: This pull request refactors the codebase by upgrading the dagre-d3-es dependency to version 7.0.14, which includes improved TypeScript types for graphlib, fixes the argument order in the createGraphWithElements function's graph.setEdge call, and prepares the code for future use of this function without introducing any user-visible changes.

• URL: pull/7357

• Associated Commits: 03cfc, a411b

• Associated Commits: 03cfc, a411b

Other Closed Pull Requests

• IconLoader Types Export and Integration: This set of pull requests focuses on exporting the types AsyncIconLoader, SyncIconLoader, and IconLoader to facilitate the use of SyncIconLoader in the mermaid-isomorphic project. The changes include adding necessary tests and updating documentation to support these exports and ensure proper integration.
• pull/7352

3.3 Pull Request Discussion Insights

This section will analyze the tone and sentiment of discussions within this project's open and closed pull requests that occurred within the past week. It aims to identify potentially heated exchanges and to maintain a constructive project environment.

Based on our analysis, there are no instances of toxic discussions in the project's open or closed pull requests from the past week.

IV. Contributors

4.1 Contributors

Active Contributors:

We consider an active contributor in this project to be any contributor who has made at least 1 commit, opened at least 1 issue, created at least 1 pull request, or made more than 2 comments in the last month.

If there are more than 10 active contributors, the list is truncated to the top 10 based on contribution metrics for better clarity.