Upgrade @myst-theme/* from 0.14.x to 1.1.2

[mmcky]

Summary

Upgrades all @myst-theme/* packages from 0.14.x to 1.1.2, along with related myst-* dependencies. This aligns quantecon-theme-src with the upstream myst-theme/book template.

Changes

Package Bumps

Package	Before	After
@myst-theme/common	^0.14.0	^1.1.2
@myst-theme/icons	^0.14.0	^1.1.2
@myst-theme/jupyter	^0.14.0	^1.1.2
@myst-theme/providers	^0.14.0	^1.1.2
@myst-theme/search-minisearch	^0.14.0	^1.1.2
@myst-theme/site	^0.14.0	^1.1.2
@myst-theme/styles	^0.14.0	^1.1.2
myst-to-react	^0.14.0	^1.1.2
myst-common	^1.7.9	^1.8.1
myst-config	^1.7.9	^1.8.1

Other Changes

• Removed cytoscape override — no longer needed since mermaid upgraded from 9.x → 11.x (compatible with latest cytoscape)
• Retained prismjs and katex overrides — still needed for security (transitive deps don't declare safe minimums)

Security Impact

Reduces npm audit findings from 37 → 34 (3 additional vulns fixed upstream: dompurify, mermaid/prismjs chain)

Breaking Change (upstream)

@myst-theme v1.0.0 introduced a new AST structure for notebook output nodes (jupyter-book/myst-theme#571). This change is not backwards compatible — downstream lecture sites must rebuild content with a compatible mystmd version. The theme code itself requires no changes.

Key Compatibility Notes

• Remix v1 still supported — peer deps remain @remix-run/node@^1.19
• No package renames — all sub-packages still exist with same names
• No import changes — public API is stable

Ecosystem Alignment

Surveyed all projects in the myst-theme ecosystem to confirm this is the right upgrade path:

Aspect	quantecon (after this PR)	myst-theme/book (upstream)	curvenote/overlay
@remix-run/*	~1.19.0	~1.17.0	^1.19.3
@myst-theme/*	^1.1.2	^1.1.2	^0.13.3
@vercel/node	^2.15.1	^2.15.1	^2.15.9
packageManager	npm@8.10.0	npm@8.10.0	npm@8.10.0

No project in the myst ecosystem has migrated to Remix v2. All use Remix v1 with v2 future flags enabled. The remaining 34 npm audit findings are ecosystem-wide — they affect every myst-theme consumer equally and are blocked by:

• Remix v2 migration (~13 vulns) — @remix-run/vercel was deprecated in v2, needs @vercel/remix replacement. Tracked in Migrate from Remix v1 to v2 #28.
• @myst-theme upstream (~9 vulns) — nanoid, markdown-it, myst-to-react transitive deps
• @vercel/node v2→v5 (~5 vulns) — tested; v5 introduces more vulns. Staying on v2 is correct.
• Remix dev toolchain (~7 vulns) — tar, cacache, esbuild, vite, cookie (dev-only, not in production bundles)

Testing

• npm install ✅
• npm run prod:build ✅ (14.6s, only pre-existing @myst-theme/site/src deep-import warning)
• npm audit: 34 remaining vulnerabilities (all ecosystem-wide, require upstream breaking changes)

[Copilot]

Pull request overview

This PR upgrades the @myst-theme/* package family from version 0.14.x to 1.1.2, along with related myst-* dependencies, to align with the upstream myst-theme/book template. The upgrade addresses security vulnerabilities and removes an unnecessary cytoscape override that was required for mermaid 9.x compatibility.

Changes:

• Upgraded seven @myst-theme/* packages from ^0.14.0 to ^1.1.2
• Upgraded three myst-* packages (myst-common, myst-config, myst-to-react) to their latest versions
• Removed the cytoscape override as mermaid's upgrade to 11.x makes it unnecessary

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.