search

ibm-ecosystem-engineering / ibm-gsi-cloudnative-journey

Cloud Native Learning Journey to enable GSI Partners to learn cloud native development with the IBM Enterprise Sandbox
https://ibm-ecosystem-lab.github.io/ibm-gsi-cloudnative-journey/
Apache License 2.0
4 stars 26 forks source link

[Snyk] Upgrade prismjs from 1.23.0 to 1.29.0 #318

Open mjperrins opened 2 months ago

mjperrins commented 2 months ago

snyk-top-banner

Snyk has created this PR to upgrade prismjs from 1.23.0 to 1.29.0.

:information_source: Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

Issues fixed by the recommended upgrade:

Issue Score Exploit Maturity
high severity Regular Expression Denial of Service (ReDoS)
SNYK-JS-PRISMJS-1314893		 584 No Known Exploit
high severity Regular Expression Denial of Service (ReDoS)
SNYK-JS-PRISMJS-1585202		 584 Proof of Concept
high severity Improper Input Validation
SNYK-JS-URLPARSE-2407770		 584 Proof of Concept
medium severity Cross-site Scripting (XSS)
SNYK-JS-PRISMJS-2404333		 584 No Known Exploit
medium severity Open Redirect
SNYK-JS-URLPARSE-1533425		 584 Proof of Concept
medium severity Access Restriction Bypass
SNYK-JS-URLPARSE-2401205		 584 Proof of Concept
medium severity Authorization Bypass
SNYK-JS-URLPARSE-2407759		 584 Proof of Concept
medium severity Authorization Bypass Through User-Controlled Key
SNYK-JS-URLPARSE-2412697		 584 Proof of Concept
Release notes
Package name: prismjs from prismjs GitHub release notes

[!IMPORTANT]

  • Check the changes in this PR to ensure they won't cause issues with your project.
  • This PR was automatically created by Snyk using the credentials of a real user.
  • Max score is 1000. Note that the real score may have changed since the PR was raised.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information: