[Snyk] Upgrade prismjs from 1.18.0 to 1.23.0

[snyk-bot]

Snyk has created this PR to upgrade prismjs from 1.18.0 to 1.23.0.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

---

• The recommended version is 5 versions ahead of your current version.
• The recommended version was released 4 months ago, on 2020-12-31.

The recommended version fixes:

Severity	Issue	PriorityScore (*)	Exploit Maturity
	Prototype Pollution SNYK-JS-Y18N-1021887	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Access Restriction Bypass SNYK-JS-XMLHTTPREQUESTSSL-1255647	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Arbitrary Code Injection SNYK-JS-XMLHTTPREQUESTSSL-1082936	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-WEBSOCKETEXTENSIONS-570623	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-UAPARSERJS-610226	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-UAPARSERJS-1023599	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Denial of Service (DoS) SNYK-JS-SOCKETIOPARSER-1056752	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Arbitrary Code Injection SNYK-JS-SERIALIZEJAVASCRIPT-570062	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Cross-site Scripting (XSS) SNYK-JS-PRISMJS-597628	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
	Regular Expression Denial of Service (ReDoS) SNYK-JS-PRISMJS-1076581	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
	Prototype Pollution SNYK-JS-OBJECTPATH-1017036	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Prototype Pollution SNYK-JS-NODEFORGE-598677	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Prototype Pollution SNYK-JS-LODASH-608086	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Prototype Pollution SNYK-JS-LODASH-590103	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
	Command Injection SNYK-JS-LODASH-1040724	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Prototype Pollution SNYK-JS-INI-1048974	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Denial of Service (DoS) SNYK-JS-ENGINEIO-1056749	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Cryptographic Issues SNYK-JS-ELLIPTIC-571484	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Remote Memory Exposure SNYK-JS-BL-608877	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
	Remote Memory Exposure SNYK-JS-BL-608877	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
	Prototype Pollution SNYK-JS-AJV-584908	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
	Regular Expression Denial of Service (ReDoS) SNYK-JS-ACORN-559469	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
	Regular Expression Denial of Service (ReDoS) SNYK-JS-ACORN-559469	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
	Prototype Pollution SNYK-JS-YARGSPARSER-560381	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Prototype Pollution SNYK-JS-YARGSPARSER-560381	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Improper Input Validation SNYK-JS-URLPARSE-1078283	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
	Regular Expression Denial of Service (ReDoS) SNYK-JS-UAPARSERJS-1072471	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
	Denial of Service (DoS) SNYK-JS-SOCKJS-575261	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Insecure Defaults SNYK-JS-SOCKETIO-1024859	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Denial of Service SNYK-JS-NODEFETCH-674311	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
	Denial of Service SNYK-JS-NODEFETCH-674311	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
	Denial of Service SNYK-JS-NODEFETCH-674311	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
	Prototype Pollution SNYK-JS-MINIMIST-559764	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Prototype Pollution SNYK-JS-MINIMIST-559764	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Prototype Pollution SNYK-JS-LODASH-567746	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-LODASH-1018905	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Denial of Service (DoS) SNYK-JS-JPEGJS-570039	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
	Regular Expression Denial of Service (ReDoS) SNYK-JS-ISSVG-1243891	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-ISSVG-1085627	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Denial of Service (DoS) SNYK-JS-HTTPPROXY-569139	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-HOSTEDGITINFO-1088355	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-HOSTEDGITINFO-1088355	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Prototype Pollution SNYK-JS-HAPIHOEK-548452	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
	Cross-site Scripting (XSS) SNYK-JS-GRAPHQLPLAYGROUNDHTML-571775	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Mature
	Prototype Pollution SNYK-JS-FLAT-596927	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
	Cryptographic Issues SNYK-JS-ELLIPTIC-1064899	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
	Prototype Pollution SNYK-JS-DOTPROP-543489	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Arbitrary File Write via Archive Extraction (Zip Slip) SNYK-JS-DECOMPRESS-557358	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-COLORSTRING-1082939	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
	Regular Expression Denial of Service (ReDoS) SNYK-JS-BROWSERSLIST-1090194	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
	Validation Bypass SNYK-JS-KINDOF-537849	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Release notes

Package name: prismjs

• 1.23.0 - 2020-12-31
  

  New components

  • Apex (#2622) f0e2b70e
  • DataWeave (#2659) 0803525b
  • PromQL (#2628) 8831c706

  Updated components

  • Fixed multiple vulnerable regexes (#2584) c2f6a644
  • Apache Configuration
    • Update directive-flag to match = (#2612) 00bf00e3
  • C-like
    • Made all comments greedy (#2680) 0a3932fe
  • C
    • Better class name and macro name detection (#2585) 129faf5c
  • Content-Security-Policy
    • Added missing directives and keywords (#2664) f1541342
    • Do not highlight directive names with adjacent hyphens (#2662) a7ccc16d
  • CSS
    • Better HTML style attribute tokenization (#2569) b04cbafe
  • Java
    • Improved package and class name detection (#2599) 0889bc7c
    • Added Java 15 keywords (#2567) 73f81c89
  • Java stack trace
    • Added support stack frame element class loaders and modules (#2658) 0bb4f096
  • Julia
    • Removed constants that are not exported by default (#2601) 093c8175
  • Kotlin
    • Added support for backticks in function names (#2489) a5107d5c
  • Latte
    • Fixed exponential backtracking (#2682) 89f1e182
  • Markdown
    • Improved URL tokenization (#2678) 2af3e2c2
    • Added support for YAML front matter (#2634) 5cf9cfbc
  • PHP
    • Added support for PHP 7.4 + other major improvements (#2566) 38808e64
    • Added support for PHP 8.0 features (#2591) df922d90
    • Removed C-like dependency (#2619) 89ebb0b7
    • Fixed exponential backtracking (#2684) 37b9c9a1
  • Sass (Scss)
    • Added support for Sass modules (#2643) deb238a6
  • Scheme
    • Fixed number pattern (#2648) e01ecd00
    • Fixed function and function-like false positives (#2611) 7951ca24
  • Shell session
    • Fixed false positives because of links in command output (#2649) 8e76a978
  • TSX
    • Temporary fix for the collisions of JSX tags and TS generics (#2596) 25bdb494

  Updated plugins

  • Made Autoloader and Diff Highlight compatible (#2580) 7a74497a
  • Copy to Clipboard Button
    • Set type="button" attribute for copy to clipboard plugin (#2593) f59a85f1
  • File Highlight
    • Fixed IE compatibility problem (#2656) 3f4ae00d
  • Line Highlight
    • Fixed top offset in combination with Line numbers (#2237) b40f8f4b
    • Fixed print background color (#2668) cdb24abe
  • Line Numbers
    • Fixed null reference (#2605) 7cdfe556
  • Treeview
    • Fixed icons on dark themes (#2631) 7266e32f
  • Unescaped Markup
    • Refactoring (#2445) fc602822

  Other

  • Readme: Added alternative link for Chinese translation 071232b4
  • Readme: Removed broken icon for Chinese translation (#2670) 2ea202b9
  • Readme: Grammar adjustments (#2629) f217ab75
  • Core
    • Moved pattern matching + lookbehind logic into function (#2633) 24574406
    • Fixed bug with greedy matching (#2632) 8fa8dd24
  • Infrastructure
    • Migrate from TravisCI -> GitHub Actions (#2606) 69132045
    • Added Dangerfile and provide bundle size info (#2608) 9df20c5e
    • New start script to start local server (#2491) 0604793c
    • Added test for exponential backtracking (#2590) 05afbb10
    • Added test for polynomial backtracking (#2597) e644178b
    • Tests: Better pretty print (#2600) 8bfcc819
    • Tests: Fixed sorted language list test (#2623) 2d3a1267
    • Tests: Stricter pattern for nice-token-names test (#2588) 0df60be1
    • Tests: Added strict checks for Prism.languages.extend (#2572) 8828500e
  • Website
    • Test page: Added "Share" option (#2575) b5f4f10e
    • Test page: Don't trigger ad-blockers with class (#2677) df0738e9
    • Thousands -> millions 9f82de50
    • Unescaped Markup: More doc regarding comments (#2652) add3736a
    • Website: Added and updated documentation (#2654) 8e660495
    • Website: Updated and improved guide on "Extending Prism" page (#2586) 8e1f38ff
• 1.22.0 - 2020-10-10
  

  Release 1.22.0

• 1.21.0 - 2020-08-06
  

  Release 1.21.0

• 1.20.0 - 2020-04-04
  

  Release 1.20.0

• 1.19.0 - 2020-01-13
  

  Release 1.19.0

• 1.18.0 - 2020-01-04
  

  Release 1.18.0

from prismjs GitHub release notes

Commit messages

Package name: prismjs

• 88a17b4 1.23.0
• 5dc7b42 Changelog v1.23.0 ([tests] rewrite doctor tests to dictate the current node version npm/cli#2681)
• 37b9c9a PHP: Fixed exponential backtracking (Release/v7.5.4 npm/cli#2684)
• 89f1e18 Latte: Fixed exponential backtracking ([tests] separate tests from linting and license validation npm/cli#2682)
• 0a3932f C-like: Made all comments greedy ([BUG] npm i webpack-cli / npm ERR! cb() never called! npm/cli#2680)
• cdb24ab Line Highlight: Fixed print background color ([BUG] Undocumented (?) change in prepublishOnly/prepare behavior in v7 npm/cli#2668)
• e644178 Added test for polynomial backtracking (Release v7.5.2 npm/cli#2597)
• b40f8f4 Line highlight: Fixed top offset in combination with Line numbers (feat: add npm set-script npm/cli#2237)
• 2af3e2c Markdown: Improved URL tokenization ([BUG] Dedupe deps npm/cli#2678)
• df0738e Test page: Don't trigger ad-blockers with class (npm install -g @vue/cli ERROR npm/cli#2677)
• b5f4f10 Test page: Added "Share" option ([BUG] On Linux latest npm hangs npm/cli#2575)
• 0604793 New `start` script to start local server ([BUG] bundledDependencies does not bundle relevant executables npm/cli#2491)
• 8828500 Tests: Added strict checks for `Prism.languages.extend` (doc: add note about --force overriding peer dependencies npm/cli#2572)
• 7266e32 Treeview: Fixed icons on dark themes ([BUG] npm install resolved https with PAT as git+ssh  npm/cli#2631)
• 7f23ef3 Fixed Danger CI for forks ([BUG] inconsistent interpretation of backslash passed to npm scripts in windows npm/cli#2638)
• 990f48f Fixed build
• 071232b Readme: Added alternative link for Chinese translation
• fc57999 Bump ini from 1.3.5 to 1.3.7 ([BUG] Root level gets local version of dependency instead of version from registry npm/cli#2672)
• 2ea202b README: Removed broken icon for Chinese translation ([BUG] "npm rebuild" with v7 runs the postinstall script, whereas it did not run the postinstall script with npm v6 (can cause unexpected endless loop) npm/cli#2670)
• 9f82de5 thousands -> millions
• f154134 CSP: Added missing directives and keywords ([BUG] npm ls fails if there are extraneous packages npm/cli#2664)
• a7ccc16 CSP: Do not highlight directive names with adjacent hyphens (docs: update npm-diff to exclude angle brackets npm/cli#2662)
• e01ecd0 Scheme: Fixed number pattern ([BUG] Installing a package from a tarball from GitHub does not respect the files property in package.json npm/cli#2648)
• 05afbb1 Added test for exponential backtracking ([BUG] ENOENT: no such file or directory, open npm/cli#2590)

Compare

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs