Backporting Prism 1.24 to v3 for security fix?

wooorm / refractor

Lightweight, robust, elegant virtual syntax highlighting using Prism

MIT License

724 stars 34 forks source link

Backporting Prism 1.24 to v3 for security fix? #41

Closed mayank99 closed 3 years ago

mayank99 commented 3 years ago

See high severity vulnerability: https://github.com/advisories/GHSA-gj77-59wh-66hg

Because refractor@3 uses ~1.23.0 instead of ^, users need to force resolve to the patched version (I know this is a mild inconvenience, so feel free to close this issue).

wooorm commented 3 years ago

Not sure why Prism didn’t release it in a patch. But, released.