-
Notifications
You must be signed in to change notification settings - Fork 0
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Update dependency prismjs to v1.27.0 [SECURITY] #246
Open
renovate
wants to merge
1
commit into
master
Choose a base branch
from
renovate/npm-prismjs-vulnerability
base: master
Could not load branches
Branch not found: {{ refName }}
Loading
Could not load tags
Nothing to show
Loading
Are you sure you want to change the base?
Some commits from the old base branch may be removed from the timeline,
and old review comments may become outdated.
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
renovate
bot
force-pushed
the
renovate/npm-prismjs-vulnerability
branch
5 times, most recently
from
March 13, 2021 17:14
e2318e6
to
12bbde3
Compare
renovate
bot
force-pushed
the
renovate/npm-prismjs-vulnerability
branch
2 times, most recently
from
March 20, 2021 17:46
e2a646c
to
3186a05
Compare
renovate
bot
force-pushed
the
renovate/npm-prismjs-vulnerability
branch
2 times, most recently
from
March 27, 2021 18:55
5a57378
to
afd8f91
Compare
renovate
bot
force-pushed
the
renovate/npm-prismjs-vulnerability
branch
from
April 10, 2021 16:47
afd8f91
to
5490c54
Compare
renovate
bot
force-pushed
the
renovate/npm-prismjs-vulnerability
branch
3 times, most recently
from
May 8, 2021 16:18
cd15e59
to
084e848
Compare
renovate
bot
force-pushed
the
renovate/npm-prismjs-vulnerability
branch
from
May 15, 2021 16:23
084e848
to
a65e2ef
Compare
renovate
bot
force-pushed
the
renovate/npm-prismjs-vulnerability
branch
2 times, most recently
from
May 29, 2021 17:09
f77b8b7
to
6e96fe4
Compare
renovate
bot
force-pushed
the
renovate/npm-prismjs-vulnerability
branch
from
June 19, 2021 16:53
6e96fe4
to
3ee2b9e
Compare
renovate
bot
force-pushed
the
renovate/npm-prismjs-vulnerability
branch
from
June 28, 2021 19:38
3ee2b9e
to
d4d322e
Compare
renovate
bot
changed the title
Update dependency prismjs to v1.23.0 [SECURITY]
Update dependency prismjs to v1.24.0 [SECURITY]
Jun 28, 2021
renovate
bot
force-pushed
the
renovate/npm-prismjs-vulnerability
branch
2 times, most recently
from
July 10, 2021 16:23
c68b580
to
b88bdad
Compare
renovate
bot
force-pushed
the
renovate/npm-prismjs-vulnerability
branch
2 times, most recently
from
July 10, 2021 18:49
fcb2e82
to
be169f5
Compare
renovate
bot
force-pushed
the
renovate/npm-prismjs-vulnerability
branch
2 times, most recently
from
July 31, 2021 16:37
4e64fc7
to
2a0630c
Compare
renovate
bot
force-pushed
the
renovate/npm-prismjs-vulnerability
branch
3 times, most recently
from
August 14, 2021 16:45
440b9c7
to
b8882e2
Compare
renovate
bot
force-pushed
the
renovate/npm-prismjs-vulnerability
branch
from
August 14, 2021 18:24
b8882e2
to
4afde44
Compare
renovate
bot
force-pushed
the
renovate/npm-prismjs-vulnerability
branch
from
August 21, 2021 18:46
4afde44
to
f0a8f2c
Compare
renovate
bot
force-pushed
the
renovate/npm-prismjs-vulnerability
branch
3 times, most recently
from
October 29, 2022 19:17
8004b70
to
6e34d7e
Compare
renovate
bot
force-pushed
the
renovate/npm-prismjs-vulnerability
branch
from
December 10, 2022 18:11
6e34d7e
to
ea5688a
Compare
renovate
bot
force-pushed
the
renovate/npm-prismjs-vulnerability
branch
from
December 17, 2022 19:06
ea5688a
to
331939d
Compare
renovate
bot
force-pushed
the
renovate/npm-prismjs-vulnerability
branch
from
January 21, 2023 20:19
331939d
to
3fbbe51
Compare
renovate
bot
force-pushed
the
renovate/npm-prismjs-vulnerability
branch
2 times, most recently
from
February 18, 2023 19:45
8fc8475
to
52f7846
Compare
renovate
bot
force-pushed
the
renovate/npm-prismjs-vulnerability
branch
from
April 1, 2023 22:45
52f7846
to
9cd94a9
Compare
renovate
bot
force-pushed
the
renovate/npm-prismjs-vulnerability
branch
2 times, most recently
from
April 15, 2023 19:29
88bb33d
to
4fbaa6b
Compare
renovate
bot
force-pushed
the
renovate/npm-prismjs-vulnerability
branch
from
April 29, 2023 19:29
4fbaa6b
to
afada17
Compare
renovate
bot
changed the title
Update dependency prismjs to v1.27.0 [SECURITY]
Update dependency prismjs to v1.27.0 [SECURITY] - autoclosed
May 3, 2023
renovate
bot
changed the title
Update dependency prismjs to v1.27.0 [SECURITY] - autoclosed
Update dependency prismjs to v1.27.0 [SECURITY]
May 3, 2023
renovate
bot
force-pushed
the
renovate/npm-prismjs-vulnerability
branch
2 times, most recently
from
May 6, 2023 21:15
ce4ae20
to
53f7ad5
Compare
renovate
bot
force-pushed
the
renovate/npm-prismjs-vulnerability
branch
from
May 27, 2023 19:28
53f7ad5
to
c349a26
Compare
renovate
bot
force-pushed
the
renovate/npm-prismjs-vulnerability
branch
from
June 10, 2023 19:13
c349a26
to
ee93315
Compare
renovate
bot
force-pushed
the
renovate/npm-prismjs-vulnerability
branch
from
August 12, 2023 18:17
ee93315
to
81e9243
Compare
renovate
bot
force-pushed
the
renovate/npm-prismjs-vulnerability
branch
from
August 26, 2023 20:25
81e9243
to
0bb535c
Compare
renovate
bot
force-pushed
the
renovate/npm-prismjs-vulnerability
branch
from
September 16, 2023 18:37
0bb535c
to
470b7ec
Compare
renovate
bot
force-pushed
the
renovate/npm-prismjs-vulnerability
branch
from
September 30, 2023 18:16
470b7ec
to
86a7755
Compare
renovate
bot
force-pushed
the
renovate/npm-prismjs-vulnerability
branch
from
October 14, 2023 18:08
86a7755
to
6f5dfb6
Compare
renovate
bot
force-pushed
the
renovate/npm-prismjs-vulnerability
branch
from
October 21, 2023 18:53
6f5dfb6
to
01d8d18
Compare
renovate
bot
force-pushed
the
renovate/npm-prismjs-vulnerability
branch
from
November 11, 2023 18:41
01d8d18
to
e939759
Compare
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Labels
None yet
0 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR contains the following updates:
1.22.0
->1.27.0
GitHub Vulnerability Alerts
CVE-2021-23341
The package prismjs before 1.23.0 are vulnerable to Regular Expression Denial of Service (ReDoS) via the
prism-asciidoc
,prism-rest
,prism-tap
andprism-eiffel
components.CVE-2021-32723
Some languages before 1.24.0 are vulnerable to Regular Expression Denial of Service (ReDoS).
Impact
When Prism is used to highlight untrusted (user-given) text, an attacker can craft a string that will take a very very long time to highlight. Do not use the following languages to highlight untrusted text.
Other languages are not affected and can be used to highlight untrusted text.
Patches
This problem has been fixed in Prism v1.24.
References
CVE-2021-3801
Prism is a syntax highlighting library. The prismjs package is vulnerable to ReDoS (regular expression denial of service). An attacker that is able to provide a crafted HTML comment as input may cause an application to consume an excessive amount of CPU.
CVE-2022-23647
Impact
Prism's Command line plugin can be used by attackers to achieve an XSS attack. The Command line plugin did not properly escape its output, leading to the input text being inserted into the DOM as HTML code.
Server-side usage of Prism is not impacted. Websites that do not use the Command Line plugin are also not impacted.
Patches
This bug has been fixed in v1.27.0.
Workarounds
Do not use the Command line plugin on untrusted inputs, or sanitized all code blocks (remove all HTML code text) from all code blocks that use the Command line plugin.
References
Release Notes
PrismJS/prism (prismjs)
v1.27.0
Compare Source
New components
3f8cc5a0
Updated components
bcb2e2c8
section
fromkeyword
toselector
(#3305)e46501b9
header
forsection
(#3304)deb3a97f
8458c41f
$
(#3320)d6c53726
441a1422
operator
forpunctuation
(#3306)2eb89e15
Updated plugins
e002e78c
1784b175
82d0ca15
Other
2cc4660b
v1.26.0
Compare Source
New components
b5a70e4c
8476a9ab
d908e457
ec25ba65
ef53f021
Updated components
\d
for[0-9]
(#3097)9fe2f93e
929c33e0
class-name
standard token (#3182)9f5e511d
fa540ab7
ino
alias (#2990)5b7ce5e4
c7809285
node
to known commands (#3291)4b19b502
vcpkg
command (#3282)b351bc69
docker
andpodman
commands (#3237)8c5ed251
d7017beb
variable
and minor improvements (#3186)4cebf34c
directive
greedy (#3112)5c412cbb
char
token (#3207)d85a64ae
char
token (#3270)220bc40f
9ed4cf6e
char
token (#3188)1c88c7da
7b34e65d
a943f2bb
2f9672aa
51e3ecc0
symbol
token name (#3195)6af8a644
dafdbdec
e1370357
532212b2
property
forkey
; alias withattr-name
(#3272)bee6ad56
builtin
name (#3198)6add768b
736c581d
336edeea
char
token (#3271)b58cd722
ee7ab563
operator
token and added tests (#3114)d359eeae
char
token and improvedstring
andnumber
tokens (#3208)f11b86e2
8494519e
symbol
alias for filter names (#3210)3d410670
005ba469
f41bcf23
81920b62
3362fc79
22d0c6ba
0f1b5810
3d708b97
15cb3b78
c2afa59b
5af16014
char
token (#3217)0a9f909c
fa55492b
cfb2e782
number
pattern (#3149)5a24cbff
3b2238fa
dfbb2020
233415b8
23d9aec1
char
token (#3223)3a876df0
baa95cab
char
token and improved string interpolation (#3225)563cd73e
6b168a3b
05e7ab04
defun
(#3130)e8f84a6c
21a3c2d7
00f77a2c
e9b856c8
c6574e6b
c1025aa6
642d93ec
7b72e0ad
char
token and made some tokens greedy (#3231)2334b4b6
75331bea
5bf6e35f
dc1e808f
comment
greedy (#3234)969f152a
adcc8784
55583fb2
string
token (#3235)8e0e95f3
7bcc5da0
314d6994
a3905c04
f053af13
boolean
token (#3248)a5b6c5eb
f22ea9f9
ee62a080
scope
andthis
(#3243)59ef51db
e7ba877b
5688f487
data-type
alternative (#3122)eeb13996
d30a2da6
5ee8c557
bacf9ae3
0390e644
asm
token (#3123)f3b25786
comment
greedy (#3249)8ecef306
match
andcase
(soft) keywords (#3142)3f24dc72
18bd101c
2c63efa6
string
greedy (#3250)1e6dcb51
18c92048
parameter
token (#3090)0a313f4f
809af0d9
4dde2e20
ede55b2c
char
token (#3252)2069ab0c
86028adb
type-definition
and use standard tokens correctly (#3253)4049e5c6
char
token (#3254)7d740c45
4eb81fa1
char
token (#3255)a7bb3001
boolean
token (#3100)51382524
acc0bc09
4e00cddd
char
token (#3256)58a65bfd
afd77ed1
d04d166d
isolated
keyword (#3174)18c828a6
3ef71533
regex
token (#3257)c56e4bf5
e03a7c24
91060fd6
599e30ee
char
token (#3260)e4373256
43124129
aa73d448
a28a86ad
ffd8343f
deed35e3
char
token (#3264)c3f9fb70
09a0e2ba
Updated plugins
d38592c5
drop-tokens
option class (#3166)b679cfe6
highlightLines
function asPrism.plugins.highlightLines
(#3086)9f4c0e74
z-index
of.toolbar
to 10 (#3163)1cac3559
Updated themes
z-index
to make shadows visible in colored table cells (#3161)79f250f3
a6a4ce7e
Other
setLanguage
util function (#3167)b631949a
a80a68ba
disableWorkerMessageHandler
(#3088)213cf7be
.html.test
files for replace.js
language tests (#3148)2e834c8c
5333e281
TestCaseFile
class and generalizedrunTestCase
(#3147)ae8888a0
344d0b27
a394a14d
2f7f7364
package.json
: Addedengines.node
field (#3108)798ee4f6
package(-lock).json
(#3098)8daebb4a
eslint-plugin-regexp@1.2.0
(#3091)e6e1d5ae
d63d6c0e
6f1d904a
6c21b2f7
9d5424b6
cefccdd1
0ecdbdce
4433d7fe
746da79b
ebd59e32
37551200
31b4c1b8
ea361e5a
c5629706
faedfe85
3d96eedc
v1.25.0
Compare Source
New components
746a4b1a
87e5a376
c1dce998
23cd9b65
4f97b82b
ea776756
e008ea05
a1b67ce3
4fbdd2f8
148c1eca
4433ccfc
8df825e0
6a356d25
Updated components
748bb9ac
with
keyword & improved record support (#2993)fdd291c0
record
,init
, andnullable
keyword (#2991)9b561565
from
keyword (#2970)158f25d4
5de8947f
8d0b74b5
9c8911bd
693b7433
empty
keyword (#2997)fe3bc526
b0365e70
52e8cee9
0ff371bb
∀
a keyword (alias forforall
) (#3005)b38fc89a
679539ec
6f5d68f7
14fdfe32
35b88fcf
4492b62b
8541db2e
@propertyWrapper
,@MainActor
, and@globalActor
(#3009)ce5e0f01
bb93fac0
212e0ef2
Updated plugins
5126d1e1
e289ec60
63edf14c
c7b6a7f6
Updated themes
ffb20439
Other
44456b21
e997dd35
d216e602
247fd9a3
v1.24.1
Compare Source
Updated components
151121cd
Updated plugins
748ecddc
v1.24.0
Compare Source
New components
b0a6ec85
3f7d7453
7e5f78ff
41e25d3c
f9b69528
1f91868e
99a21dc5
bf4e7ba9
e9314415
7e51b99c
3419fb77
2bc6475b
f84c49c5
1a2347a3
18c67b49
1b63cd01
e38986f9
fd1081d2
bbc77d19
72962701
c4f6b2cc
Updated components
regexp/no-dupe-disjunctions
(#2952)f471d2d7
79d22182
d85e30da
ea82478d
fc2a3334
e4ad22ad
e5cfdb4a
::
punctuation (#2814)3df62fd0
88fa72cf
d0bcd074
93dd83c2
114e4626
e6c0d298
defdelagate
keyword and highlighting for function/module names (#2709)59f725d7
a5d7178c
definition-query
anddefinition-mutation
tokens (#2964)bfd7fded
34f24ac9
hbs
alias (#2874)43976351
1dfc8271
6183fd9b
4e7b2a82
42d24fa2
4ec7535c
ab7c9953
415651a0
9c610ae6
022f90a0
abab9104
cf28d1b2
ac1d12f9
45ec4a88
e9477d83
wrap
hook (#2719)2b355c98
8dbbbb35
5943f4cb
87d79390
cf3755cb
fn
keyword (#2858)e0ee93f1
7e8cd40d
8019e2f6
f79b0eef
04ef309c
01af04ed
Configuration
📅 Schedule: Branch creation - "" in timezone Asia/Tokyo, Automerge - At any time (no schedule defined).
🚦 Automerge: Enabled.
♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR was generated by Mend Renovate. View the repository job log.