Resolve vulnerability: Cross-site Scripting in mermaid (!3126) · Merge requests · GitLab.org / GitLab · GitLab

Do not update/delete: Banner broadcast message test data

Do not update/delete: Notification broadcast message test data

GitLab Security Bot requested to merge remediate/cross-site-scripting-in-mermaid-D20210806T032435 into master Aug 06, 2021

Description:

Mermaid allows XSS when the antiscript feature is used.

Severity: medium
Confidence: unknown
Location: yarn.lock

Solution:

Upgrade to version 8.11.0 or above.

Identifiers:

Links:

https://nvd.nist.gov/vuln/detail/CVE-2021-35513