[Snyk] Upgrade metalsmith-prism from 3.1.1 to 4.2.2

[affiliatedkat]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to upgrade metalsmith-prism from 3.1.1 to 4.2.2.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

---

Warning: This is a major version upgrade, and may be a breaking change.

• The recommended version is 7 versions ahead of your current version.
• The recommended version was released 9 months ago, on 2023-08-16.

The recommended version fixes:

Severity	Issue	PriorityScore (*)	Exploit Maturity
	Regular Expression Denial of Service (ReDoS) SNYK-JS-PRISMJS-1314893	370/1000 Why? CVSS 7.4	No Known Exploit
	Regular Expression Denial of Service (ReDoS) SNYK-JS-PRISMJS-1585202	370/1000 Why? CVSS 7.4	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-ANSIREGEX-1583908	370/1000 Why? CVSS 7.4	Proof of Concept
	Cross-site Scripting (XSS) SNYK-JS-PRISMJS-2404333	370/1000 Why? CVSS 7.4	No Known Exploit
	Regular Expression Denial of Service (ReDoS) SNYK-JS-GLOBPARENT-1016905	370/1000 Why? CVSS 7.4	Proof of Concept
	Missing Release of Resource after Effective Lifetime SNYK-JS-INFLIGHT-6095116	370/1000 Why? CVSS 7.4	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Release notes

Package name: metalsmith-prism

• 4.2.2 - 2023-08-16
• 4.2.1 - 2023-08-15
• 4.2.0 - 2023-06-02
• 4.1.2 - 2023-03-22
• 4.1.1 - 2022-10-19
• 4.1.0 - 2022-09-24
• 4.0.0 - 2022-04-16
  

  Updates

  • updated all dependencies to latest versions
  • changed requirements to Node >= 14, NPM >= 8.x.x, Metalsmith >+ 2.4.x
  • added line numbers HTML when option is set
• 3.1.1 - 2017-10-22
  

  Fixed

  • 3a754ca bump debug dep. version 2.x had security vulnerability

from metalsmith-prism GitHub release notes

Commit messages

Package name: metalsmith-prism

• 550ed93 4.2.2
• f03f111 added a no-code check
• b020b2b 4.2.1
• b8cea8c fixed tests
• 75fc85c 4.2.0
• 94c67a7 update to ms2.6
• 72fc3da 4.1.2
• b1b5e8f updated all dependencies
• 9e9845b 4.1.1
• 5ac20ef updated dependencies
• 8226ec1 4.1.0
• c1caa5c updated npm packages, ms to 2.5.0
• 95e3026 added rob's contact link
• 0017850 set version to 4.0.0
• b17d938 5.0.0
• fe1fe08 Updated readme
• b4444fe fix: spelling error
• 123c253 chore: edit readme
• d2f95a2 chore: added more usage details to readme
• 9d0d122 edit license
• 18ecb7d chore: updated readme
• edbdee4 chore: updated readme
• 5d1d42b chore: updated dependencies
• 8db23a4 add instructions about styles

Compare

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs