CMSgov / saf

Landing page for CMS Security Automation Framework.
https://cmsgov.github.io/saf/
Other
7 stars 4 forks source link

[Snyk] Security upgrade prismjs from 1.23.0 to 1.25.0 #140

Closed snyk-bot closed 3 years ago

snyk-bot commented 3 years ago

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
high severity 768/1000
Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 7.5
Regular Expression Denial of Service (ReDoS)
SNYK-JS-PRISMJS-1585202
No Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: prismjs The new version differs by 206 commits.
  • 99d94fa 1.25.0
  • 6d8e547 Updated changelog (#3083)
  • e008ea0 Added support for Kusto (#3068)
  • 4433ccf Added support for ASP.NET Razor (#3064)
  • 6a356d2 Added support for Wren (#3063)
  • 4fbdd2f Added support for MAXScript (#3060)
  • 746a4b1 Added AviSynth language definition (#3071)
  • ffb2043 Twilight theme: Increase selector specificities of plugin overrides (#3081)
  • 52e8cee Markup: Made most patterns greedy (#3065)
  • c7b6a7f Previewers: Ensure popup is visible across themes (#3080)
  • 0ff371b Markup: Fixed ReDoS (#3078)
  • d216e60 Tests: Improved dection of empty patterns (#3058)
  • a1b67ce Added support for Magma (CAS) (#3055)
  • 23cd9b6 Added support for GAP (CAS) (#3054)
  • 8d0b74b Clojure: Improved tokenization (#3056)
  • 148c1ec Added support for Mermaid (#3050)
  • 8df825e Added support for Systemd configuration files (#3053)
  • 87e5a37 Added support for Apache Avro IDL (#3051)
  • 247fd9a Highlight Keywords: More documentation (#3049)
  • 35b88fc Shell-session: Fixed command false positives (#3048)
  • 4f97b82 Added support for GN (#3062)
  • 5de8947 C++: Fixed generic function false positive (#3043)
  • 4e9338a ESLint: Added `regexp/no-super-linear-backtracking` rule (#3040)
  • 44456b2 Added benchmark suite (#2153)
See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.


Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information: 🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic