eui icon indicating copy to clipboard operation
eui copied to clipboard

Published 20 hours ago • verified publisher icon elastic

Upgrade `refractor` to remove `prismjs` vulnerability

Open mgadewoll opened this issue 7 months ago • 3 comments

Description

We previously already updated our direct dependency of prismjs (PR) but wealso need to upgrade our refractor dependency from the current version 3.6.0 to at least 4.9.0 (release changelog) to ensure the included prismjs dependency is at 1.30.0 (release) which includes a fix for an "Arbitrary Code Injection vulnerability" (DOM Clobbering vulnerability).

mgadewoll avatar Apr 23 '25 13:04 mgadewoll