Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[SECURITY] Major vulnerability in dependency - Prism.js #79

Closed
3 tasks done
Lissy93 opened this issue Jul 5, 2021 · 0 comments
Closed
3 tasks done

[SECURITY] Major vulnerability in dependency - Prism.js #79

Lissy93 opened this issue Jul 5, 2021 · 0 comments
Assignees
@Lissy93
Labels
🐛 Bug [ISSUE] Ticket describing something that isn't working

Comments

@Lissy93
Copy link
Owner

Lissy93 commented Jul 5, 2021

Issue

Snyk recently reported that one of Dashy's dependencies, Prism.js (which is used for syntax highlighting) has a critical vulnerability, in the form of Regular Expression Denial of Service (ReDoS) - re CVE-2021-32723 and CVE-400. The Snyk report can be found here.

This was fixed by the Prism team in d85e30da6755fdbe7f8559f8e75d122297167018 and PR 2774. The results of which can be seen under Prism's Security Advisories.

Solution

Dashy's Prism dependency needs to be updated from 1.23.0 to the latest version (currently 1.24.1).

Before submitting, please ensure that:

  • This issue has not already been raised
  • You are using the latest version of Dashy
  • You've included the relevant information above
@Lissy93 Lissy93 added the 🐛 Bug [ISSUE] Ticket describing something that isn't working label Jul 5, 2021
@Lissy93 Lissy93 self-assigned this Jul 5, 2021
Lissy93 added a commit that referenced this issue Jul 5, 2021
@Lissy93
⬆️ Updates Prism.js dependency, fixes #79
0c01779
@Lissy93 Lissy93 mentioned this issue Jul 5, 2021
Merged
5 tasks
@Lissy93 Lissy93 closed this as completed in 2b58b7b Jul 5, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@Lissy93 Lissy93

Labels
🐛 Bug [ISSUE] Ticket describing something that isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@Lissy93