docsify icon indicating copy to clipboard operation
docsify copied to clipboard
verified publisher icon docsifyjs

[Snyk] Security upgrade prismjs from 1.23.0 to 1.25.0

Open snyk-bot opened this issue 4 years ago • 1 comments

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • package.json
    • package-lock.json

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
high severity 768/1000
Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 7.5		 Regular Expression Denial of Service (ReDoS)
SNYK-JS-PRISMJS-1585202		 No Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: prismjs The new version differs by 206 commits.
  • 99d94fa 1.25.0
  • 6d8e547 Updated changelog (#3083)
  • e008ea0 Added support for Kusto (#3068)
  • 4433ccf Added support for ASP.NET Razor (#3064)
  • 6a356d2 Added support for Wren (#3063)
  • 4fbdd2f Added support for MAXScript (#3060)
  • 746a4b1 Added AviSynth language definition (#3071)
  • ffb2043 Twilight theme: Increase selector specificities of plugin overrides (#3081)
  • 52e8cee Markup: Made most patterns greedy (#3065)
  • c7b6a7f Previewers: Ensure popup is visible across themes (#3080)
  • 0ff371b Markup: Fixed ReDoS (#3078)
  • d216e60 Tests: Improved dection of empty patterns (#3058)
  • a1b67ce Added support for Magma (CAS) (#3055)
  • 23cd9b6 Added support for GAP (CAS) (#3054)
  • 8d0b74b Clojure: Improved tokenization (#3056)
  • 148c1ec Added support for Mermaid (#3050)
  • 8df825e Added support for Systemd configuration files (#3053)
  • 87e5a37 Added support for Apache Avro IDL (#3051)
  • 247fd9a Highlight Keywords: More documentation (#3049)
  • 35b88fc Shell-session: Fixed command false positives (#3048)
  • 4f97b82 Added support for GN (#3062)
  • 5de8947 C++: Fixed generic function false positive (#3043)
  • 4e9338a ESLint: Added `regexp/no-super-linear-backtracking` rule (#3040)
  • 44456b2 Added benchmark suite (#2153)

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information: 🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

snyk-bot avatar Sep 17 '21 18:09 snyk-bot

This pull request is being automatically deployed with Vercel (learn more).
To see the status of your deployment, click below or on the icon next to each commit.

🔍 Inspect: https://vercel.com/docsify-core/docsify-preview/htFpYhyFLjuto8uHGnXLeAfuH6wU
✅ Preview: https://docsify-preview-git-snyk-fix-1349a8ec7ddb0d-c87463-docsify-core.vercel.app

vercel[bot] avatar Sep 17 '21 18:09 vercel[bot]