CMSgov / saf

Landing page for CMS Security Automation Framework.
https://cmsgov.github.io/saf/
Other
7 stars 4 forks source link

[Snyk] Security upgrade prismjs from 1.23.0 to 1.24.0 #135

Closed snyk-bot closed 3 years ago

snyk-bot commented 3 years ago

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
high severity 656/1000
Why? Recently disclosed, Has a fix available, CVSS 7.4
Regular Expression Denial of Service (ReDoS)
SNYK-JS-PRISMJS-1314893
No No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: prismjs The new version differs by 152 commits.
  • 3432b4b 1.24.0
  • 46d0720 Updated `.npmignore` (#2971)
  • aef7f08 Changelog for v1.24.0 (#2965)
  • e9477d8 Markdown: Improved code snippets (#2967)
  • 4b55bd6 Made Match Braces and Custom Class compatible (#2947)
  • e8d3b50 ESLint: Added `regexp/strict` rule (#2944)
  • bfd7fde GraphQL: Fixed `definition-query` and `definition-mutation` tokens (#2964)
  • 14e3868 Fixed reST test
  • a7656de reST: Fixed `inline` pattern (#2946)
  • b4ac061 ESLint: Use cache (#2959)
  • 114e462 Elixir: Added missing keywords (#2958)
  • 42fabfe ESLint: Enabled `no-dupe-disjunctions` rule (#2951)
  • f471d2d Fixed problems reported by `regexp/no-dupe-disjunctions` (#2952)
  • d6ed8da Bump postcss from 7.0.32 to 7.0.36 (#2955)
  • ab7c995 JS: Added support for import assertions (#2953)
  • ac1d12f Liquid: Added Markup support, missing tokens, and other improvements (#2950)
  • abab910 JS Templates: Added SQL templates (#2945)
  • 34f24ac GraphQL: Added more detailed tokens (#2939)
  • 99f3ddc Tests: Automatically normalize line ends (#2934)
  • 8e93c5d Update `eslint-plugin-regexp` (#2942)
  • 18a0082 ESLint: Added regexp plugin (#2924)
  • 5d3d808 Added `npm-run-all` to clean up test command (#2938)
  • 79d2218 FIxed some cases of quadratic worst-case runtime (#2922)
  • fc2a333 Autohotkey: Improved tag pattern (#2920)
See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.


Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information: 🧐 View latest project report

πŸ›  Adjust project settings

πŸ“š Read more about Snyk's upgrade and patch logic