[Snyk] Upgrade prismjs from 1.21.0 to 1.23.0

[snyk-bot]

Snyk has created this PR to upgrade prismjs from 1.21.0 to 1.23.0.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

---

• The recommended version is 2 versions ahead of your current version.
• The recommended version was released 4 months ago, on 2020-12-31.

The recommended version fixes:

Severity	Issue	PriorityScore (*)	Exploit Maturity
	Regular Expression Denial of Service (ReDoS) SNYK-JS-PRISMJS-1076581	589/1000 Why? Has a fix available, CVSS 7.5	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Release notes

Package name: prismjs

• 1.23.0 - 2020-12-31
  

  New components

  • Apex (#2622) f0e2b70e
  • DataWeave (#2659) 0803525b
  • PromQL (#2628) 8831c706

  Updated components

  • Fixed multiple vulnerable regexes (#2584) c2f6a644
  • Apache Configuration
    • Update directive-flag to match = (#2612) 00bf00e3
  • C-like
    • Made all comments greedy (#2680) 0a3932fe
  • C
    • Better class name and macro name detection (#2585) 129faf5c
  • Content-Security-Policy
    • Added missing directives and keywords (#2664) f1541342
    • Do not highlight directive names with adjacent hyphens (#2662) a7ccc16d
  • CSS
    • Better HTML style attribute tokenization (#2569) b04cbafe
  • Java
    • Improved package and class name detection (#2599) 0889bc7c
    • Added Java 15 keywords (#2567) 73f81c89
  • Java stack trace
    • Added support stack frame element class loaders and modules (#2658) 0bb4f096
  • Julia
    • Removed constants that are not exported by default (#2601) 093c8175
  • Kotlin
    • Added support for backticks in function names (#2489) a5107d5c
  • Latte
    • Fixed exponential backtracking (#2682) 89f1e182
  • Markdown
    • Improved URL tokenization (#2678) 2af3e2c2
    • Added support for YAML front matter (#2634) 5cf9cfbc
  • PHP
    • Added support for PHP 7.4 + other major improvements (#2566) 38808e64
    • Added support for PHP 8.0 features (#2591) df922d90
    • Removed C-like dependency (#2619) 89ebb0b7
    • Fixed exponential backtracking (#2684) 37b9c9a1
  • Sass (Scss)
    • Added support for Sass modules (#2643) deb238a6
  • Scheme
    • Fixed number pattern (#2648) e01ecd00
    • Fixed function and function-like false positives (#2611) 7951ca24
  • Shell session
    • Fixed false positives because of links in command output (#2649) 8e76a978
  • TSX
    • Temporary fix for the collisions of JSX tags and TS generics (#2596) 25bdb494

  Updated plugins

  • Made Autoloader and Diff Highlight compatible (#2580) 7a74497a
  • Copy to Clipboard Button
    • Set type="button" attribute for copy to clipboard plugin (#2593) f59a85f1
  • File Highlight
    • Fixed IE compatibility problem (#2656) 3f4ae00d
  • Line Highlight
    • Fixed top offset in combination with Line numbers (#2237) b40f8f4b
    • Fixed print background color (#2668) cdb24abe
  • Line Numbers
    • Fixed null reference (#2605) 7cdfe556
  • Treeview
    • Fixed icons on dark themes (#2631) 7266e32f
  • Unescaped Markup
    • Refactoring (#2445) fc602822

  Other

  • Readme: Added alternative link for Chinese translation 071232b4
  • Readme: Removed broken icon for Chinese translation (#2670) 2ea202b9
  • Readme: Grammar adjustments (#2629) f217ab75
  • Core
    • Moved pattern matching + lookbehind logic into function (#2633) 24574406
    • Fixed bug with greedy matching (#2632) 8fa8dd24
  • Infrastructure
    • Migrate from TravisCI -> GitHub Actions (#2606) 69132045
    • Added Dangerfile and provide bundle size info (#2608) 9df20c5e
    • New start script to start local server (#2491) 0604793c
    • Added test for exponential backtracking (#2590) 05afbb10
    • Added test for polynomial backtracking (#2597) e644178b
    • Tests: Better pretty print (#2600) 8bfcc819
    • Tests: Fixed sorted language list test (#2623) 2d3a1267
    • Tests: Stricter pattern for nice-token-names test (#2588) 0df60be1
    • Tests: Added strict checks for Prism.languages.extend (#2572) 8828500e
  • Website
    • Test page: Added "Share" option (#2575) b5f4f10e
    • Test page: Don't trigger ad-blockers with class (#2677) df0738e9
    • Thousands -> millions 9f82de50
    • Unescaped Markup: More doc regarding comments (#2652) add3736a
    • Website: Added and updated documentation (#2654) 8e660495
    • Website: Updated and improved guide on "Extending Prism" page (#2586) 8e1f38ff
• 1.22.0 - 2020-10-10
  

  Release 1.22.0

• 1.21.0 - 2020-08-06
  

  Release 1.21.0

from prismjs GitHub release notes

Commit messages

Package name: prismjs

• 88a17b4 1.23.0
• 5dc7b42 Changelog v1.23.0 ($foo = $foo gets completely compiled away sveltejs/svelte#2681)
• 37b9c9a PHP: Fixed exponential backtracking (add slots option to component constructor options object sveltejs/svelte#2684)
• 89f1e18 Latte: Fixed exponential backtracking ("node.parentNode is null" thrown when removing from nested, keyed list sveltejs/svelte#2682)
• 0a3932f C-like: Made all comments greedy (add database entries for new gists, update REPL URLs sveltejs/svelte#2680)
• cdb24ab Line Highlight: Fixed print background color (slot inside #if inside #each : TypeError cannot read property 'd' of null sveltejs/svelte#2668)
• e644178 Added test for polynomial backtracking (Site: REPL temp fix for touch devices sveltejs/svelte#2597)
• b40f8f4 Line highlight: Fixed top offset in combination with Line numbers (only clear out stylesheet after removing a specific animation sveltejs/svelte#2237)
• 2af3e2c Markdown: Improved URL tokenization (fix wacky layout on mobile sveltejs/svelte#2678)
• df0738e Test page: Don't trigger ad-blockers with class (Docs: document rest in array/object destructuring in each blocks sveltejs/svelte#2677)
• b5f4f10 Test page: Added "Share" option (Anchors are buggy on https://svelte.dev/docs sveltejs/svelte#2575)
• 0604793 New `start` script to start local server (Clarification of array example sveltejs/svelte#2491)
• 8828500 Tests: Added strict checks for `Prism.languages.extend` (Site: Attach Database sveltejs/svelte#2572)
• 7266e32 Treeview: Fixed icons on dark themes (Check 'injected' and 'fixed_reactive_declarations' independently sveltejs/svelte#2631)
• 7f23ef3 Fixed Danger CI for forks (Documentation setContext and getContext cleanup sveltejs/svelte#2638)
• 990f48f Fixed build
• 071232b Readme: Added alternative link for Chinese translation
• fc57999 Bump ini from 1.3.5 to 1.3.7 (expose svelte.walk sveltejs/svelte#2672)
• 2ea202b README: Removed broken icon for Chinese translation (Applying read only property form onto elements using attr instead sveltejs/svelte#2670)
• 9f82de5 thousands -> millions
• f154134 CSP: Added missing directives and keywords (Add support for object-rest in each destructuring sveltejs/svelte#2664)
• a7ccc16 CSP: Do not highlight directive names with adjacent hyphens (Site: Briefly mention intro:true in the transition directive section. sveltejs/svelte#2662)
• e01ecd0 Scheme: Fixed number pattern (Using alert, prompt or confirm in an inlined event handler gives warning sveltejs/svelte#2648)
• 05afbb1 Added test for exponential backtracking (Site: use pure javascript slugification library sveltejs/svelte#2590)

Compare

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs