module-federation.github.io fix(deps): update dependency prismjs to v1.27.0 [security]

fix(deps): update dependency prismjs to v1.27.0 [security]

Open renovate[bot] opened this issue 3 years ago • 1 comments

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence
prismjs	`1.24.1` -> `1.27.0`

GitHub Vulnerability Alerts

CVE-2021-3801

Prism is a syntax highlighting library. The prismjs package is vulnerable to ReDoS (regular expression denial of service). An attacker that is able to provide a crafted HTML comment as input may cause an application to consume an excessive amount of CPU.

CVE-2022-23647

Impact

Prism's Command line plugin can be used by attackers to achieve an XSS attack. The Command line plugin did not properly escape its output, leading to the input text being inserted into the DOM as HTML code.

Server-side usage of Prism is not impacted. Websites that do not use the Command Line plugin are also not impacted.

Patches

This bug has been fixed in v1.27.0.

Workarounds

Do not use the Command line plugin on untrusted inputs, or sanitized all code blocks (remove all HTML code text) from all code blocks that use the Command line plugin.

References

https://github.com/PrismJS/prism/pull/3341

Release Notes

PrismJS/prism

`v1.27.0`

Compare Source

New components

UO Razor Script (#3309) 3f8cc5a0

Updated components

AutoIt
- Allow hyphen in directive (#3308) bcb2e2c8
EditorConfig
- Change alias of section from keyword to selector (#3305) e46501b9
Ini
- Swap out header for section (#3304) deb3a97f
MongoDB
- Added v5 support (#3297) 8458c41f
PureBasic
- Added missing keyword and fixed constants ending with $ (#3320) d6c53726
Scala
- Added support for interpolated strings (#3293) 441a1422
Systemd configuration file
- Swap out operator for punctuation (#3306) 2eb89e15

Updated plugins

Command Line
- Escape markup in command line output (#3341) e002e78c
- Add support for line continuation and improved colors (#3326) 1784b175
- Added span around command and output (#3312) 82d0ca15

Other

Core
- Added better error message for missing grammars (#3311) 2cc4660b

`v1.26.0`

Compare Source

New components

Atmel AVR Assembly (#2078) b5a70e4c
Go module (#3209) 8476a9ab
Keepalived Configure (#2417) d908e457
Tremor & Trickle & Troy (#3087) ec25ba65
Web IDL (#3107) ef53f021

Updated components

Use \d for [0-9] (#3097) 9fe2f93e
6502 Assembly
- Use standard tokens and minor improvements (#3184) 929c33e0
AppleScript
- Use class-name standard token (#3182) 9f5e511d
AQL
- Differentiate between strings and identifiers (#3183) fa540ab7
Arduino
- Added ino alias (#2990) 5b7ce5e4
Avro IDL
- Removed char syntax (#3185) c7809285
Bash
- Added node to known commands (#3291) 4b19b502
- Added vcpkg command (#3282) b351bc69
- Added docker and podman commands (#3237) 8c5ed251
Birb
- Fixed class name false positives (#3111) d7017beb
Bro
- Removed variable and minor improvements (#3186) 4cebf34c
BSL (1C:Enterprise)
- Made directive greedy (#3112) 5c412cbb
C
- Added char token (#3207) d85a64ae
C#
- Added char token (#3270) 220bc40f
- Move everything into the IIFE (#3077) 9ed4cf6e
Clojure
- Added char token (#3188) 1c88c7da
Concurnas
- Improved tokenization (#3189) 7b34e65d
Content-Security-Policy
- Improved tokenization (#3276) a943f2bb
Coq
- Improved attribute pattern performance (#3085) 2f9672aa
Crystal
- Improved tokenization (#3194) 51e3ecc0
Cypher
- Removed non-standard use of symbol token name (#3195) 6af8a644
D
- Added standard char token (#3196) dafdbdec
Dart
- Added string interpolation and improved metadata (#3197) e1370357
DataWeave
- Fixed keywords being highlighted as functions (#3113) 532212b2
EditorConfig
- Swap out property for key; alias with attr-name (#3272) bee6ad56
Eiffel
- Removed non-standard use of builtin name (#3198) 6add768b
Elm
- Recognize unicode escapes as valid Char (#3105) 736c581d
ERB
- Better embedding of Ruby (#3192) 336edeea
F#
- Added char token (#3271) b58cd722
G-code
- Use standard-conforming alias for checksum (#3205) ee7ab563
GameMaker Language
- Fixed operator token and added tests (#3114) d359eeae
Go
- Added char token and improved string and number tokens (#3208) f11b86e2
GraphQL
- Optimized regexes (#3136) 8494519e
Haml
- Use symbol alias for filter names (#3210) 3d410670
- Improved filter and interpolation tokenization (#3191) 005ba469
Haxe
- Improved tokenization (#3211) f41bcf23
Hoon
- Simplified the language definition a little (#3212) 81920b62
HTTP
- Added support for special header value tokenization (#3275) 3362fc79
- Relax pattern for body (#3169) 22d0c6ba
HTTP Public-Key-Pins
- Improved tokenization (#3278) 0f1b5810
HTTP Strict-Transport-Security
- Improved tokenization (#3277) 3d708b97
Idris
- Fixed import statements (#3115) 15cb3b78
Io
- Simplified comment token (#3214) c2afa59b
J
- Made comments greedy (#3215) 5af16014
Java
- Added char token (#3217) 0a9f909c
Java stack trace
- Removed unreachable parts of regexes (#3219) fa55492b
- Added missing lookbehinds (#3116) cfb2e782
JavaScript
- Improved number pattern (#3149) 5a24cbff
- Added properties (#3099) 3b2238fa
Jolie
- Improved tokenization (#3221) dfbb2020
JQ
- Improved performance of strings (#3084) 233415b8
JS stack trace
- Added missing boundary assertion (#3117) 23d9aec1
Julia
- Added char token (#3223) 3a876df0
Keyman
- Improved tokenization (#3224) baa95cab
Kotlin
- Added char token and improved string interpolation (#3225) 563cd73e
Latte
- Use standard token names and combined delimiter tokens (#3226) 6b168a3b
Liquid
- Removed unmatchable object variants (#3135) 05e7ab04
Lisp
- Improved defun (#3130) e8f84a6c
Makefile
- Use standard token names correctly (#3227) 21a3c2d7
Markdown
- Fixed typo in token name (#3101) 00f77a2c
MAXScript
- Various improvements (#3181) e9b856c8
- Fixed booleans not being highlighted (#3134) c6574e6b
Monkey
- Use standard tokens correctly (#3228) c1025aa6
N1QL
- Updated keywords + minor improvements (#3229) 642d93ec
nginx
- Made some patterns greedy (#3230) 7b72e0ad
Nim
- Added char token and made some tokens greedy (#3231) 2334b4b6
- Fixed backtick identifier (#3118) 75331bea
Nix
- Use standard token name correctly (#3232) 5bf6e35f
- Removed unmatchable token (#3119) dc1e808f
NSIS
- Made comment greedy (#3234) 969f152a
- Update regex pattern for variables (#3266) adcc8784
- Update regex for constants pattern (#3267) 55583fb2
Objective-C
- Improved string token (#3235) 8e0e95f3
OCaml
- Improved tokenization (#3269) 7bcc5da0
- Removed unmatchable punctuation variant (#3120) 314d6994
Oz
- Improved tokenization (#3240) a3905c04
Pascal
- Added support for asm and directives (#2653) f053af13
PATROL Scripting Language
- Added boolean token (#3248) a5b6c5eb
Perl
- Improved tokenization (#3241) f22ea9f9
PHP
- Removed useless keyword tokens (#3121) ee62a080
PHP Extras
- Improved scope and this (#3243) 59ef51db
PL/SQL
- Updated keywords + other improvements (#3109) e7ba877b
PowerQuery
- Improved tokenization and use standard tokens correctly (#3244) 5688f487
- Removed useless data-type alternative (#3122) eeb13996
PowerShell
- Fixed lookbehind + refactoring (#3245) d30a2da6
Processing
- Use standard tokens correctly (#3246) 5ee8c557
Prolog
- Removed variable token + minor improvements (#3247) bacf9ae3
Pug
- Improved filter tokenization (#3258) 0390e644
PureBasic
- Fixed token order inside asm token (#3123) f3b25786
Python
- Made comment greedy (#3249) 8ecef306
- Add match and case (soft) keywords (#3142) 3f24dc72
- Recognize walrus operator (#3126) 18bd101c
- Fixed numbers ending with a dot (#3106) 2c63efa6
QML
- Made string greedy (#3250) 1e6dcb51
React JSX
- Move alias property (#3222) 18c92048
React TSX
- Removed parameter token (#3090) 0a313f4f
Reason
- Use standard tokens correctly (#3251) 809af0d9
Regex
- Fixed char-class/char-set confusion (#3124) 4dde2e20
Ren'py
- Improved language + added tests (#3125) ede55b2c
Rip
- Use standard char token (#3252) 2069ab0c
Ruby
- Improved tokenization (#3193) 86028adb
Rust
- Improved type-definition and use standard tokens correctly (#3253) 4049e5c6
Scheme
- Use standard char token (#3254) 7d740c45
- Updates syntax for reals (#3159) 4eb81fa1
Smalltalk
- Use standard char token (#3255) a7bb3001
- Added boolean token (#3100) 51382524
Smarty
- Improved tokenization (#3268) acc0bc09
SQL
- Added identifier token (#3141) 4e00cddd
Squirrel
- Use standard char token (#3256) 58a65bfd
Stan
- Added missing keywords and HOFs (#3238) afd77ed1
Structured Text (IEC 61131-3)
- Structured text: Improved tokenization (#3213) d04d166d
Swift
- Added support for isolated keyword (#3174) 18c828a6
TAP
- Conform to quoted-properties style (#3127) 3ef71533
Tremor
- Use standard regex token (#3257) c56e4bf5
Twig
- Improved tokenization (#3259) e03a7c24
TypeScript
- Removed duplicate keywords (#3132) 91060fd6
URI
- Fixed IPv4 regex (#3128) 599e30ee
V
- Use standard char token (#3260) e4373256
Verilog
- Use standard tokens correctly (#3261) 43124129
Visual Basic
- Simplify regexes and use more common aliases (#3262) aa73d448
Wolfram language
- Removed unmatchable punctuation variant (#3133) a28a86ad
Xojo (REALbasic)
- Proper token name for directives (#3263) ffd8343f
Zig
- Added missing keywords (#3279) deed35e3
- Use standard char token (#3264) c3f9fb70
- Fixed module comments and astral chars (#3129) 09a0e2ba

Updated plugins

File Highlight
- File highlight+data range (#1813) d38592c5
Keep Markup
- Added drop-tokens option class (#3166) b679cfe6
Line Highlight
- Expose highlightLines function as Prism.plugins.highlightLines (#3086) 9f4c0e74
Toolbar
- Set z-index of .toolbar to 10 (#3163) 1cac3559

Updated themes

Coy: Set z-index to make shadows visible in colored table cells (#3161) 79f250f3
Coy: Added padding to account for box shadow (#3143) a6a4ce7e

Other

Core
- Added setLanguage util function (#3167) b631949a
- Fixed type error on null (#3057) a80a68ba
- Document disableWorkerMessageHandler (#3088) 213cf7be
Infrastructure
- Tests: Added .html.test files for replace .js language tests (#3148) 2e834c8c
- Added regex coverage (#3138) 5333e281
- Tests: Added TestCaseFile class and generalized runTestCase (#3147) ae8888a0
- Added even more language tests (#3137) 344d0b27
- Added more plugin tests (#1969) a394a14d
- Added more language tests (#3131) 2f7f7364
- package.json: Added engines.node field (#3108) 798ee4f6
- Use tabs in package(-lock).json (#3098) 8daebb4a
- Update [email protected] (#3091) e6e1d5ae
- Added minified CSS (#3073) d63d6c0e
Website
- Readme: Clarify usage of our build system (#3239) 6f1d904a
- Improved CDN usage URLs (#3285) 6c21b2f7
- Update download.html 9d5424b6
- Autoloader: Mention how to load grammars from URLs (#3218) cefccdd1
- Added PrismJS React and HTML tutorial link (#3190) 0ecdbdce
- Improved readability (#3177) 4433d7fe
- Fixed red highlighting in Firefox (#3178) 746da79b
- Use Keep markup to highlight code section (#3164) ebd59e32
- Document standard tokens and provide examples (#3104) 37551200
- Fixed dead link to third-party tutorial #3155 (#3156) 31b4c1b8
- Repositioned theme selector (#3146) ea361e5a
- Adjusted TOC's line height for better readability (#3145) c5629706
- Updated plugin header template (#3144) faedfe85
- Update test and example pages to use Autoloader (#1936) 3d96eedc

`v1.25.0`

Compare Source

New components

AviSynth (#3071) 746a4b1a
Avro IDL (#3051) 87e5a376
Bicep (#3027) c1dce998
GAP (CAS) (#3054) 23cd9b65
GN (#3062) 4f97b82b
Hoon (#2978) ea776756
Kusto (#3068) e008ea05
Magma (CAS) (#3055) a1b67ce3
MAXScript (#3060) 4fbdd2f8
Mermaid (#3050) 148c1eca
Razor C# (#3064) 4433ccfc
Systemd configuration file (#3053) 8df825e0
Wren (#3063) 6a356d25

Updated components

Bicep
- Added support for multiline and interpolated strings and other improvements (#3028) 748bb9ac
C#
- Added with keyword & improved record support (#2993) fdd291c0
- Added record, init, and nullable keyword (#2991) 9b561565
- Added context check for from keyword (#2970) 158f25d4
C++
- Fixed generic function false positive (#3043) 5de8947f
Clojure
- Improved tokenization (#3056) 8d0b74b5
Hoon
- Fixed mixed-case aura tokenization (#3002) 9c8911bd
Liquid
- Added all objects from Shopify reference (#2998) 693b7433
- Added empty keyword (#2997) fe3bc526
Log file
- Added support for Java stack traces (#3003) b0365e70
Markup
- Made most patterns greedy (#3065) 52e8cee9
- Fixed ReDoS (#3078) 0ff371bb
PureScript
- Made ∀ a keyword (alias for forall) (#3005) b38fc89a
- Improved Haskell and PureScript (#3020) 679539ec
Python
- Support for underscores in numbers (#3039) 6f5d68f7
Sass
- Fixed issues with CSS Extras (#2994) 14fdfe32
Shell session
- Fixed command false positives (#3048) 35b88fcf
- Added support for the percent sign as shell symbol (#3010) 4492b62b
Swift
- Major improvements (#3022) 8541db2e
- Added support for @propertyWrapper, @MainActor, and @globalActor (#3009) ce5e0f01
- Added support for new Swift 5.5 keywords (#2988) bb93fac0
TypeScript
- Fixed keyword false positives (#3001) 212e0ef2

Updated plugins

JSONP Highlight
- Refactored JSONP logic (#3018) 5126d1e1
Line Highlight
- Extend highlight to full line width inside scroll container (#3011) e289ec60
Normalize Whitespace
- Removed unnecessary checks (#3017) 63edf14c
Previewers
- Ensure popup is visible across themes (#3080) c7b6a7f6

Updated themes

Twilight
- Increase selector specificities of plugin overrides (#3081) ffb20439

Other

Infrastructure
- Added benchmark suite (#2153) 44456b21
- Tests: Insert expected JSON by Default (#2960) e997dd35
- Tests: Improved dection of empty patterns (#3058) d216e602
Website
- Highlight Keywords: More documentation (#3049) 247fd9a3

Configuration

📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

[ ] If you want to rebase/retry this PR, check this box

This PR has been generated by Mend Renovate. View repository job log here.

Sep 20 '21 23:09 renovate[bot]

Edited/Blocked Notification

Renovate will not automatically rebase this PR, because it does not recognize the last commit author and assumes somebody else may have edited the PR.

You can manually request rebase by checking the rebase/retry box above.

⚠ Warning: custom changes will be lost.

Mar 23 '23 23:03 renovate[bot]

module-federation.github.io module-federation.github.io copied to clipboard

fix(deps): update dependency prismjs to v1.27.0 [security]

GitHub Vulnerability Alerts

CVE-2021-3801

CVE-2022-23647

Impact

Patches

Workarounds

References

Release Notes

v1.27.0

New components

Updated components

Updated plugins

Other

v1.26.0

New components

Updated components

Updated plugins

Updated themes

Other

v1.25.0

New components

Updated components

Updated plugins

Updated themes

Other

Configuration

Edited/Blocked Notification

module-federation.github.io
module-federation.github.io copied to clipboard

`v1.27.0`

`v1.26.0`

`v1.25.0`