Skip to content

Bump @docmd/core from 0.6.7 to 0.6.9 in the npm-dependencies group#2

Open
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/npm_and_yarn/npm-dependencies-aa0b1ba8f5
Open

Bump @docmd/core from 0.6.7 to 0.6.9 in the npm-dependencies group#2
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/npm_and_yarn/npm-dependencies-aa0b1ba8f5

Conversation

@dependabot
Copy link
Copy Markdown

@dependabot dependabot Bot commented on behalf of github Apr 15, 2026
edited
Loading

Bumps the npm-dependencies group with 1 update: @docmd/core.

Updates @docmd/core from 0.6.7 to 0.6.9

Release notes

Sourced from @​docmd/core's releases.

docmd@0.6.9 🛡️ (Plugin Security, KaTeX Math, & SPA Stability)

The docmd 0.6.9 release focuses on significant core stability updates, hardening the plugin resolution architecture, and the introduction of a highly requested mathematical plugin leveraging server-side rendered LaTeX.

✨ Highlights

🧮 Math Plugin (KaTeX)

Introducing @docmd/plugin-math — an official extension providing native parsed LaTeX and KaTeX support seamlessly decoupled into docmd. Writing $E = mc^2$ or block arrays $$ automatically hooks into robust server-side build steps producing purely static visual nodes. No client-side Javascript compilation is required!

🏗️ Plugin Security Hardening

The plugin resolution architecture has been completely rewritten. Shorthand names (e.g. math, search) are now strictly reserved for official @docmd/plugin-* packages. Third-party plugins must be referenced by their full package name, there is no fallback cascade to community or bare npm names. This eliminates supply-chain attack vectors via namespace squatting entirely.

🧹 Layout & UI Stability

This release contains sweeping fixes protecting custom UI definitions. noStyle structurally broken layout grids have been resolved restoring total CSS conformity across customized landing pages heavily featuring .menubar blocks. Navigational headers explicitly linked toward raw .md domains are also safely purged enforcing clean-urls matching the generated HTML structure!

📝 Complete Changelog

🧰 Core Improvements

  • Plugin Security Hardening: Rewrote core/src/utils/plugin-loader — shorthand names now resolve exclusively to official @docmd/plugin-* scope. Third-party plugins require full package names with no fallback cascade.
  • Expanded Asset Parsing (#100): Rewrote core/src/engine/assets.ts to natively verify and append nested config.src/assets definitions concurrently alongside root CWD/assets supporting local documentation directories explicitly.
  • UX Menu Linking: Menubar now uses absolute base paths instead of relative paths, fixing broken URLs on versioned pages where menubar links incorrectly resolved to version-scoped paths (e.g. /05/nostyle instead of /nostyle).

🧵 Bug Fixes & Refactors

  • miniSearch Fatal Crashes (#8): Fixed a runtime structural array duplication resulting in a failed indexing routine. Added seenIds tracking inside plugins/search/src/index.ts intercepting overlapping layout blocks silently.
  • Menubar Flex Structural Collapse (#101): Found and deleted orphaned closing elements inside menubar.ejs. Options menus (theme, search) correctly load into menubar-right aligned grids completely separate from iterated loop structures bridging un-styled overrides easily.
  • SPA Sidebar URL Nesting: Fixed an issue where SPA navigation caused sidebar hrefs to nest incorrectly (e.g. /nostyle/nostyle/). The SPA router now resolves fetched sidebar hrefs to absolute paths before syncing them into the current DOM.
  • Removed Implicit .md Stripping: The config normalizer no longer silently strips .md extensions from navigation and menubar URLs. Users should use clean URLs in their config as documented — this prevents hidden routing conflicts with SPA navigation.
  • TypeScript Strictness: Added "types": ["node"] to monorepo base tsconfig.json and replaced import.meta.dirname with fileURLToPath for universal type compatibility across all packages.

Migration Guide

No breaking changes for users of official plugins. If you were relying on shorthand names for third-party plugins, update your docmd.config.js to use the full package name instead.

📥 Upgrade

npm install -g @docmd/core

Full Changelog: docmd-io/docmd@0.6.8...0.6.9

docmd@0.6.8 🔥 (Advanced Plugin APIs, RPC, & Collaborative Threads)

Version 0.6.8 is a massive milestone for docmd's extensibility. We are officially introducing our Advanced API & RPC Framework—a robust, WebSocket-driven architecture that allows plugins to seamlessly communicate between the client and server. A more refined version will be introduced in coming releases.

To showcase the power of this new infrastructure, we're incredibly excited to launch the Threads Plugin: a collaborative, zero-database inline discussion tool directly backed into your markdown! A huge shoutout to the original author @​svallory for pioneering the Threads logic in a series of PRs, laying the groundwork for our new interactive API era.

The docmd 0.6.8 release is a foundational leap for the plugin ecosystem. It introduces a WebSocket RPC protocol that enables real-time browser-to-server communication, powerful source editing tools for manipulating markdown files from the browser, and a brand-new Threads plugin for inline discussion comments — all without adding any new runtime dependencies.

... (truncated)

Commits

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot
Bump @docmd/core from 0.6.7 to 0.6.9 in the npm-dependencies group
c57ec81 
Bumps the npm-dependencies group with 1 update: [@docmd/core](https://github.com/docmd-io/docmd).


Updates `@docmd/core` from 0.6.7 to 0.6.9
- [Release notes](https://github.com/docmd-io/docmd/releases)
- [Commits](docmd-io/docmd@0.6.7...0.6.9)

---
updated-dependencies:
- dependency-name: "@docmd/core"
  dependency-version: 0.6.9
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: npm-dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Apr 15, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants