graphql.github.io Update dependency prismjs to v1.27.0 [SECURITY]

Update dependency prismjs to v1.27.0 [SECURITY]

Open renovate[bot] opened this issue 2 years ago • 0 comments

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence
prismjs	`1.25.0` -> `1.27.0`

GitHub Vulnerability Alerts

CVE-2022-23647

Impact

Prism's Command line plugin can be used by attackers to achieve an XSS attack. The Command line plugin did not properly escape its output, leading to the input text being inserted into the DOM as HTML code.

Server-side usage of Prism is not impacted. Websites that do not use the Command Line plugin are also not impacted.

Patches

This bug has been fixed in v1.27.0.

Workarounds

Do not use the Command line plugin on untrusted inputs, or sanitized all code blocks (remove all HTML code text) from all code blocks that use the Command line plugin.

References

https://github.com/PrismJS/prism/pull/3341

Release Notes

PrismJS/prism

`v1.27.0`

Compare Source

New components

UO Razor Script (#3309) 3f8cc5a0

Updated components

AutoIt
- Allow hyphen in directive (#3308) bcb2e2c8
EditorConfig
- Change alias of section from keyword to selector (#3305) e46501b9
Ini
- Swap out header for section (#3304) deb3a97f
MongoDB
- Added v5 support (#3297) 8458c41f
PureBasic
- Added missing keyword and fixed constants ending with $ (#3320) d6c53726
Scala
- Added support for interpolated strings (#3293) 441a1422
Systemd configuration file
- Swap out operator for punctuation (#3306) 2eb89e15

Updated plugins

Command Line
- Escape markup in command line output (#3341) e002e78c
- Add support for line continuation and improved colors (#3326) 1784b175
- Added span around command and output (#3312) 82d0ca15

Other

Core
- Added better error message for missing grammars (#3311) 2cc4660b

`v1.26.0`

Compare Source

New components

Atmel AVR Assembly (#2078) b5a70e4c
Go module (#3209) 8476a9ab
Keepalived Configure (#2417) d908e457
Tremor & Trickle & Troy (#3087) ec25ba65
Web IDL (#3107) ef53f021

Updated components

Use \d for [0-9] (#3097) 9fe2f93e
6502 Assembly
- Use standard tokens and minor improvements (#3184) 929c33e0
AppleScript
- Use class-name standard token (#3182) 9f5e511d
AQL
- Differentiate between strings and identifiers (#3183) fa540ab7
Arduino
- Added ino alias (#2990) 5b7ce5e4
Avro IDL
- Removed char syntax (#3185) c7809285
Bash
- Added node to known commands (#3291) 4b19b502
- Added vcpkg command (#3282) b351bc69
- Added docker and podman commands (#3237) 8c5ed251
Birb
- Fixed class name false positives (#3111) d7017beb
Bro
- Removed variable and minor improvements (#3186) 4cebf34c
BSL (1C:Enterprise)
- Made directive greedy (#3112) 5c412cbb
C
- Added char token (#3207) d85a64ae
C#
- Added char token (#3270) 220bc40f
- Move everything into the IIFE (#3077) 9ed4cf6e
Clojure
- Added char token (#3188) 1c88c7da
Concurnas
- Improved tokenization (#3189) 7b34e65d
Content-Security-Policy
- Improved tokenization (#3276) a943f2bb
Coq
- Improved attribute pattern performance (#3085) 2f9672aa
Crystal
- Improved tokenization (#3194) 51e3ecc0
Cypher
- Removed non-standard use of symbol token name (#3195) 6af8a644
D
- Added standard char token (#3196) dafdbdec
Dart
- Added string interpolation and improved metadata (#3197) e1370357
DataWeave
- Fixed keywords being highlighted as functions (#3113) 532212b2
EditorConfig
- Swap out property for key; alias with attr-name (#3272) bee6ad56
Eiffel
- Removed non-standard use of builtin name (#3198) 6add768b
Elm
- Recognize unicode escapes as valid Char (#3105) 736c581d
ERB
- Better embedding of Ruby (#3192) 336edeea
F#
- Added char token (#3271) b58cd722
G-code
- Use standard-conforming alias for checksum (#3205) ee7ab563
GameMaker Language
- Fixed operator token and added tests (#3114) d359eeae
Go
- Added char token and improved string and number tokens (#3208) f11b86e2
GraphQL
- Optimized regexes (#3136) 8494519e
Haml
- Use symbol alias for filter names (#3210) 3d410670
- Improved filter and interpolation tokenization (#3191) 005ba469
Haxe
- Improved tokenization (#3211) f41bcf23
Hoon
- Simplified the language definition a little (#3212) 81920b62
HTTP
- Added support for special header value tokenization (#3275) 3362fc79
- Relax pattern for body (#3169) 22d0c6ba
HTTP Public-Key-Pins
- Improved tokenization (#3278) 0f1b5810
HTTP Strict-Transport-Security
- Improved tokenization (#3277) 3d708b97
Idris
- Fixed import statements (#3115) 15cb3b78
Io
- Simplified comment token (#3214) c2afa59b
J
- Made comments greedy (#3215) 5af16014
Java
- Added char token (#3217) 0a9f909c
Java stack trace
- Removed unreachable parts of regexes (#3219) fa55492b
- Added missing lookbehinds (#3116) cfb2e782
JavaScript
- Improved number pattern (#3149) 5a24cbff
- Added properties (#3099) 3b2238fa
Jolie
- Improved tokenization (#3221) dfbb2020
JQ
- Improved performance of strings (#3084) 233415b8
JS stack trace
- Added missing boundary assertion (#3117) 23d9aec1
Julia
- Added char token (#3223) 3a876df0
Keyman
- Improved tokenization (#3224) baa95cab
Kotlin
- Added char token and improved string interpolation (#3225) 563cd73e
Latte
- Use standard token names and combined delimiter tokens (#3226) 6b168a3b
Liquid
- Removed unmatchable object variants (#3135) 05e7ab04
Lisp
- Improved defun (#3130) e8f84a6c
Makefile
- Use standard token names correctly (#3227) 21a3c2d7
Markdown
- Fixed typo in token name (#3101) 00f77a2c
MAXScript
- Various improvements (#3181) e9b856c8
- Fixed booleans not being highlighted (#3134) c6574e6b
Monkey
- Use standard tokens correctly (#3228) c1025aa6
N1QL
- Updated keywords + minor improvements (#3229) 642d93ec
nginx
- Made some patterns greedy (#3230) 7b72e0ad
Nim
- Added char token and made some tokens greedy (#3231) 2334b4b6
- Fixed backtick identifier (#3118) 75331bea
Nix
- Use standard token name correctly (#3232) 5bf6e35f
- Removed unmatchable token (#3119) dc1e808f
NSIS
- Made comment greedy (#3234) 969f152a
- Update regex pattern for variables (#3266) adcc8784
- Update regex for constants pattern (#3267) 55583fb2
Objective-C
- Improved string token (#3235) 8e0e95f3
OCaml
- Improved tokenization (#3269) 7bcc5da0
- Removed unmatchable punctuation variant (#3120) 314d6994
Oz
- Improved tokenization (#3240) a3905c04
Pascal
- Added support for asm and directives (#2653) f053af13
PATROL Scripting Language
- Added boolean token (#3248) a5b6c5eb
Perl
- Improved tokenization (#3241) f22ea9f9
PHP
- Removed useless keyword tokens (#3121) ee62a080
PHP Extras
- Improved scope and this (#3243) 59ef51db
PL/SQL
- Updated keywords + other improvements (#3109) e7ba877b
PowerQuery
- Improved tokenization and use standard tokens correctly (#3244) 5688f487
- Removed useless data-type alternative (#3122) eeb13996
PowerShell
- Fixed lookbehind + refactoring (#3245) d30a2da6
Processing
- Use standard tokens correctly (#3246) 5ee8c557
Prolog
- Removed variable token + minor improvements (#3247) bacf9ae3
Pug
- Improved filter tokenization (#3258) 0390e644
PureBasic
- Fixed token order inside asm token (#3123) f3b25786
Python
- Made comment greedy (#3249) 8ecef306
- Add match and case (soft) keywords (#3142) 3f24dc72
- Recognize walrus operator (#3126) 18bd101c
- Fixed numbers ending with a dot (#3106) 2c63efa6
QML
- Made string greedy (#3250) 1e6dcb51
React JSX
- Move alias property (#3222) 18c92048
React TSX
- Removed parameter token (#3090) 0a313f4f
Reason
- Use standard tokens correctly (#3251) 809af0d9
Regex
- Fixed char-class/char-set confusion (#3124) 4dde2e20
Ren'py
- Improved language + added tests (#3125) ede55b2c
Rip
- Use standard char token (#3252) 2069ab0c
Ruby
- Improved tokenization (#3193) 86028adb
Rust
- Improved type-definition and use standard tokens correctly (#3253) 4049e5c6
Scheme
- Use standard char token (#3254) 7d740c45
- Updates syntax for reals (#3159) 4eb81fa1
Smalltalk
- Use standard char token (#3255) a7bb3001
- Added boolean token (#3100) 51382524
Smarty
- Improved tokenization (#3268) acc0bc09
SQL
- Added identifier token (#3141) 4e00cddd
Squirrel
- Use standard char token (#3256) 58a65bfd
Stan
- Added missing keywords and HOFs (#3238) afd77ed1
Structured Text (IEC 61131-3)
- Structured text: Improved tokenization (#3213) d04d166d
Swift
- Added support for isolated keyword (#3174) 18c828a6
TAP
- Conform to quoted-properties style (#3127) 3ef71533
Tremor
- Use standard regex token (#3257) c56e4bf5
Twig
- Improved tokenization (#3259) e03a7c24
TypeScript
- Removed duplicate keywords (#3132) 91060fd6
URI
- Fixed IPv4 regex (#3128) 599e30ee
V
- Use standard char token (#3260) e4373256
Verilog
- Use standard tokens correctly (#3261) 43124129
Visual Basic
- Simplify regexes and use more common aliases (#3262) aa73d448
Wolfram language
- Removed unmatchable punctuation variant (#3133) a28a86ad
Xojo (REALbasic)
- Proper token name for directives (#3263) ffd8343f
Zig
- Added missing keywords (#3279) deed35e3
- Use standard char token (#3264) c3f9fb70
- Fixed module comments and astral chars (#3129) 09a0e2ba

Updated plugins

File Highlight
- File highlight+data range (#1813) d38592c5
Keep Markup
- Added drop-tokens option class (#3166) b679cfe6
Line Highlight
- Expose highlightLines function as Prism.plugins.highlightLines (#3086) 9f4c0e74
Toolbar
- Set z-index of .toolbar to 10 (#3163) 1cac3559

Updated themes

Coy: Set z-index to make shadows visible in colored table cells (#3161) 79f250f3
Coy: Added padding to account for box shadow (#3143) a6a4ce7e

Other

Core
- Added setLanguage util function (#3167) b631949a
- Fixed type error on null (#3057) a80a68ba
- Document disableWorkerMessageHandler (#3088) 213cf7be
Infrastructure
- Tests: Added .html.test files for replace .js language tests (#3148) 2e834c8c
- Added regex coverage (#3138) 5333e281
- Tests: Added TestCaseFile class and generalized runTestCase (#3147) ae8888a0
- Added even more language tests (#3137) 344d0b27
- Added more plugin tests (#1969) a394a14d
- Added more language tests (#3131) 2f7f7364
- package.json: Added engines.node field (#3108) 798ee4f6
- Use tabs in package(-lock).json (#3098) 8daebb4a
- Update [email protected] (#3091) e6e1d5ae
- Added minified CSS (#3073) d63d6c0e
Website
- Readme: Clarify usage of our build system (#3239) 6f1d904a
- Improved CDN usage URLs (#3285) 6c21b2f7
- Update download.html 9d5424b6
- Autoloader: Mention how to load grammars from URLs (#3218) cefccdd1
- Added PrismJS React and HTML tutorial link (#3190) 0ecdbdce
- Improved readability (#3177) 4433d7fe
- Fixed red highlighting in Firefox (#3178) 746da79b
- Use Keep markup to highlight code section (#3164) ebd59e32
- Document standard tokens and provide examples (#3104) 37551200
- Fixed dead link to third-party tutorial #3155 (#3156) 31b4c1b8
- Repositioned theme selector (#3146) ea361e5a
- Adjusted TOC's line height for better readability (#3145) c5629706
- Updated plugin header template (#3144) faedfe85
- Update test and example pages to use Autoloader (#1936) 3d96eedc

Configuration

📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

[ ] If you want to rebase/retry this PR, click this checkbox.

This PR has been generated by Mend Renovate. View repository job log here.

Feb 26 '22 04:02 renovate[bot]

graphql.github.io graphql.github.io copied to clipboard

Update dependency prismjs to v1.27.0 [SECURITY]

GitHub Vulnerability Alerts

CVE-2022-23647

Impact

Patches

Workarounds

References

Release Notes

v1.27.0

New components

Updated components

Updated plugins

Other

v1.26.0

New components

Updated components

Updated plugins

Updated themes

Other

Configuration

graphql.github.io
graphql.github.io copied to clipboard

`v1.27.0`

`v1.26.0`