[Snyk] Upgrade prismjs from 1.18.0 to 1.23.0

[snyk-bot]

Snyk has created this PR to upgrade prismjs from 1.18.0 to 1.23.0.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

---

• The recommended version is 5 versions ahead of your current version.
• The recommended version was released 5 months ago, on 2020-12-31.

The recommended version fixes:

Severity	Issue	PriorityScore (*)	Exploit Maturity
	Cross-site Scripting (XSS) SNYK-JS-PRISMJS-597628	629/1000 Why? Has a fix available, CVSS 8.3	No Known Exploit
	Regular Expression Denial of Service (ReDoS) SNYK-JS-PRISMJS-1076581	629/1000 Why? Has a fix available, CVSS 8.3	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Release notes

Package name: prismjs

• 1.23.0 - 2020-12-31
  

  New components

  • Apex (#2622) f0e2b70e
  • DataWeave (#2659) 0803525b
  • PromQL (#2628) 8831c706

  Updated components

  • Fixed multiple vulnerable regexes (#2584) c2f6a644
  • Apache Configuration
    • Update directive-flag to match = (#2612) 00bf00e3
  • C-like
    • Made all comments greedy (#2680) 0a3932fe
  • C
    • Better class name and macro name detection (#2585) 129faf5c
  • Content-Security-Policy
    • Added missing directives and keywords (#2664) f1541342
    • Do not highlight directive names with adjacent hyphens (#2662) a7ccc16d
  • CSS
    • Better HTML style attribute tokenization (#2569) b04cbafe
  • Java
    • Improved package and class name detection (#2599) 0889bc7c
    • Added Java 15 keywords (#2567) 73f81c89
  • Java stack trace
    • Added support stack frame element class loaders and modules (#2658) 0bb4f096
  • Julia
    • Removed constants that are not exported by default (#2601) 093c8175
  • Kotlin
    • Added support for backticks in function names (#2489) a5107d5c
  • Latte
    • Fixed exponential backtracking (#2682) 89f1e182
  • Markdown
    • Improved URL tokenization (#2678) 2af3e2c2
    • Added support for YAML front matter (#2634) 5cf9cfbc
  • PHP
    • Added support for PHP 7.4 + other major improvements (#2566) 38808e64
    • Added support for PHP 8.0 features (#2591) df922d90
    • Removed C-like dependency (#2619) 89ebb0b7
    • Fixed exponential backtracking (#2684) 37b9c9a1
  • Sass (Scss)
    • Added support for Sass modules (#2643) deb238a6
  • Scheme
    • Fixed number pattern (#2648) e01ecd00
    • Fixed function and function-like false positives (#2611) 7951ca24
  • Shell session
    • Fixed false positives because of links in command output (#2649) 8e76a978
  • TSX
    • Temporary fix for the collisions of JSX tags and TS generics (#2596) 25bdb494

  Updated plugins

  • Made Autoloader and Diff Highlight compatible (#2580) 7a74497a
  • Copy to Clipboard Button
    • Set type="button" attribute for copy to clipboard plugin (#2593) f59a85f1
  • File Highlight
    • Fixed IE compatibility problem (#2656) 3f4ae00d
  • Line Highlight
    • Fixed top offset in combination with Line numbers (#2237) b40f8f4b
    • Fixed print background color (#2668) cdb24abe
  • Line Numbers
    • Fixed null reference (#2605) 7cdfe556
  • Treeview
    • Fixed icons on dark themes (#2631) 7266e32f
  • Unescaped Markup
    • Refactoring (#2445) fc602822

  Other

  • Readme: Added alternative link for Chinese translation 071232b4
  • Readme: Removed broken icon for Chinese translation (#2670) 2ea202b9
  • Readme: Grammar adjustments (#2629) f217ab75
  • Core
    • Moved pattern matching + lookbehind logic into function (#2633) 24574406
    • Fixed bug with greedy matching (#2632) 8fa8dd24
  • Infrastructure
    • Migrate from TravisCI -> GitHub Actions (#2606) 69132045
    • Added Dangerfile and provide bundle size info (#2608) 9df20c5e
    • New start script to start local server (#2491) 0604793c
    • Added test for exponential backtracking (#2590) 05afbb10
    • Added test for polynomial backtracking (#2597) e644178b
    • Tests: Better pretty print (#2600) 8bfcc819
    • Tests: Fixed sorted language list test (#2623) 2d3a1267
    • Tests: Stricter pattern for nice-token-names test (#2588) 0df60be1
    • Tests: Added strict checks for Prism.languages.extend (#2572) 8828500e
  • Website
    • Test page: Added "Share" option (#2575) b5f4f10e
    • Test page: Don't trigger ad-blockers with class (#2677) df0738e9
    • Thousands -> millions 9f82de50
    • Unescaped Markup: More doc regarding comments (#2652) add3736a
    • Website: Added and updated documentation (#2654) 8e660495
    • Website: Updated and improved guide on "Extending Prism" page (#2586) 8e1f38ff
• 1.22.0 - 2020-10-10
  

  Release 1.22.0

• 1.21.0 - 2020-08-06
  

  Release 1.21.0

• 1.20.0 - 2020-04-04
  

  Release 1.20.0

• 1.19.0 - 2020-01-13
  

  Release 1.19.0

• 1.18.0 - 2020-01-04
  

  Release 1.18.0

from prismjs GitHub release notes

Commit messages

Package name: prismjs

• 88a17b4 1.23.0
• 5dc7b42 Changelog v1.23.0 (child_process: execFile and fork arg parsing ambiguity nodejs/node#2681)
• 37b9c9a PHP: Fixed exponential backtracking ("Octal literals are not allowed in strict mode." is not a synax error nodejs/node#2684)
• 89f1e18 Latte: Fixed exponential backtracking (Merge vee-eight-4.5 into master nodejs/node#2682)
• 0a3932f C-like: Made all comments greedy (fs.realpath 70x slower than native  nodejs/node#2680)
• cdb24ab Line Highlight: Fixed print background color (Unreachable code in buffer.js and unsigned bitwise shifts. nodejs/node#2668)
• e644178 Added test for polynomial backtracking (Object initializer for complex object( object inside object) nodejs/node#2597)
• b40f8f4 Line highlight: Fixed top offset in combination with Line numbers (TCP socket unable to connect to localhost nodejs/node#2237)
• 2af3e2c Markdown: Improved URL tokenization (src: increment NODE_MODULE_VERSION to 46 nodejs/node#2678)
• df0738e Test page: Don't trigger ad-blockers with class (http.IncomingMessage: fix forgotten 'message' to 'socket' nodejs/node#2677)
• b5f4f10 Test page: Added "Share" option (crypto: Use OPENSSL_cleanse to shred the data. nodejs/node#2575)
• 0604793 New `start` script to start local server (tools: fix anchors in generated documents nodejs/node#2491)
• 8828500 Tests: Added strict checks for `Prism.languages.extend` (process: improve implement of process.uptime() nodejs/node#2572)
• 7266e32 Treeview: Fixed icons on dark themes ([3.2.0] Potential memory leak nodejs/node#2631)
• 7f23ef3 Fixed Danger CI for forks (doc: update COLLABORATOR_GUIDE nodejs/node#2638)
• 990f48f Fixed build
• 071232b Readme: Added alternative link for Chinese translation
• fc57999 Bump ini from 1.3.5 to 1.3.7 (Investigate flaky test eval_messages nodejs/node#2672)
• 2ea202b README: Removed broken icon for Chinese translation (test: test-child-process-fork-net2 is flaky nodejs/node#2670)
• 9f82de5 thousands -> millions
• f154134 CSP: Added missing directives and keywords (test: mark test-net-server-max-connections as flaky nodejs/node#2664)
• a7ccc16 CSP: Do not highlight directive names with adjacent hyphens (test: mark test-vm-syntax-error-stderr as flaky nodejs/node#2662)
• e01ecd0 Scheme: Fixed number pattern (test: mark eval_messages as flaky nodejs/node#2648)
• 05afbb1 Added test for exponential backtracking ([This is question] New node.js will provide the binary of master (develop) branch? nodejs/node#2590)

Compare

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs

[guardrails]

⚠️ We detected 25 security issues in this pull request:

Vulnerable Libraries (25)

Severity	Details
Medium	acorn@7.1.0 upgrade to `>5.7.3
High	axios@0.19.0 - no patch available
High	bl@3.0.0 upgrade to `>1.2.2
Medium	browserslist@3.2.8 upgrade to >4.16.4
High	decompress@4.2.0 upgrade to >=4.2.1
High	dns-packet@1.3.1 upgrade to `>=1.3.2
High	dot-prop@4.2.0 upgrade to `>=4.2.1
High	elliptic@6.5.2 upgrade to >6.5.3
Medium	hosted-git-info@2.8.5 upgrade to `>=2.8.9
High	http-proxy@1.18.0 upgrade to >=1.18.1
High	lodash@4.17.15 upgrade to >4.17.20
High	node-forge@0.9.0 upgrade to >0.9.2
High	object-path@0.11.4 upgrade to 0.11.5
Medium	postcss@7.0.26 - no patch available
Medium	sanitize-html@1.20.1 - no patch available
High	serialize-javascript@2.1.2 upgrade to >=3.1.0
Critical	socket.io@2.3.0 upgrade to `>2.3.0
Medium	ssri@6.0.1 upgrade to `>6.0.1
High	trim@0.0.1 - no patch available
High	ua-parser-js@0.7.21 upgrade to >0.7.23
High	url-parse@1.4.7 upgrade to >=1.5.0
High	url-regex@4.1.1 upgrade to *
Medium	websocket-extensions@0.1.3 upgrade to >=0.1.4
Critical	xmlhttprequest-ssl@1.5.5 upgrade to >1.6.1
High	y18n@4.0.0 upgrade to >=5.0.5

More info on how to fix Vulnerable Libraries in JavaScript.

---

👉 Go to the dashboard for detailed results.

📥 Happy? Share your feedback with us.