Bump @docmd/core from 0.6.8 to 0.6.9 in the npm-dependencies group

[dependabot]

Bumps the npm-dependencies group with 1 update: @docmd/core.

Updates @docmd/core from 0.6.8 to 0.6.9

Release notes

Sourced from @​docmd/core's releases.

docmd@0.6.9 🛡️ (Plugin Security, KaTeX Math, & SPA Stability)

The docmd 0.6.9 release focuses on significant core stability updates, hardening the plugin resolution architecture, and the introduction of a highly requested mathematical plugin leveraging server-side rendered LaTeX.

✨ Highlights

🧮 Math Plugin (KaTeX)

Introducing @docmd/plugin-math — an official extension providing native parsed LaTeX and KaTeX support seamlessly decoupled into docmd. Writing $E = mc^2$ or block arrays $$ automatically hooks into robust server-side build steps producing purely static visual nodes. No client-side Javascript compilation is required!

🏗️ Plugin Security Hardening

The plugin resolution architecture has been completely rewritten. Shorthand names (e.g. math, search) are now strictly reserved for official @docmd/plugin-* packages. Third-party plugins must be referenced by their full package name, there is no fallback cascade to community or bare npm names. This eliminates supply-chain attack vectors via namespace squatting entirely.

🧹 Layout & UI Stability

This release contains sweeping fixes protecting custom UI definitions. noStyle structurally broken layout grids have been resolved restoring total CSS conformity across customized landing pages heavily featuring .menubar blocks. Navigational headers explicitly linked toward raw .md domains are also safely purged enforcing clean-urls matching the generated HTML structure!

📝 Complete Changelog

🧰 Core Improvements

• Plugin Security Hardening: Rewrote core/src/utils/plugin-loader — shorthand names now resolve exclusively to official @docmd/plugin-* scope. Third-party plugins require full package names with no fallback cascade.
• Expanded Asset Parsing (#100): Rewrote core/src/engine/assets.ts to natively verify and append nested config.src/assets definitions concurrently alongside root CWD/assets supporting local documentation directories explicitly.
• UX Menu Linking: Menubar now uses absolute base paths instead of relative paths, fixing broken URLs on versioned pages where menubar links incorrectly resolved to version-scoped paths (e.g. /05/nostyle instead of /nostyle).

🧵 Bug Fixes & Refactors

• miniSearch Fatal Crashes (#8): Fixed a runtime structural array duplication resulting in a failed indexing routine. Added seenIds tracking inside plugins/search/src/index.ts intercepting overlapping layout blocks silently.
• Menubar Flex Structural Collapse (#101): Found and deleted orphaned closing elements inside menubar.ejs. Options menus (theme, search) correctly load into menubar-right aligned grids completely separate from iterated loop structures bridging un-styled overrides easily.
• SPA Sidebar URL Nesting: Fixed an issue where SPA navigation caused sidebar hrefs to nest incorrectly (e.g. /nostyle/nostyle/). The SPA router now resolves fetched sidebar hrefs to absolute paths before syncing them into the current DOM.
• Removed Implicit .md Stripping: The config normalizer no longer silently strips .md extensions from navigation and menubar URLs. Users should use clean URLs in their config as documented — this prevents hidden routing conflicts with SPA navigation.
• TypeScript Strictness: Added "types": ["node"] to monorepo base tsconfig.json and replaced import.meta.dirname with fileURLToPath for universal type compatibility across all packages.

Migration Guide

No breaking changes for users of official plugins. If you were relying on shorthand names for third-party plugins, update your docmd.config.js to use the full package name instead.

📥 Upgrade

npm install -g @docmd/core

Full Changelog: docmd-io/docmd@0.6.8...0.6.9

Commits

• 99f3167 Update docmd.config.js
• 0826cd6 fix(ui): absolute menubar URLs, SPA-safe noStyle navigation, and sidebar href...
• 50d80eb Update pnpm-lock.yaml
• 3394e52 Update .gitignore
• 652e294 Update package.json
• 069aed5 Update docmd.config.js
• 90391ad Update pnpm-lock.yaml
• 40f96a5 Update package.json
• f730e20 Update package.json
• 57b357f Update package.json
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions