diorama icon indicating copy to clipboard operation
diorama copied to clipboard

Published 20 hours ago verified publisher icon Sambego

[Snyk] Security upgrade prismjs from 1.16.0 to 1.23.0

Open Sambego opened this issue 4 years ago • 0 comments

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

merge advice

As this is a private repository, Snyk-bot does not have access. Therefore, this PR has been created automatically, but appears to have been created by a real user.

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • package.json
    • package-lock.json

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
high severity 661/1000
Why? Recently disclosed, Has a fix available, CVSS 7.5		 Regular Expression Denial of Service (ReDoS)
SNYK-JS-PRISMJS-1076581		 No No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: prismjs The new version differs by 250 commits.
  • 88a17b4 1.23.0
  • 5dc7b42 Changelog v1.23.0 (#2681)
  • 37b9c9a PHP: Fixed exponential backtracking (#2684)
  • 89f1e18 Latte: Fixed exponential backtracking (#2682)
  • 0a3932f C-like: Made all comments greedy (#2680)
  • cdb24ab Line Highlight: Fixed print background color (#2668)
  • e644178 Added test for polynomial backtracking (#2597)
  • b40f8f4 Line highlight: Fixed top offset in combination with Line numbers (#2237)
  • 2af3e2c Markdown: Improved URL tokenization (#2678)
  • df0738e Test page: Don't trigger ad-blockers with class (#2677)
  • b5f4f10 Test page: Added "Share" option (#2575)
  • 0604793 New `start` script to start local server (#2491)
  • 8828500 Tests: Added strict checks for `Prism.languages.extend` (#2572)
  • 7266e32 Treeview: Fixed icons on dark themes (#2631)
  • 7f23ef3 Fixed Danger CI for forks (#2638)
  • 990f48f Fixed build
  • 071232b Readme: Added alternative link for Chinese translation
  • fc57999 Bump ini from 1.3.5 to 1.3.7 (#2672)
  • 2ea202b README: Removed broken icon for Chinese translation (#2670)
  • 9f82de5 thousands -> millions
  • f154134 CSP: Added missing directives and keywords (#2664)
  • a7ccc16 CSP: Do not highlight directive names with adjacent hyphens (#2662)
  • e01ecd0 Scheme: Fixed number pattern (#2648)
  • 05afbb1 Added test for exponential backtracking (#2590)

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information: 🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

Sambego avatar Feb 19 '21 05:02 Sambego