[Snyk] Upgrade katex from 0.16.45 to 0.17.0

[Mpdreamz]

Snyk has created this PR to upgrade katex from 0.16.45 to 0.17.0.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

---

• The recommended version is 3 versions ahead of your current version.

• The recommended version was released a month ago.

Issues fixed by the recommended upgrade:

	Issue	Score	Exploit Maturity
	Regular Expression Denial of Service (ReDoS) SNYK-JS-UAPARSERJS-17353322	828	Proof of Concept

Breaking Change Risk

Notice: This assessment is enhanced by AI.

Release notes

Package name: katex

• 0.17.0 - 2026-05-22
  

  0.17.0 (2026-05-22)

  Performance Improvements

  • simplify defineFunction to avoid destructuring, improve typing (#4222) (fb604e6)

  BREAKING CHANGES

  • The internal API for __defineFunction changed: you should no longer wrap properties in props.
• 0.16.47 - 2026-05-16
  

  0.16.47 (2026-05-16)

  Bug Fixes

  • correct size of [ big delimiter (#4217) (7ba0027), closes #4215
• 0.16.46 - 2026-05-13
  

  0.16.46 (2026-05-13)

  Bug Fixes

  • preserve math font in some styling commands (#4214) (e9ee046), closes #4213
• 0.16.45 - 2026-04-05
  

  0.16.45 (2026-04-05)

  Bug Fixes

  • wrap vcenter mpadded in mrow for valid MathML (#4193) (ee66b78), closes #4078

from katex GitHub release notes

---

Important

• Check the changes in this PR to ensure they won't cause issues with your project.
• This PR was automatically created by Snyk using the credentials of a real user.
• Max score is 1000. Note that the real score may have changed since the PR was raised.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

• 🧐 View latest project report
• 📜 Customise PR templates
• 🛠 Adjust upgrade PR settings
• 🔕 Ignore this dependency or unsubscribe from future upgrade PRs

[Mpdreamz]

The upgrade to KaTeX v0.17.0 is a minor version bump that introduces several significant breaking changes requiring developer action.

Key Breaking Changes:

• Security Setting for Links: The trust setting is now required to render \href and \url commands. Without adjusting this setting, links will break. This is a security measure to prevent untrusted content from creating arbitrary links.
• ECMAScript Module Imports: For bundlers and loaders that support conditional exports, import katex from 'katex' will now resolve to the ECMAScript module. This may affect build configurations that rely on the previous module format.
• \relax Command Behavior: The \relax command is now implemented as a function that stops expansions and parsing. This may change the rendering behavior of expressions that use it, such as \kern2\relax em, which will no longer work.
• Internal API Change: The internal API for __defineFunction has changed, which could affect advanced integrations or plugins that use it. [3]

Recommendation:
Before merging, you must review your KaTeX implementation and:

1. Set the trust option to true in your configuration if you are rendering trusted LaTeX source and need \href or \url to function.
2. Verify that your build system correctly handles the new ECMAScript module exports.
3. Test any complex expressions that may use the \relax command.

Source: KaTeX CHANGELOG [1]

Notice 🤖: This content was augmented using artificial intelligence. AI-generated content may contain errors and should be reviewed for accuracy before use.

[github-actions]

Label error. Requires exactly 1 of: automation, breaking, bug, changelog:skip, chore, ci, dependencies, documentation, enhancement, feature, fix, redesign. Found: