chore(deps): [security] bump prismjs from 1.21.0 to 1.24.1

[dependabot-preview[bot]]

Bumps prismjs from 1.21.0 to 1.24.1. This update includes security fixes.

Vulnerabilities fixed

Sourced from The GitHub Security Advisory Database.

Regular Expression Denial of Service (ReDoS) in Prism Some languages before 1.24.0 are vulnerable to Regular Expression Denial of Service (ReDoS).

Impact

When Prism is used to highlight untrusted (user-given) text, an attacker can craft a string that will take a very very long time to highlight. Do not use the following languages to highlight untrusted text.

• ASCIIDoc
• ERB

Other languages are not affected and can be used to highlight untrusted text.

Patches

This problem has been fixed in Prism v1.24.

References

• PrismJS/prism#2774
• PrismJS/prism#2688

Affected versions: < 1.24.0

Sourced from The GitHub Security Advisory Database.

Denial of service in prismjs The package prismjs before 1.23.0 are vulnerable to Regular Expression Denial of Service (ReDoS) via the prism-asciidoc, prism-rest, prism-tap and prism-eiffel components.

Affected versions: < 1.23.0

Release notes

Sourced from prismjs's releases.

v1.24.1

Release 1.24.1

v1.24.0

Release 1.24.0

v1.23.0

Release 1.23.0

v1.22.0

Release 1.22.0

Changelog

Sourced from prismjs's changelog.

1.24.1 (2021-07-03)

Updated components

• Markdown
  • Fixed Markdown not working in NodeJS (#2977) 151121cd

Updated plugins

• Toolbar
  • Fixed styles being applies to nested elements (#2980) 748ecddc

1.24.0 (2021-06-27)

New components

• CFScript (#2771) b0a6ec85
• ChaiScript (#2706) 3f7d7453
• COBOL (#2800) 7e5f78ff
• Coq (#2803) 41e25d3c
• CSV (#2794) f9b69528
• DOT (Graphviz) (#2690) 1f91868e
• False (#2802) 99a21dc5
• ICU Message Format (#2745) bf4e7ba9
• Idris (#2755) e9314415
• Jexl (#2764) 7e51b99c
• KuMir (КуМир) (#2760) 3419fb77
• Log file (#2796) 2bc6475b
• Nevod (#2798) f84c49c5
• OpenQasm (#2797) 1a2347a3
• PATROL Scripting Language (#2739) 18c67b49
• Q# (#2804) 1b63cd01
• Rego (#2624) e38986f9
• Squirrel (#2721) fd1081d2
• URI (#2708) bbc77d19
• V (#2687) 72962701
• Wolfram language & Mathematica & Mathematica Notebook (#2921) c4f6b2cc

Updated components

• Fixed problems reported by regexp/no-dupe-disjunctions (#2952) f471d2d7
• Fixed some cases of quadratic worst-case runtime (#2922) 79d22182
• Fixed 2 cases of exponential backtracking (#2774) d85e30da
• AQL
  • Update for ArangoDB 3.8 (#2842) ea82478d
• AutoHotkey
  • Improved tag pattern (#2920) fc2a3334
• Bash
  • Accept hyphens in function names (#2832) e4ad22ad

... (truncated)

Commits

• 0fd01ea 1.24.1
• 59db7ea Changelog for v1.24.1 (#2981)
• 748ecdd Toolbar: Fixed styles being applies to nested elements (#2980)
• 151121c Markdown: Fixed markdown not working in NodeJS (#2977)
• 3432b4b 1.24.0
• 46d0720 Updated .npmignore (#2971)
• aef7f08 Changelog for v1.24.0 (#2965)
• e9477d8 Markdown: Improved code snippets (#2967)
• 4b55bd6 Made Match Braces and Custom Class compatible (#2947)
• e8d3b50 ESLint: Added regexp/strict rule (#2944)
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by rundevelopment, a new releaser for prismjs since your current version.

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
• @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
• @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
• @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
• @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language
• @dependabot badge me will comment on this PR with code to add a "Dependabot enabled" badge to your readme

Additionally, you can set the following in your Dependabot dashboard:

• Update frequency (including time of day and day of week)
• Pull request limits (per update run and/or open at any time)
• Out-of-range updates (receive only lockfile updates, if desired)
• Security updates (receive only security updates, if desired)