chore: Bump mermaid version and dependencies

[alpe]

Overview

Bump mermaid dependency for the docs

[gemini-code-assist]

Summary of Changes

Hello @alpe, I'm Gemini Code Assist¹! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request focuses on maintaining the documentation's technical stack by upgrading the mermaid charting library to its latest stable version. This update ensures that the documentation site benefits from the most recent features, performance improvements, and bug fixes provided by the library and its underlying dependencies.

Highlights

• Mermaid Dependency Update: The mermaid charting library dependency in docs/package.json has been updated from version ^11.10.0 to ^11.12.2.
• Dependency Lockfile Synchronization: The docs/yarn.lock file has been synchronized to reflect the new mermaid version and its updated transitive dependencies, ensuring consistent builds.
• Transitive Dependency Updates and Removals: Numerous sub-dependencies, including @antfu/install-pkg, @braintree/sanitize-url, @iconify/utils, and marked, have been updated, and several others like @antfu/utils, debug, and local-pkg have been removed as a result of the main mermaid bump and dependency tree optimization.

🧠 New Feature in Public Preview: You can now enable Memory to help Gemini Code Assist learn from your team's feedback. This makes future code reviews more consistent and personalized to your project's style. Click here to enable Memory in your admin console.

Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point by creating a comment using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands on the current page.

Feature	Command	Description
Code Review	/gemini review	Performs a code review for the current pull request in its current state.
Pull Request Summary	/gemini summary	Provides a summary of the current pull request in its current state.
Comment	@gemini-code-assist	Responds in comments when explicitly tagged, both in pull request comments and review comments.
Help	/gemini help	Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for Github and other Google products, sign up here.

You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension.

Footnotes

1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution. ↩

[github-actions]

The latest Buf updates on your PR. Results from workflow CI / buf-check (pull_request).

Build	Format	Lint	Breaking	Updated (UTC)
✅ passed	⏩ skipped	✅ passed	✅ passed	Jan 22, 2026, 4:51 PM

[claude]

Claude finished @alpe's task in 1m 36s —— View job

---

Code Review Complete ✅

Summary

This PR updates the mermaid charting library from ^11.10.0 to ^11.12.2 in the documentation dependencies. The changes are minimal, focused, and appropriate for a routine dependency maintenance update.

---

Review Findings

✅ Overall Assessment: APPROVED

This is a clean, low-risk dependency bump that follows best practices for dependency management.

---

Detailed Analysis

1. Direct Dependency Changes

File: docs/package.json:13

The change is minimal and appropriate:

- "mermaid": "^11.10.0",
+ "mermaid": "^11.12.2",

✅ Good practices observed:

• Using caret (^) range for patch/minor updates allows future compatible updates
• Only updating the specific dependency needed
• No unnecessary changes to other dependencies

---

2. Lockfile Updates

File: docs/yarn.lock

The lockfile shows a clean dependency tree update with 151 lines changed (+51/-101), indicating net reduction in dependencies.

Key transitive dependency changes:

✅ Updates (Security & Bug Fixes):

• @mermaid-js/parser: 0.6.2 → 0.6.3
• @braintree/sanitize-url: ^7.0.4 → ^7.1.1 (security-focused library upgrade)
• @iconify/utils: 2.3.0 → 3.1.0 (major version bump)
• marked: ^16.0.0 → ^16.2.1 (markdown parser update)
• dagre-d3-es: 7.0.11 → 7.0.13 (graph layout library)
• dayjs: ^1.11.13 → ^1.11.18 (date library patch updates)

✅ Removals (Dependency Tree Optimization):

• @antfu/utils@^8.1.0 - removed
• debug@^4.4.0 - removed
• ms@^2.1.3 - removed
• local-pkg@^1.0.0 - removed
• kolorist@^1.8.0 - removed
• globals@^15.14.0 - removed
• confbox@^0.2.2 - removed
• exsolve@^1.0.7 - removed
• quansync@^0.2.8 - removed

Analysis: The removal of 9 transitive dependencies while adding only minor version updates is a positive sign — it indicates the mermaid library team has:

• Reduced their dependency footprint
• Simplified the dependency tree
• Potentially improved bundle size and security surface area

---

3. Security Considerations

✅ Positive security indicators:

• @braintree/sanitize-url upgraded from 7.0.4 → 7.1.1 (this is a URL sanitization library specifically designed to prevent XSS attacks)
• Fewer transitive dependencies = smaller attack surface
• All dependency resolutions point to trusted registries (registry.yarnpkg.com, registry.npmjs.org)

⚠️ Recommendation:
While the changes look safe, I cannot run npm audit in this environment. I recommend running:

cd docs && npm audit

...to verify there are no known vulnerabilities in the updated dependency tree.

---

4. Compatibility & Breaking Changes

✅ Low risk of breaking changes:

• Mermaid version bump from 11.10.0 to 11.12.2 is a minor version update (following semver)
• Minor versions in semver should be backwards compatible
• The caret range (^11.12.2) will allow automatic patch updates up to (but not including) 12.0.0

⚠️ Consideration:
@iconify/utils had a major version bump (2.3.0 → 3.1.0), which could theoretically introduce breaking changes. However, this is a transitive dependency managed by mermaid, so:

• The mermaid team has tested compatibility
• If there were breaking changes affecting mermaid, they would have been addressed in mermaid's own release

---

5. Build & Lockfile Integrity

✅ Lockfile is properly synchronized:

• All version resolutions are consistent
• Package integrity hashes are present (SHA-512)
• Registry URLs are consistent and trusted

✅ Package manager:

• Uses Yarn (evidenced by yarn.lock)
• Lockfile format is correct and well-formed

---

Recommendations

Before Merging:

1. Verify documentation builds successfully:

   cd docs && npm run build

2. Test mermaid diagrams render correctly:

   • Start the dev server: npm run dev
   • Navigate to pages with mermaid diagrams
   • Verify all diagram types render as expected

3. Run security audit:

   cd docs && npm audit

4. Optional: Review mermaid release notes

   • Check the mermaid changelog for versions 11.10.1 through 11.12.2 to understand what features/fixes are included

---

Conclusion

This is a well-executed dependency maintenance PR. The changes are:

• ✅ Minimal and focused
• ✅ Following semver best practices
• ✅ Reducing dependency bloat
• ✅ Including security-focused library updates
• ✅ Low risk of breaking changes

Status: Approved pending successful build verification.

---

Tasks Completed

• Read and analyze package.json changes
• Review yarn.lock dependency updates
• Check for security or compatibility concerns
• Provide comprehensive review feedback

[gemini-code-assist]

Code Review

This pull request updates the mermaid dependency and other related dependencies in the docs/package.json and docs/yarn.lock files. The primary goal is to bump the mermaid version from 11.10.0 to 11.12.2, along with updating other dependencies to maintain compatibility and incorporate the latest features and security patches. I have identified some outdated dependencies that were removed and some dependencies that were updated to newer versions. I have added review comments for the identified issues.

I am having trouble creating individual review comments. Click here to see my feedback.

docs/yarn.lock (1657-1662)

The debug dependency is removed. Ensure that this dependency is no longer required or that its functionality has been replaced or moved elsewhere.

docs/yarn.lock (1756-1759)

The globals dependency is removed. Ensure that this dependency is no longer required or that its functionality has been replaced or moved elsewhere.

docs/yarn.lock (1834-1837)

The kolorist dependency is removed. Ensure that this dependency is no longer required or that its functionality has been replaced or moved elsewhere.

docs/yarn.lock (1860-1867)

The local-pkg dependency is removed. Ensure that this dependency is no longer required or that its functionality has been replaced or moved elsewhere.

docs/yarn.lock (2072-2079)

The pkg-types dependency is removed. Ensure that this dependency is no longer required or that its functionality has been replaced or moved elsewhere.

docs/yarn.lock (2122-2125)

The quansync dependency is removed. Ensure that this dependency is no longer required or that its functionality has been replaced or moved elsewhere.

docs/yarn.lock (1955)

The version of mlly is updated. Verify that this update does not introduce any compatibility issues or break any functionality that depends on mlly.

docs/yarn.lock (2028)

The version of mlly is updated. Verify that this update does not introduce any compatibility issues or break any functionality that depends on mlly.

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 57.89%. Comparing base (340d5cf) to head (f56c1bb).

Additional details and impacted files

@@            Coverage Diff             @@
##             main    #3009      +/-   ##
==========================================
- Coverage   57.96%   57.89%   -0.07%     
==========================================
  Files         110      110              
  Lines       10526    10526              
==========================================
- Hits         6101     6094       -7     
- Misses       3774     3781       +7     
  Partials      651      651              

Flag	Coverage Δ
combined	57.89% <ø> (-0.07%)	⬇️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.