[Snyk] Security upgrade prismjs from 1.21.0 to 1.25.0

[snyk-bot]

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • deps/npm/docs/package.json
  • deps/npm/docs/package-lock.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	768/1000 Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-PRISMJS-1585202	No	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: prismjs

The new version differs by 250 commits.

• 99d94fa 1.25.0
• 6d8e547 Updated changelog (test: change calls to deprecated util.print() nodejs/node#3083)
• e008ea0 Added support for Kusto (HTTP outgoing queue bug fix (#2639) nodejs/node#3068)
• 4433ccf Added support for ASP.NET Razor (https: throw error if required params missing nodejs/node#3064)
• 6a356d2 Added support for Wren (timers: fix processing of nested same delay timers nodejs/node#3063)
• 4fbdd2f Added support for MAXScript (src: internalize per-isolate string properties nodejs/node#3060)
• 746a4b1 Added AviSynth language definition (Can't compile nodejs 4.1.1 on lubuntu 15.04 nodejs/node#3071)
• ffb2043 Twilight theme: Increase selector specificities of plugin overrides (crypto.randomBytes documentation needs improvement nodejs/node#3081)
• 52e8cee Markup: Made most patterns greedy (Intl: prepare for ICU 56 bump nodejs/node#3065)
• c7b6a7f Previewers: Ensure popup is visible across themes (Native buf checks nodejs/node#3080)
• 0ff371b Markup: Fixed ReDoS (lib,test: deprecate _linklist nodejs/node#3078)
• d216e60 Tests: Improved dection of empty patterns (src: Include "signal.h" in "util.h" nodejs/node#3058)
• a1b67ce Added support for Magma (CAS) (Node fails to download entire (large) file via http/https when agent: false is used. Fails on 0.10, 0.12, 4.1.1.  nodejs/node#3055)
• 23cd9b6 Added support for GAP (CAS) (Launcher not working: Keep getting ArrayIndexOutOfBound nodejs/node#3054)
• 8d0b74b Clojure: Improved tokenization (0.12.7 vs 4.1.1 - Are there some changes in net.Socket? nodejs/node#3056)
• 148c1ec Added support for Mermaid (Shouldn't DNS error code 'EADNAME' be 'EBADNAME'? nodejs/node#3050)
• 8df825e Added support for Systemd configuration files (build,win: fix node.exe resource version nodejs/node#3053)
• 87e5a37 Added support for Apache Avro IDL ( dns: add missing exports.BADNAME nodejs/node#3051)
• 247fd9a Highlight Keywords: More documentation (src: remove unused sync result from ASYNC_CALL nodejs/node#3049)
• 35b88fc Shell-session: Fixed command false positives (After Updating node to 4.0, xmlHttpRequest post formdata  nodejs/node#3048)
• 4f97b82 Added support for GN (http: Reject paths containing non-ASCII characters nodejs/node#3062)
• 5de8947 C++: Fixed generic function false positive (Crypto library should have a constant-time equality function nodejs/node#3043)
• 4e9338a ESLint: Added `regexp/no-super-linear-backtracking` rule (Automatically add / strip BOM nodejs/node#3040)
• 44456b2 Added benchmark suite (TC39 representation for the Node.js Foundation nodejs/node#2153)

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

[mistaken-pull-closer]

Thanks for your submission.

It appears that you've created a pull request using one of our repository's branches. Since this is
almost always a mistake, we're going to go ahead and close this. If it was intentional, please
let us know what you were intending and we can see about reopening it.

Thanks again!

[pull-dog]

*Ruff* 🐶 I wasn't able to find any Docker Compose files in your repository at any of the given paths in the pull-dog.json configuration file, or the default docker-compose.yml file 😩 Make sure the given paths are correct.

Files checked:

• docker-compose.yml

What is this?

Pull Dog is a GitHub app that makes test environments for your pull requests using Docker, from a docker-compose.yml file you specify. It takes 19 seconds to set up (we counted!) and there's a free plan available.

Visit our website to learn more.

Commands

• @pull-dog up to reprovision or provision the server.
• @pull-dog down to delete the provisioned server.

Troubleshooting

Need help? Don't hesitate to file an issue in our repository

Configuration

{
  "isLazy": false,
  "dockerComposeYmlFilePaths": [
    "docker-compose.yml"
  ],
  "expiry": "00:00:00",
  "conversationMode": "singleComment"
}

Trace ID
09ff8b20-18cc-11ec-986a-f2c3f75a3361

[guardrails]

⚠️ We detected 14 security issues in this pull request:

Mode: paranoid | Total findings: 14 | Considered vulnerability: 14

Vulnerable Libraries (14)

Severity	Details
Medium	acorn@7.1.0 (t) upgrade to: >5.7.3 || >6.4.0 || >7.1.0
High	bl@3.0.0 (t) upgrade to: >1.2.2 || >2.2.0 || 3.0.0 || >4.0.2
Medium	browserslist@4.8.3 (t) upgrade to: >4.16.4
High	decompress@4.2.0 (t) upgrade to: >=4.2.1
High	dot-prop@4.2.0 (t) upgrade to: >=4.2.1 || >=5.1.1
High	get-urls@8.0.0 (t) upgrade to: >9.2.1
Medium	hosted-git-info@2.8.5 (t) upgrade to: >=2.8.9 || >=3.0.8
High	lodash@4.17.15 (t) upgrade to: >4.17.20
High	meow@3.7.0 (t) upgrade to: >5.0.0
High	normalize-url@4.5.0 (t) upgrade to: >4.5.0 || >5.3.0 || 6.0.0
Medium	path-parse@1.0.6 (t) upgrade to: >=1.0.7
Medium	postcss@7.0.26 (t) upgrade to: >7.0.35 || >8.2.9
High	remark@10.0.1 (t) upgrade to: >12.0.1
High	tar@5.0.5 (t) upgrade to: >4.4.17 || >5.0.9 || >6.1.8

More info on how to fix Vulnerable Libraries in JavaScript.

---

👉 Go to the dashboard for detailed results.

📥 Happy? Share your feedback with us.