graphql-framework-experiment
graphql-framework-experiment copied to clipboard
prisma-labs
fix(deps): update dependency prismjs to v1.21.0 [security]
This PR contains the following updates:
| Package | Type | Update | Change |
|---|---|---|---|
| prismjs | dependencies | minor | 1.20.0 -> 1.21.0 |
GitHub Vulnerability Alerts
CVE-2020-15138
Impact
The easing preview of the Previewers plugin has an XSS vulnerability that allows attackers to execute arbitrary code in Safari and Internet Explorer.
This impacts all Safari and Internet Explorer users of Prism >=v1.1.0 that use the Previewers plugin (>=v1.10.0) or the Previewer: Easing plugin (v1.1.0 to v1.9.0).
Patches
This problem is patched in v1.21.0.
Workarounds
To workaround the issue without upgrading, disable the easing preview on all impacted code blocks. You need Prism v1.10.0 or newer to apply this workaround.
References
The vulnerability was introduced by this commit on Sep 29, 2015 and fixed by Masato Kinugawa (#2506).
For more information
If you have any questions or comments about this advisory, please open an issue.
Release Notes
PrismJS/prism
v1.21.0
New components
- .ignore & .gitignore & .hgignore & .npmignore (#2481)
3fcce6fe - Agda (#2430)
3a127c7d - AL (#2300)
de21eb64 - Cypher (#2459)
398e2943 - Dhall (#2473)
649e51e5 - EditorConfig (#2471)
ed8fff91 - HLSL (#2318)
87a5c7ae - JS stack trace (#2418)
ae0327b3 - PeopleCode (#2302)
bd4d8165 - PureBasic (#2369)
d0c1c70d - Racket (#2315)
053016ef - Smali (#2419)
22eb5cad - Structured Text (IEC 61131-3) (#2311)
8704cdfb - UnrealScript (#2305)
1093ceb3 - WarpScript (#2307)
cde5b0fa - XML doc (.net) (#2340)
caec5e30 - YANG (#2467)
ed1df1e1
Updated components
- Markup & JSON: Added new aliases (#2390)
9782cfe6 - Fixed several cases of exponential backtracking (#2268)
7a554b5f - APL
- AutoHotkey
- Bash
- Batch
- C
- C#
- C++
- Content-Security-Policy
- CSS
- CSS Extras
- Dart
- Diff
- Docker
- EditorConfig
- EJS
- GLSL
- GraphQL
- Io
- Java
- JavaDoc
- JavaScript
- JSDoc
- JSON
- Julia
- Kotlin
- Markup
- Objective-C
- PowerShell
- Protocol Buffers
- Pug
- Python
- Regex
- Ren'py
- Ruby
- Rust
- SAS
- Scheme
- Solidity (Ethereum)
- SQL
- Stylus
- T4 Text Templates (VB)
- TypeScript
- Visual Basic
Updated plugins
- File Highlight & JSONP Highlight update (#1974)
afea17d9 - Added general de/activation mechanism for plugins (#2434)
a36e96ab - Autoloader
- Command Line
- Line Highlight
- Line Numbers
- Previewers
- Unescaped Markup
Updated themes
- Coy
- Default
- Okaidia
Other
- Changelog: Fixed v1.20.0 release date
cb6349e2 - Core
- Infrastructure
- Update Git repo URL in package.json (#2334)
10f43275 - Added docs to ignore files (#2437)
05c9f20b - Added
npm run buildcommand (#2356)ff74a610 - gulp: Improved
inlineRegexSource(#2296)abb800dd - gulp: Fixed language map (#2283)
11053193 - gulp: Removed
premergetask (#2357)5ff7932b - Tests are now faster (#2165)
e756be3f - Tests: Added extra newlines in pretty token streams (#2070)
681adeef - Tests: Added test for identifier support across all languages (#2371)
48fac3b2 - Tests: Added test to sort the language list (#2222)
a3758728 - Tests: Always pretty-print token streams (#2421)
583e7eb5 - Tests: Always use
components.json(#2370)e416341f - Tests: Better error messages for pattern tests (#2364)
10ca6433 - Tests: Included
consolein VM context (#2353)b4ed5ded
- Update Git repo URL in package.json (#2334)
- Website
- Fixed typos "Prims" (#2455)
dfa5498a - New assets directory for all web-only files (#2180)
91fdd0b1 - Improvements (#2053)
ce0fa227 - Fixed Treeview page (#2484)
a0efa40b - Line Numbers: Fixed class name on website
453079bf - Line Numbers: Improved documentation (#2456)
447429f0 - Line Numbers: Style inline code on website (#2435)
ad9c13e2 - Filter highlightAll: Fixed typo (#2391)
55bf7ec1
- Fixed typos "Prims" (#2455)
Renovate configuration
:date: Schedule: "" (UTC).
:vertical_traffic_light: Automerge: Disabled by config. Please merge this manually once you are satisfied.
:recycle: Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
:no_bell: Ignore: Close this PR and you won't be reminded about this update again.
- [ ] If you want to rebase/retry this PR, check this box
This PR has been generated by WhiteSource Renovate. View repository job log here.
![renovate[bot] avatar](https://avatars.githubusercontent.com/in/2740?v=4 "Published by a pub.dev verified publisher"){kind=small}
:warning: Artifact update problem
Renovate failed to update artifacts related to this branch. You probably do not want to merge this PR as-is.
:recycle: Renovate will retry this branch, including artifacts, only when one of the following happens:
- any of the package files in this branch needs updating, or
- the branch becomes conflicted, or
- you check the rebase/retry checkbox if found above, or
- you rename this PR's title to start with "rebase!" to trigger it manually
The artifact failure details are included below:
File name: website/yarn.lock
sh: 1: Syntax error: Bad fd number
npm ERR! code ELIFECYCLE
npm ERR! errno 2
npm ERR! [email protected] preinstall: `:; (node ./preinstall.js >& /dev/null || true)`
npm ERR! Exit status 2
npm ERR!
npm ERR! Failed at the [email protected] preinstall script.
npm ERR! This is probably not a problem with npm. There is likely additional logging output above.
npm ERR! A complete log of this run can be found in:
npm ERR! /tmp/renovate-cache/others/npm/_logs/2020-09-28T13_26_15_866Z-debug.log
File name: yarn.lock
sh: 1: Syntax error: Bad fd number
npm ERR! code ELIFECYCLE
npm ERR! errno 2
npm ERR! [email protected] preinstall: `:; (node ./preinstall.js >& /dev/null || true)`
npm ERR! Exit status 2
npm ERR!
npm ERR! Failed at the [email protected] preinstall script.
npm ERR! This is probably not a problem with npm. There is likely additional logging output above.
npm ERR! A complete log of this run can be found in:
npm ERR! /tmp/renovate-cache/others/npm/_logs/2020-09-28T13_26_20_185Z-debug.log