Update dependency highlight.js to v10.4.1 [SECURITY] - abandoned

[renovate[bot]]

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence
highlight.js (source)	10.0.0 -> 10.4.1

GitHub Vulnerability Alerts

CVE-2020-26237

Impact

Affected versions of this package are vulnerable to Prototype Pollution. A malicious HTML code block can be crafted that will result in prototype pollution of the base object's prototype during highlighting. If you allow users to insert custom HTML code blocks into your page/app via parsing Markdown code blocks (or similar) and do not filter the language names the user can provide you may be vulnerable.

The pollution should just be harmless data but this can cause problems for applications not expecting these properties to exist and can result in strange behavior or application crashes, i.e. a potential DOS vector.

If your website or application does not render user provided data it should be unaffected.

Patches

Versions 9.18.2 and 10.1.2 and newer include fixes for this vulnerability. If you are using version 7 or 8 you are encouraged to upgrade to a newer release.

Workarounds

Patch your library

Manually patch your library to create null objects for both languages and aliases:

const HLJS = function(hljs) {
  // ...
  var languages = Object.create(null);
  var aliases = Object.create(null);

Filter out bad data from end users:

Filter the language names that users are allowed to inject into your HTML to guarantee they are valid.

References

• What is Prototype Pollution?
• https://github.com/highlightjs/highlight.js/pull/2636

For more information

If you have any questions or comments about this advisory:

• Please file an issue against highlight.js

GHSA-7wwv-vh3v-89cq

Impact: Potential ReDOS vulnerabilities (exponential and polynomial RegEx backtracking)

oswasp:

The Regular expression Denial of Service (ReDoS) is a Denial of Service attack, that exploits the fact that most Regular Expression implementations may reach extreme situations that cause them to work very slowly (exponentially related to input size). An attacker can then cause a program using a Regular Expression to enter these extreme situations and then hang for a very long time.

If are you are using Highlight.js to highlight user-provided data you are possibly vulnerable. On the client-side (in a browser or Electron environment) risks could include lengthy freezes or crashes... On the server-side infinite freezes could occur... effectively preventing users from accessing your app or service (ie, Denial of Service).

This is an issue with grammars shipped with the parser (and potentially 3rd party grammars also), not the parser itself. If you are using Highlight.js with any of the following grammars you are vulnerable. If you are using highlightAuto to detect the language (and have any of these grammars registered) you are vulnerable. Exponential grammars (C, Perl, JavaScript) are auto-registered when using the common grammar subset/library require('highlight.js/lib/common') as of 10.4.0 - see https://cdn.jsdelivr.net/gh/highlightjs/cdn-release@10.4.0/build/highlight.js

All versions prior to 10.4.1 are vulnerable, including version 9.18.5.

Grammars with exponential backtracking issues:

• c-like (c, cpp, arduino)
• handlebars (htmlbars)
• gams
• perl
• jboss-cli
• r
• erlang-repl
• powershell
• routeros
• livescript (10.4.0 and 9.18.5 included this fix)
• javascript & typescript (10.4.0 included partial fixes)

And of course any aliases of those languages have the same issue. ie: hpp is no safer than cpp.

Grammars with polynomial backtracking issues:

• kotlin
• gcode
• d
• aspectj
• moonscript
• coffeescript/livescript
• csharp
• scilab
• crystal
• elixir
• basic
• ebnf
• ruby
• fortran/irpf90
• livecodeserver
• yaml
• x86asm
• dsconfig
• markdown
• ruleslanguage
• xquery
• sqf

And again: any aliases of those languages have the same issue. ie: ruby and rb share the same ruby issues.

Patches

• Version 10.4.1 resolves these vulnerabilities. Please upgrade.

Workarounds / Mitigations

• Discontinue use the affected grammars. (or perhaps use only those with poly vs exponential issues)
• Attempt cherry-picking the grammar fixes into older versions...
• Attempt using newer CDN versions of any affected languages. (ie using an older CDN version of the library with newer CDN grammars). Your mileage may vary.

References

• https://owasp.org/www-community/attacks/Regular_expression_Denial_of_Service_-_ReDoS

For more information

If you have any questions or comments about this advisory:

• Open an issue: https://github.com/highlightjs/highlight.js/issues
• Email us at security@highlightjs.com

---

Release Notes

highlightjs/highlight.js

### [`v10.4.1`](https://togithub.com/highlightjs/highlight.js/blob/HEAD/CHANGES.md#Version-1041-tentative) [Compare Source](https://togithub.com/highlightjs/highlight.js/compare/10.4.0...10.4.1) Security - (fix) Exponential backtracking fixes for: [Josh Goebel][] - cpp - handlebars - gams - perl - jboss-cli - r - erlang-repl - powershell - routeros - (fix) Polynomial backtracking fixes for: [Josh Goebel][] - asciidoc - reasonml - latex - kotlin - gcode - d - aspectj - moonscript - coffeescript/livescript - csharp - scilab - crystal - elixir - basic - ebnf - ruby - fortran/irpf90 - livecodeserver - yaml - x86asm - dsconfig - markdown - ruleslanguage - xquery - sqf Very grateful to [Michael Schmidt][] for all the help. [Michael Schmidt]: https://togithub.com/RunDevelopment [Josh Goebel]: https://togithub.com/joshgoebel ### [`v10.4.0`](https://togithub.com/highlightjs/highlight.js/blob/HEAD/CHANGES.md#Version-1040) [Compare Source](https://togithub.com/highlightjs/highlight.js/compare/10.3.2...10.4.0) A largish release with many improvements and fixes from quite a few different contributors. Enjoy! Deprecations: - (chore) `requireLanguage` is deprecated. - Prefer `getLanguage` (with custom error handling) or built-time dependencies. - See [Library API](https://highlightjs.readthedocs.io/en/latest/api.html#requirelanguage-name) for more information. Parser: - enh(parser) use negative look-ahead for `beginKeywords` support ([#​2813](https://togithub.com/highlightjs/highlight.js/issues/2813)) [Josh Goebel][] - enh(grammars) allow `classNameAliases` for more complex grammars [Josh Goebel][] - fix(vue): Language name now appears in CSS class ([#​2807](https://togithub.com/highlightjs/highlight.js/issues/2807)) [Michael Rush][] - (chore) Clean up all regexs to be UTF-8 compliant/ready ([#​2759](https://togithub.com/highlightjs/highlight.js/issues/2759)) [Josh Goebel][] - enh(grammars) allow `classNameAliases` for more complex grammars [Josh Goebel][] New Languages: - Added 3rd party Chapel grammar to SUPPORTED_LANGUAGES ([#​2806](https://togithub.com/highlightjs/highlight.js/issues/2806)) [Brad Chamberlain][] - Added BBCode grammar to SUPPORTED_LANGUAGES ([#​2867](https://togithub.com/highlightjs/highlight.js/issues/2867)) [Paul Reid][] - enh(javascript) Added `node-repl` for Node.js REPL sessions ([#​2792](https://togithub.com/highlightjs/highlight.js/issues/2792)) [Marat Nagayev][] Language Improvements: - enh(shell) Recognize prompts which contain tilde `~` ([#​2859](https://togithub.com/highlightjs/highlight.js/issues/2859)) [Guillaume Grossetie][] - enh(shell) Add support for multiline commands with line continuation `\` ([#​2861](https://togithub.com/highlightjs/highlight.js/issues/2861)) [Guillaume Grossetie][] - enh(autodetect) Over 30+ improvements to auto-detect ([#​2745](https://togithub.com/highlightjs/highlight.js/issues/2745)) [Josh Goebel][] - 4-5% improvement in auto-detect against large sample set - properties, angelscript, lsl, javascript, n1ql, ocaml, ruby - protobuf, hy, scheme, crystal, yaml, r, vbscript, groovy - python, java, php, lisp, matlab, clojure, csharp, css - fix(r) fixed keywords not properly spaced ([#​2852](https://togithub.com/highlightjs/highlight.js/issues/2852)) [Josh Goebel][] - fix(javascript) fix potential catastrophic backtracking ([#​2852](https://togithub.com/highlightjs/highlight.js/issues/2852)) [Josh Goebel][] - fix(livescript) fix potential catastrophic backtracking ([#​2852](https://togithub.com/highlightjs/highlight.js/issues/2852)) [Josh Goebel][] - bug(xml) XML grammar was far too imprecise/fuzzy [Josh Goebel][] - enh(xml) Improve precision to prevent false auto-detect positives [Josh Goebel][] - fix(js/ts) Prevent for/while/if/switch from falsly matching as functions ([#​2803](https://togithub.com/highlightjs/highlight.js/issues/2803)) [Josh Goebel][] - enh(julia) Update keyword lists for Julia 1.x ([#​2781](https://togithub.com/highlightjs/highlight.js/issues/2781)) [Fredrik Ekre][] - enh(python) Match numeric literals per the language reference [Richard Gibson][] - enh(ruby) Match numeric literals per language documentation [Richard Gibson][] - enh(javascript) Match numeric literals per ECMA-262 spec [Richard Gibson][] - enh(java) Match numeric literals per Java Language Specification [Richard Gibson][] - enh(swift) Match numeric literals per language reference [Richard Gibson][] - enh(php) highlight variables ([#​2785](https://togithub.com/highlightjs/highlight.js/issues/2785)) [Taufik Nurrohman][] - fix(python) Handle comments on decorators ([#​2804](https://togithub.com/highlightjs/highlight.js/issues/2804)) [Jonathan Sharpe][] - enh(diff) improve highlighting of diff for git patches \[Florian Bezdeka]\[] - fix(llvm) lots of small improvements and fixes ([#​2830](https://togithub.com/highlightjs/highlight.js/issues/2830)) [Josh Goebel][] - enh(mathematica) Rework entire implementation [Patrick Scheibe][] - Correct matching of the many variations of Mathematica's numbers - Matching of named-characters aka special symbols like `\[Gamma]` - Updated list of version 12.1 built-in symbols - Matching of patterns, slots, message-names and braces - fix(swift) Handle keywords that start with `#` [Marcus Ortiz][] - enh(swift) Match `some` keyword [Marcus Ortiz][] - enh(swift) Match `@main` attribute [Marcus Ortiz][] Dev Improvements: - chore(dev) add theme picker to the tools/developer tool ([#​2770](https://togithub.com/highlightjs/highlight.js/issues/2770)) [Josh Goebel][] - fix(dev) the Vue.js plugin no longer throws an exception when hljs is not in the global namespace [Kyle Brown][] New themes: - *StackOverflow Dark* by [Jan Pilzer][] - *StackOverflow Light* by [Jan Pilzer][] [Guillaume Grossetie]: https://togithub.com/mogztter [Brad Chamberlain]: https://togithub.com/bradcray [Marat Nagayev]: https://togithub.com/nagayev [Fredrik Ekre]: https://togithub.com/fredrikekre [Richard Gibson]: https://togithub.com/gibson042 [Josh Goebel]: https://togithub.com/joshgoebel [Taufik Nurrohman]: https://togithub.com/taufik-nurrohman [Jan Pilzer]: https://togithub.com/Hirse [Jonathan Sharpe]: https://togithub.com/textbook [Michael Rush]: https://togithub.com/rushimusmaximus [Patrick Scheibe]: https://togithub.com/halirutan [Kyle Brown]: https://togithub.com/kylebrown9 [Marcus Ortiz]: https://togithub.com/mportiz08 [Paul Reid]: https://togithub.com/RedGuy12 ### [`v10.3.2`](https://togithub.com/highlightjs/highlight.js/releases/tag/10.3.2): - Oops, "Javascript". [Compare Source](https://togithub.com/highlightjs/highlight.js/compare/10.3.1...10.3.2) Tiny tiny release, just to fix the website incorrectly not listing Javascript in the list of languages you could choose for a custom build. NPM and CDN build should not have been affected so 10.3.1 is effectively the same as 10.3.2 for those builds. If you made a custom build from the website with 10.3 or 10.3.1 you may want to check and make sure it includes Javascript, and if not, build it again. ### [`v10.3.1`](https://togithub.com/highlightjs/highlight.js/blob/HEAD/CHANGES.md#Version-1031) [Compare Source](https://togithub.com/highlightjs/highlight.js/compare/10.3.0...10.3.1) Prior version let some look-behind regex sneak in, which does not work yet on Safari. This release removes those incompatible regexes. Fix: - fix(Safari) Remove currently unsupported look-behind regex ([fix][187e7cfc]) [Josh Goebel][] [Josh Goebel]: https://togithub.com/joshgoebel [187e7cfc]: https://togithub.com/highlightjs/highlight.js/commit/187e7cfcb06277ce13b5f35fb6c37ab7a7b46de9 ### [`v10.3.0`](https://togithub.com/highlightjs/highlight.js/blob/HEAD/CHANGES.md#Version-1030) [Compare Source](https://togithub.com/highlightjs/highlight.js/compare/10.2.1...10.3.0) Language Improvements: - enh(latex) Complete ground up rewrite of LaTex grammar [schtandard][] - fix(cpp) implement backslash line continuation in comments ([#​2757](https://togithub.com/highlightjs/highlight.js/issues/2757)) [Konrad Rudolph][] - fix(cpp) improve parsing issues with templates ([#​2752](https://togithub.com/highlightjs/highlight.js/issues/2752)) \[Josh Goebel]\[] - enh(cpp) add support for `enum (struct|class)` and `union` ([#​2752](https://togithub.com/highlightjs/highlight.js/issues/2752)) \[Josh Goebel]\[] - fix(js/ts) Fix nesting of `{}` inside template literals SUBST expression ([#​2748](https://togithub.com/highlightjs/highlight.js/issues/2748)) \[Josh Goebel]\[] - enh(js/ts) Highlight class methods as functions ([#​2727](https://togithub.com/highlightjs/highlight.js/issues/2727)) \[Josh Goebel]\[] - fix(js/ts) `constructor` is now highlighted as a function title (not keyword) ([#​2727](https://togithub.com/highlightjs/highlight.js/issues/2727)) \[Josh Goebel]\[] - fix(c-like) preprocessor directives not detected after else ([#​2738](https://togithub.com/highlightjs/highlight.js/issues/2738)) \[Josh Goebel]\[] - enh(javascript) allow `#` for private class fields ([#​2701](https://togithub.com/highlightjs/highlight.js/issues/2701)) [Chris Krycho][] - fix(js) prevent runaway regex ([#​2746](https://togithub.com/highlightjs/highlight.js/issues/2746)) \[Josh Goebel]\[] - fix(bash) enh(bash) allow nested params ([#​2731](https://togithub.com/highlightjs/highlight.js/issues/2731)) \[Josh Goebel]\[] - fix(python) Fix highlighting of keywords and strings ([#​2713](https://togithub.com/highlightjs/highlight.js/issues/2713), [#​2715](https://togithub.com/highlightjs/highlight.js/issues/2715)) [Konrad Rudolph][] - fix(fsharp) Prevent `(*)` from being detected as a multi-line comment \[Josh Goebel]\[] - enh(bash) add support for heredocs ([#​2684](https://togithub.com/highlightjs/highlight.js/issues/2684)) \[Josh Goebel]\[] - enh(r) major overhaul of the R language grammar (and fix a few bugs) ([#​2680](https://togithub.com/highlightjs/highlight.js/issues/2680)) [Konrad Rudolph][] - enh(csharp) Add all C# 9 keywords, and other missing keywords ([#​2679](https://togithub.com/highlightjs/highlight.js/issues/2679)) [David Pine][] - enh(objectivec) Add `objective-c++` and `obj-c++` aliases for Objective-C \[Josh Goebel]\[] - enh(java) Add support for `record` ([#​2685](https://togithub.com/highlightjs/highlight.js/issues/2685)) \[Josh Goebel]\[] - fix(csharp) prevent modifier keywords wrongly flagged as `title` ([#​2683](https://togithub.com/highlightjs/highlight.js/issues/2683)) \[Josh Goebel]\[] - enh(axapta) Update keyword list for Axapta (X++) ([#​2686](https://togithub.com/highlightjs/highlight.js/issues/2686)) [Ryan Jonasson][] - fix(fortran) FORTRAN 77-style comments ([#​2677](https://togithub.com/highlightjs/highlight.js/issues/2677)) [Philipp Engel][] - fix(javascript) Comments inside params should be highlighted ([#​2702](https://togithub.com/highlightjs/highlight.js/issues/2702)) \[Josh Goebel]\[] - fix(scala) Comments inside class header should be highlighted ([#​1559](https://togithub.com/highlightjs/highlight.js/issues/1559)) \[Josh Goebel]\[] - fix(c-like) Correctly highlight modifiers (`final`) in class declaration ([#​2696](https://togithub.com/highlightjs/highlight.js/issues/2696)) \[Josh Goebel]\[] - enh(angelscript) Improve heredocs, numbers, metadata blocks ([#​2724](https://togithub.com/highlightjs/highlight.js/issues/2724)) [Melissa Geels][] - enh(javascript) Implement Numeric Separators ([#​2617](https://togithub.com/highlightjs/highlight.js/issues/2617)) [Antoine du Hamel][] - enh(typescript) TypeScript also gains support for numeric separators ([#​2617](https://togithub.com/highlightjs/highlight.js/issues/2617)) [Antoine du Hamel][] - enh(php) Add support for PHP 8 `match` keyword and add `php8` as an alias ([#​2733](https://togithub.com/highlightjs/highlight.js/issues/2733)) [Ayesh Karunaratne][] - fix(handlebars) Support if else keyboards ([#​2659](https://togithub.com/highlightjs/highlight.js/issues/2659)) [Tom Wallace][] Deprecations: - `useBR` option deprecated and will be removed in v11.0. ([#​2559](https://togithub.com/highlightjs/highlight.js/issues/2559)) \[Josh Goebel]\[] [Chris Krycho]: https://togithub.com/chriskrycho [David Pine]: https://togithub.com/IEvangelist [Ryan Jonasson]: https://togithub.com/ryanjonasson [Philipp Engel]: https://togithub.com/interkosmos [Konrad Rudolph]: https://togithub.com/klmr [Melissa Geels]: https://togithub.com/codecat [Antoine du Hamel]: https://togithub.com/aduh95 [Ayesh Karunaratne]: https://togithub.com/Ayesh [Tom Wallace]: https://togithub.com/thomasmichaelwallace [schtandard]: https://togithub.com/schtandard ### [`v10.2.1`](https://togithub.com/highlightjs/highlight.js/blob/HEAD/CHANGES.md#Version-1021) [Compare Source](https://togithub.com/highlightjs/highlight.js/compare/10.2.0...10.2.1) Parser Engine: - fix(parser) complete fix for resuming matches from same index ([#​2678](https://togithub.com/highlightjs/highlight.js/issues/2678)) [Josh Goebel][] [Josh Goebel]: https://togithub.com/yyyc514 ### [`v10.2.0`](https://togithub.com/highlightjs/highlight.js/blob/HEAD/CHANGES.md#Version-1020) [Compare Source](https://togithub.com/highlightjs/highlight.js/compare/10.1.2...10.2.0) Parser Engine: - (fix) When ignoring a potential match highlighting can terminate early ([#​2649](https://togithub.com/highlightjs/highlight.js/issues/2649)) [Josh Goebel][] New themes: - *Gradient Light* by [Samia Ali]() Deprecations: - `fixMarkup` is now deprecated and will be removed in v11.0. ([#​2534](https://togithub.com/highlightjs/highlight.js/issues/2534)) [Josh Goebel][] Big picture: - Add simple Vue plugin for basic use cases ([#​2544](https://togithub.com/highlightjs/highlight.js/issues/2544)) [Josh Goebel][] Language Improvements: - fix(bash) Fewer false positives for keywords in arguments ([#​2669](https://togithub.com/highlightjs/highlight.js/issues/2669)) [sirosen][] - fix(js) Prevent long series of /////// from causing freezes ([#​2656](https://togithub.com/highlightjs/highlight.js/issues/2656)) [Josh Goebel][] - enh(csharp) Add `init` and `record` keywords for C# 9.0 ([#​2660](https://togithub.com/highlightjs/highlight.js/issues/2660)) [Youssef Victor][] - enh(matlab) Add new R2019b `arguments` keyword and fix `enumeration` keyword ([#​2619](https://togithub.com/highlightjs/highlight.js/issues/2619)) [Andrew Janke][] - fix(kotlin) Remove very old keywords and update example code ([#​2623](https://togithub.com/highlightjs/highlight.js/issues/2623)) [kageru][] - fix(night) Prevent object prototypes method values from being returned in `getLanguage` ([#​2636](https://togithub.com/highlightjs/highlight.js/issues/2636)) [night][] - enh(java) Add support for `enum`, which will identify as a `class` now ([#​2643](https://togithub.com/highlightjs/highlight.js/issues/2643)) [ezksd][] - enh(nsis) Add support for NSIS 3.06 commands ([#​2653](https://togithub.com/highlightjs/highlight.js/issues/2653)) [idleberg][] - enh(php) detect newer more flexible HEREdoc syntax ([#​2658](https://togithub.com/highlightjs/highlight.js/issues/2658)) [eytienne][] [Youssef Victor]: https://togithub.com/Youssef1313 [Josh Goebel]: https://togithub.com/joshgoebel [Andrew Janke]: https://togithub.com/apjanke [Samia Ali]: https://togithub.com/samiaab1990 [kageru]: https://togithub.com/kageru [night]: https://togithub.com/night [ezksd]: https://togithub.com/ezksd [idleberg]: https://togithub.com/idleberg [eytienne]: https://togithub.com/eytienne [sirosen]: https://togithub.com/sirosen ### [`v10.1.2`](https://togithub.com/highlightjs/highlight.js/releases/tag/10.1.2) [Compare Source](https://togithub.com/highlightjs/highlight.js/compare/10.1.1...10.1.2) Fixes: - fix(night) Prevent object prototype values from being returned by `getLanguage` ([#​2636](https://togithub.com/highlightjs/highlight.js/issues/2636)) [night][] [night]: https://togithub.com/night ### [`v10.1.1`](https://togithub.com/highlightjs/highlight.js/blob/HEAD/CHANGES.md#Version-1011) [Compare Source](https://togithub.com/highlightjs/highlight.js/compare/10.1.0...10.1.1) Fixes: - Resolve issue on Node 6 due to dangling comma ([#​2608](https://togithub.com/highlightjs/highlight.js/issues/2608)) [Edwin Hoogerbeets][] - Resolve `index.d.ts is not a module` error ([#​2603](https://togithub.com/highlightjs/highlight.js/issues/2603)) [Josh Goebel][] [Josh Goebel]: https://togithub.com/joshgoebel [Edwin Hoogerbeets]: https://togithub.com/ehoogerbeets ### [`v10.1.0`](https://togithub.com/highlightjs/highlight.js/blob/HEAD/CHANGES.md#Version-1010) [Compare Source](https://togithub.com/highlightjs/highlight.js/compare/10.0.3...10.1.0) New themes: - *NNFX* and *NNFX-dark* by [Jim Mason][] - *lioshi* by [lioshi][] Parser Engine: - (parser) Now escapes quotes in text content when escaping HTML ([#​2564](https://togithub.com/highlightjs/highlight.js/issues/2564)) [Josh Goebel][] - (parser) Adds `keywords.$pattern` key to grammar definitions ([#​2519](https://togithub.com/highlightjs/highlight.js/issues/2519)) [Josh Goebel][] - (parser) Adds SHEBANG utility mode [Josh Goebel][] - (parser) Adds `registerAliases` method ([#​2540](https://togithub.com/highlightjs/highlight.js/issues/2540)) \[Taufik Nurrohman]\[] - (enh) Added `on:begin` callback for modes ([#​2261](https://togithub.com/highlightjs/highlight.js/issues/2261)) [Josh Goebel][] - (enh) Added `on:end` callback for modes ([#​2261](https://togithub.com/highlightjs/highlight.js/issues/2261)) [Josh Goebel][] - (enh) Added ability to programatically ignore begin and end matches ([#​2261](https://togithub.com/highlightjs/highlight.js/issues/2261)) [Josh Goebel][] - (enh) Added `END_SAME_AS_BEGIN` mode to replace `endSameAsBegin` parser attribute ([#​2261](https://togithub.com/highlightjs/highlight.js/issues/2261)) [Josh Goebel][] - (fix) `fixMarkup` would rarely destroy markup when `useBR` was enabled ([#​2532](https://togithub.com/highlightjs/highlight.js/issues/2532)) [Josh Goebel][] Deprecations: - `htmlbars` grammar is now deprecated. Use `handlebars` instead. ([#​2344](https://togithub.com/highlightjs/highlight.js/issues/2344)) [Nils Knappmeier][] - when using `highlightBlock` `result.re` deprecated. Use `result.relevance` instead. ([#​2552](https://togithub.com/highlightjs/highlight.js/issues/2552)) [Josh Goebel][] - ditto for `result.second_best.re` => `result.second_best.relevance` ([#​2552](https://togithub.com/highlightjs/highlight.js/issues/2552)) - `lexemes` is now deprecated in favor of `keywords.$pattern` key ([#​2519](https://togithub.com/highlightjs/highlight.js/issues/2519)) [Josh Goebel][] - `endSameAsBegin` is now deprecated. ([#​2261](https://togithub.com/highlightjs/highlight.js/issues/2261)) [Josh Goebel][] Language Improvements: - fix(groovy) strings are not allowed inside ternary clauses ([#​2217](https://togithub.com/highlightjs/highlight.js/issues/2217)) [Josh Goebel][] - fix(typescript) add `readonly` keyword ([#​2562](https://togithub.com/highlightjs/highlight.js/issues/2562)) [Martin (Lhoerion)][] - fix(javascript) fix regex inside parens after a non-regex ([#​2530](https://togithub.com/highlightjs/highlight.js/issues/2530)) [Josh Goebel][] - enh(typescript) use identifier to match potential keywords, preventing false positivites ([#​2519](https://togithub.com/highlightjs/highlight.js/issues/2519)) [Josh Goebel][] - enh(javascript) use identifier to match potential keywords, preventing false positivites ([#​2519](https://togithub.com/highlightjs/highlight.js/issues/2519)) [Josh Goebel][] - \[enh] Add `OPTIMIZE:` and `HACK:` to the labels highlighted inside comments [Josh Goebel][] - enh(typescript/javascript/coffeescript/livescript) derive ECMAscript keywords from a common foudation ([#​2518](https://togithub.com/highlightjs/highlight.js/issues/2518)) [Josh Goebel][] - enh(typescript) add setInterval, setTimeout, clearInterval, clearTimeout ([#​2514](https://togithub.com/highlightjs/highlight.js/issues/2514)) [Josh Goebel][] - enh(javascript) add setInterval, setTimeout, clearInterval, clearTimeout ([#​2514](https://togithub.com/highlightjs/highlight.js/issues/2514)) [Vania Kucher][] - enh(cpp) add `pair`, `make_pair`, `priority_queue` as built-ins ([#​2538](https://togithub.com/highlightjs/highlight.js/issues/2538)) [Hankun Lin][] - enh(cpp) recognize `priority_queue` `pair` as cpp containers ([#​2541](https://togithub.com/highlightjs/highlight.js/issues/2541)) [Hankun Lin][] - fix(javascript) prevent `set` keyword conflicting with setTimeout, etc. ([#​2514](https://togithub.com/highlightjs/highlight.js/issues/2514)) [Vania Kucher][] - fix(cpp) Fix highlighting of unterminated raw strings ([#​2261](https://togithub.com/highlightjs/highlight.js/issues/2261)) [David Benjamin][] - fix(javascript) `=>` function with nested `()` in params now works ([#​2502](https://togithub.com/highlightjs/highlight.js/issues/2502)) [Josh Goebel][] - fix(typescript) `=>` function with nested `()` in params now works ([#​2502](https://togithub.com/highlightjs/highlight.js/issues/2502)) [Josh Goebel][] - fix(yaml) Fix tags to include non-word characters ([#​2486](https://togithub.com/highlightjs/highlight.js/issues/2486)) [Peter Plantinga][] - fix(swift) `@objcMembers` was being partially highlighted ([#​2543](https://togithub.com/highlightjs/highlight.js/issues/2543)) [Nick Randall][] - enh(dart) Add `late` and `required` keywords, the `Never` built-in type, and nullable built-in types ([#​2550](https://togithub.com/highlightjs/highlight.js/issues/2550)) [Sam Rawlins][] - enh(erlang) Add underscore separators to numeric literals ([#​2554](https://togithub.com/highlightjs/highlight.js/issues/2554)) [Sergey Prokhorov][] - enh(handlebars) Support for sub-expressions, path-expressions, hashes, block-parameters and literals ([#​2344](https://togithub.com/highlightjs/highlight.js/issues/2344)) [Nils Knappmeier][] - enh(protobuf) Support multiline comments ([#​2597](https://togithub.com/highlightjs/highlight.js/issues/2597)) [Pavel Evstigneev][] - fix(toml) Improve key parsing ([#​2595](https://togithub.com/highlightjs/highlight.js/issues/2595)) [Antoine du Hamel][] [Josh Goebel]: https://togithub.com/joshgoebel [Peter Plantinga]: https://togithub.com/pplantinga [David Benjamin]: https://togithub.com/davidben [Vania Kucher]: https://togithub.com/qWici [Hankun Lin]: https://togithub.com/Linhk1606 [Nick Randall]: https://togithub.com/nicked [Sam Rawlins]: https://togithub.com/srawlins [Sergey Prokhorov]: https://togithub.com/seriyps [Nils Knappmeier]: https://togithub.com/nknapp [Martin (Lhoerion)]: https://togithub.com/Lhoerion [Jim Mason]: https://togithub.com/RocketMan [lioshi]: https://togithub.com/lioshi [Pavel Evstigneev]: https://togithub.com/Paxa [Antoine du Hamel]: https://togithub.com/aduh95 ### [`v10.0.3`](https://togithub.com/highlightjs/highlight.js/compare/10.0.2...10.0.3) [Compare Source](https://togithub.com/highlightjs/highlight.js/compare/10.0.2...10.0.3) ### [`v10.0.2`](https://togithub.com/highlightjs/highlight.js/blob/HEAD/CHANGES.md#Version-1002) [Compare Source](https://togithub.com/highlightjs/highlight.js/compare/10.0.1...10.0.2) Brower build: - [Issue](https://togithub.com/highlightjs/highlight.js/issues/2505) (bug) Fix: Version 10 fails to load as CommonJS module. ([#​2511](https://togithub.com/highlightjs/highlight.js/issues/2511)) [Josh Goebel][] - [Issue](https://togithub.com/highlightjs/highlight.js/issues/2505) (removal) AMD module loading support has been removed. ([#​2511](https://togithub.com/highlightjs/highlight.js/issues/2511)) [Josh Goebel][] Parser Engine Changes: - [Issue](https://togithub.com/highlightjs/highlight.js/issues/2522) fix(parser) Fix freez issue with illegal 0 width matches ([#​2524](https://togithub.com/highlightjs/highlight.js/issues/2524)) [Josh Goebel][] [Josh Goebel]: https://togithub.com/joshgoebel ### [`v10.0.1`](https://togithub.com/highlightjs/highlight.js/blob/HEAD/CHANGES.md#Version-1001) [Compare Source](https://togithub.com/highlightjs/highlight.js/compare/10.0.0...10.0.1) Parser Engine Changes: - (bug) Fix sublanguage with no relevance score ([#​2506](https://togithub.com/highlightjs/highlight.js/issues/2506)) [Josh Goebel][] [Josh Goebel]: https://togithub.com/joshgoebel

---

Configuration

📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• [ ] If you want to rebase/retry this PR, check this box

---

This PR has been generated by Mend Renovate. View repository job log here.

[renovate[bot]]

Edited/Blocked Notification

Renovate will not automatically rebase this PR, because it does not recognize the last commit author and assumes somebody else may have edited the PR.

You can manually request rebase by checking the rebase/retry box above.

⚠️ Warning: custom changes will be lost.

[renovate[bot]]

Autoclosing Skipped

This PR has been flagged for autoclosing. However, it is being skipped due to the branch being already modified. Please close/delete it manually or report a bug if you think this is in error.