fix(deps): update dependency katex to v0.16.21 [security] (#3491)

This PR contains the following updates:

| Package | Change | Age | Adoption | Passing | Confidence |
|---|---|---|---|---|---|
| [katex](https://katex.org)
([source](https://redirect.github.com/KaTeX/KaTeX)) | [`0.16.11` ->
`0.16.21`](https://renovatebot.com/diffs/npm/katex/0.16.11/0.16.21) |
[![age](https://developer.mend.io/api/mc/badges/age/npm/katex/0.16.21?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/katex/0.16.21?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/katex/0.16.11/0.16.21?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/katex/0.16.11/0.16.21?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|

### GitHub Vulnerability Alerts

####
[CVE-2025-23207](https://redirect.github.com/KaTeX/KaTeX/security/advisories/GHSA-cg87-wmx4-v546)

### Impact
KaTeX users who render untrusted mathematical expressions with
`renderToString` could encounter malicious input using `\htmlData` that
runs arbitrary JavaScript, or generate invalid HTML.

### Patches
Upgrade to KaTeX v0.16.21 to remove this vulnerability.

### Workarounds
- Avoid use of or turn off the `trust` option, or set it to forbid
`\htmlData` commands.
- Forbid inputs containing the substring `"\\htmlData"`.
- Sanitize HTML output from KaTeX.

### Details
`\htmlData` did not validate its attribute name argument, allowing it to
generate invalid or malicious HTML that runs scripts.

### For more information
If you have any questions or comments about this advisory:

- Open an issue or security advisory in the [KaTeX
repository](https://redirect.github.com/KaTeX/KaTeX/)
- Email us at [katex-security@mit.edu](mailto:katex-security@mit.edu)

---

### Release Notes

<details>
<summary>KaTeX/KaTeX (katex)</summary>

###
[`v0.16.21`](https://redirect.github.com/KaTeX/KaTeX/blob/HEAD/CHANGELOG.md#01621-2025-01-17)

[Compare
Source](https://redirect.github.com/KaTeX/KaTeX/compare/v0.16.20...v0.16.21)

##### Bug Fixes

- escape \htmlData attribute name
([57914ad](https://redirect.github.com/KaTeX/KaTeX/commit/57914ad91eff401357f44bf364b136d37eba04f8))

###
[`v0.16.20`](https://redirect.github.com/KaTeX/KaTeX/blob/HEAD/CHANGELOG.md#01620-2025-01-12)

[Compare
Source](https://redirect.github.com/KaTeX/KaTeX/compare/v0.16.19...v0.16.20)

##### Bug Fixes

- \providecommand does not overwrite existing macro
([#&#8203;4000](https://redirect.github.com/KaTeX/KaTeX/issues/4000))
([6d30fe4](https://redirect.github.com/KaTeX/KaTeX/commit/6d30fe47b06f9da9b836fe518d5cbbecf6a6a3a1)),
closes
[#&#8203;3928](https://redirect.github.com/KaTeX/KaTeX/issues/3928)

###
[`v0.16.19`](https://redirect.github.com/KaTeX/KaTeX/blob/HEAD/CHANGELOG.md#01619-2024-12-29)

[Compare
Source](https://redirect.github.com/KaTeX/KaTeX/compare/v0.16.18...v0.16.19)

##### Bug Fixes

- **types:** improve `strict` function type
([#&#8203;4009](https://redirect.github.com/KaTeX/KaTeX/issues/4009))
([4228b4e](https://redirect.github.com/KaTeX/KaTeX/commit/4228b4eb529b8e35def66cc6e4fa467383b98c86))

###
[`v0.16.18`](https://redirect.github.com/KaTeX/KaTeX/blob/HEAD/CHANGELOG.md#01618-2024-12-18)

[Compare
Source](https://redirect.github.com/KaTeX/KaTeX/compare/v0.16.17...v0.16.18)

##### Bug Fixes

- Actually publish TypeScript type definitions
([#&#8203;4008](https://redirect.github.com/KaTeX/KaTeX/issues/4008))
([629b873](https://redirect.github.com/KaTeX/KaTeX/commit/629b87354fdfc04a3769f09b69f6bbadebcb9ae8))

###
[`v0.16.17`](https://redirect.github.com/KaTeX/KaTeX/blob/HEAD/CHANGELOG.md#01617-2024-12-17)

[Compare
Source](https://redirect.github.com/KaTeX/KaTeX/compare/v0.16.16...v0.16.17)

##### Bug Fixes

- MathML combines multidigit numbers with sup/subscript, comma
separators, and multicharacter text when outputting to DOM
([#&#8203;3999](https://redirect.github.com/KaTeX/KaTeX/issues/3999))
([7d79e22](https://redirect.github.com/KaTeX/KaTeX/commit/7d79e220f465c42d4334dc95f1c41e333667e168)),
closes
[#&#8203;3995](https://redirect.github.com/KaTeX/KaTeX/issues/3995)

###
[`v0.16.16`](https://redirect.github.com/KaTeX/KaTeX/blob/HEAD/CHANGELOG.md#01616-2024-12-17)

[Compare
Source](https://redirect.github.com/KaTeX/KaTeX/compare/v0.16.15...v0.16.16)

##### Features

- ESM exports, TypeScript types
([#&#8203;3992](https://redirect.github.com/KaTeX/KaTeX/issues/3992))
([ea9c173](https://redirect.github.com/KaTeX/KaTeX/commit/ea9c173a0de953b49b2ce5d131e88b785f5dffa1))

###
[`v0.16.15`](https://redirect.github.com/KaTeX/KaTeX/blob/HEAD/CHANGELOG.md#01615-2024-12-09)

[Compare
Source](https://redirect.github.com/KaTeX/KaTeX/compare/v0.16.14...v0.16.15)

##### Features

- italic sans-serif in math mode via `\mathsfit` command
([#&#8203;3998](https://redirect.github.com/KaTeX/KaTeX/issues/3998))
([2218901](https://redirect.github.com/KaTeX/KaTeX/commit/22189018b63c9312ec4ad126804514a7390d60b5))

###
[`v0.16.14`](https://redirect.github.com/KaTeX/KaTeX/blob/HEAD/CHANGELOG.md#01614-2024-12-08)

[Compare
Source](https://redirect.github.com/KaTeX/KaTeX/compare/v0.16.13...v0.16.14)

##### Features

- \dddot and \ddddot support
([#&#8203;3834](https://redirect.github.com/KaTeX/KaTeX/issues/3834))
([bda35cd](https://redirect.github.com/KaTeX/KaTeX/commit/bda35cdb0a6bbbc52dd27c79e4d984688be3b745)),
closes
[#&#8203;2744](https://redirect.github.com/KaTeX/KaTeX/issues/2744)

###
[`v0.16.13`](https://redirect.github.com/KaTeX/KaTeX/blob/HEAD/CHANGELOG.md#01613-2024-12-08)

[Compare
Source](https://redirect.github.com/KaTeX/KaTeX/compare/v0.16.12...v0.16.13)

##### Bug Fixes

- `\vdots` and `\rule` support in text mode
([#&#8203;3997](https://redirect.github.com/KaTeX/KaTeX/issues/3997))
([0e08352](https://redirect.github.com/KaTeX/KaTeX/commit/0e0835262345d991df61a435800a16b069a4d5c7)),
closes
[#&#8203;3990](https://redirect.github.com/KaTeX/KaTeX/issues/3990)

###
[`v0.16.12`](https://redirect.github.com/KaTeX/KaTeX/blob/HEAD/CHANGELOG.md#01612-2024-12-08)

[Compare
Source](https://redirect.github.com/KaTeX/KaTeX/compare/v0.16.11...v0.16.12)

##### Features

- **css:** configurable margin for display math
([#&#8203;3638](https://redirect.github.com/KaTeX/KaTeX/issues/3638))
([3405001](https://redirect.github.com/KaTeX/KaTeX/commit/3405001225b8ee0cf8b35b2e3a6c1fa2191e5fef))

</details>

---

### Configuration

📅 **Schedule**: Branch creation - "" (UTC), Automerge - At any time (no
schedule defined).

🚦 **Automerge**: Disabled by config. Please merge this manually once you
are satisfied.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.

🔕 **Ignore**: Close this PR and you won't be reminded about this update
again.

---

- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box

---

This PR was generated by [Mend Renovate](https://mend.io/renovate/).
View the [repository job
log](https://developer.mend.io/github/marimo-team/marimo).

<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzOS4xMDcuMCIsInVwZGF0ZWRJblZlciI6IjM5LjEwNy4wIiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6WyJkZXBlbmRlbmNpZXMiXX0=-->

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>