chore(deps): update dependency prismjs to v1.21.0 [security] - abandoned

[renovate]

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence
prismjs	1.16.0 -> 1.21.0

GitHub Vulnerability Alerts

CVE-2020-15138

Impact

The easing preview of the Previewers plugin has an XSS vulnerability that allows attackers to execute arbitrary code in Safari and Internet Explorer.

This impacts all Safari and Internet Explorer users of Prism >=v1.1.0 that use the Previewers plugin (>=v1.10.0) or the Previewer: Easing plugin (v1.1.0 to v1.9.0).

Patches

This problem is patched in v1.21.0.

Workarounds

To workaround the issue without upgrading, disable the easing preview on all impacted code blocks. You need Prism v1.10.0 or newer to apply this workaround.

References

The vulnerability was introduced by this commit on Sep 29, 2015 and fixed by Masato Kinugawa (#​2506).

For more information

If you have any questions or comments about this advisory, please open an issue.

---

Release Notes

PrismJS/prism

v1.21.0

Compare Source

New components

• .ignore & .gitignore & .hgignore & .npmignore (#​2481) 3fcce6fe
• Agda (#​2430) 3a127c7d
• AL (#​2300) de21eb64
• Cypher (#​2459) 398e2943
• Dhall (#​2473) 649e51e5
• EditorConfig (#​2471) ed8fff91
• HLSL (#​2318) 87a5c7ae
• JS stack trace (#​2418) ae0327b3
• PeopleCode (#​2302) bd4d8165
• PureBasic (#​2369) d0c1c70d
• Racket (#​2315) 053016ef
• Smali (#​2419) 22eb5cad
• Structured Text (IEC 61131-3) (#​2311) 8704cdfb
• UnrealScript (#​2305) 1093ceb3
• WarpScript (#​2307) cde5b0fa
• XML doc (.net) (#​2340) caec5e30
• YANG (#​2467) ed1df1e1

Updated components

• Markup & JSON: Added new aliases (#​2390) 9782cfe6
• Fixed several cases of exponential backtracking (#​2268) 7a554b5f
• APL
  • Added ⍥ (#​2409) 0255cb6a
• AutoHotkey
  • Added missing format built-in (#​2450) 7c66cfc4
  • Improved comments and other improvements (#​2412) ddf3cc62
  • Added missing definitions (#​2400) 4fe03676
• Bash
  • Added composer command (#​2298) 044dd271
• Batch
  • Fix escaped double quote (#​2485) f0f8210c
• C
  • Improved macros and expressions (#​2440) 8a72fa6f
  • Improved macros (#​2320) fdcf7ed2
• C#
  • Improved pattern matching (#​2411) 7f341fc1
  • Fixed adjacent string interpolations (#​2402) 2a2e79ed
• C++
  • Added support for default comparison operator (#​2426) 8e9d161c
  • Improved class name detection (#​2348) e3fe9040
  • Fixed enum class class names (#​2342) 30b4e254
• Content-Security-Policy
  • Fixed directives (#​2461) 537a9e80
• CSS
  • Improved url and added keywords (#​2432) 964de5a1
• CSS Extras
  • Optimized class and id patterns (#​2359) fdbc4473
  • Renamed attr-{name,value} tokens and added tokens for combinators and selector lists (#​2373) e523f5d0
• Dart
  • Added missing keywords (#​2355) 4172ab6f
• Diff
  • Added prefix token (#​2281) fd432a5b
• Docker
  • Fixed strings inside comments (#​2428) 37273a6f
• EditorConfig
  • Trim spaces before key and section title (#​2482) 0c30c582
• EJS
  • Added eta alias (#​2282) 0cfb6c5f
• GLSL
  • Improvements (#​2321) 33e49956
• GraphQL
  • Added missing keywords (#​2407) de8ed16d
  • Added support for multi-line strings and descriptions (#​2406) 9e64c62e
• Io
  • Fixed operator pattern (#​2365) d6055771
• Java
  • Fixed namespace token (#​2295) 62e184bb
• JavaDoc
  • Improvements (#​2324) 032910ba
• JavaScript
  • Improved regex detection (#​2465) 4f55052f
  • Improved get/set and parameter detection (#​2387) ed715158
  • Added support for logical assignment operators (#​2378) b28f21b7
• JSDoc
  • Improvements (#​2466) 2805ae35
• JSON
  • Greedy comments (#​2479) 158caf52
• Julia
  • Improved strings, comments, and other patterns (#​2363) 81cf2344
• Kotlin
  • Added kt and kts aliases (#​2474) 67f97e2e
• Markup
  • Added tokens inside DOCTYPE (#​2349) 9c7bc820
  • Added attr-equals alias for the attribute = sign (#​2350) 96a0116e
  • Added alias for named entities (#​2351) ab1e34ae
  • Added support for SSML (#​2306) eb70070d
• Objective-C
  • Added objc alias (#​2331) 67c6b7af
• PowerShell
  • New functions pattern bases on naming conventions (#​2301) fec39bcf
• Protocol Buffers
  • Added support for RPC syntax (#​2414) 939a17c4
• Pug
  • Improved class and id detection in tags (#​2358) 7f948ecb
• Python
  • Fixed empty multiline strings (#​2344) c9324476
• Regex
  • Added aliases and minor improvements (#​2325) 8a72830a
• Ren'py
  • Added rpy alias (#​2385) 4935b5ca
• Ruby
  • Optimized regex and string patterns (#​2354) b526e8c0
• Rust
  • Improvements (#​2464) 2ff40fe0
  • Improvements (#​2332) 194c5429
• SAS
  • Improved macro string functions (#​2463) 278316ca
  • Handle edge case of string macro functions (#​2451) a0a9f1ef
  • Improved comments in proc groovy and proc lua (#​2392) 475a5903
• Scheme
  • Adjusted lookbehind for literals (#​2396) 1e3f542b
  • Improved lambda parameter (#​2346) 1946918a
  • Consistent lookaheads (#​2322) d2541d54
  • Improved boolean (#​2316) e27e65af
  • Added missing special keywords (#​2304) ac297ba5
  • Improvements (#​2263) 9a49f78f
• Solidity (Ethereum)
  • Added sol alias (#​2382) 6352213a
• SQL
  • Added PostgreSQL RETURNING keyword (#​2476) bea7a585
• Stylus
  • Fixed comments breaking declarations + minor improvements (#​2372) 6d663b6e
  • New tokens and other improvements (#​2368) 2c10ef8a
  • Fixed comments breaking strings and URLs (#​2361) 0d65d6c9
• T4 Text Templates (VB)
  • Use the correct VB variant (#​2341) b6093339
• TypeScript
  • Added asserts keyword and other improvements (#​2280) a197cfcd
• Visual Basic
  • Added VBA alias (#​2469) 78161d60
  • Added until keyword (#​2423) a13ee8d9
  • Added missing keywords (#​2376) ba5ac1da

Updated plugins

• File Highlight & JSONP Highlight update (#​1974) afea17d9
• Added general de/activation mechanism for plugins (#​2434) a36e96ab
• Autoloader
  • Fixed bug breaking Autoloader (#​2449) a3416bf3
  • Fixed data-dependencies and extensions (#​2326) 1654b25f
  • Improved path detection and other minor improvements (#​2245) 5cdc3251
• Command Line
  • Some refactoring (#​2290) 8c9c2896
  • Correctly rehighlight elements (#​2291) e6b2c6fc
• Line Highlight
  • Added linkable line numbers (#​2328) eb82e804
• Line Numbers
  • Improved resize performance (#​2125) b96ed225
  • Fixed TypeError when lineNumberWrapper is null (#​2337) 4b61661d
  • Exposed _resizeElement function (#​2288) 893f2a79
• Previewers
  • Fixed XSS (#​2506) 8bba4880
• Unescaped Markup
  • No longer requires Prism.languages.markup (#​2444) af132dd3

Updated themes

• Coy
  • Minor improvements (#​2176) 7109c18c
• Default
  • Added a comment that declares the background color of operator tokens as intentional (#​2309) 937e2691
• Okaidia
  • Update comment text color to meet WCAG contrast recommendations to AA level (#​2292) 06495f90

Other

• Changelog: Fixed v1.20.0 release date cb6349e2
• Core
  • Fixed greedy matching bug (#​2032) 40285203
  • Added JSDoc (#​1782) 4ff555be
• Infrastructure
  • Update Git repo URL in package.json (#​2334) 10f43275
  • Added docs to ignore files (#​2437) 05c9f20b
  • Added npm run build command (#​2356) ff74a610
  • gulp: Improved inlineRegexSource (#​2296) abb800dd
  • gulp: Fixed language map (#​2283) 11053193
  • gulp: Removed premerge task (#​2357) 5ff7932b
  • Tests are now faster (#​2165) e756be3f
  • Tests: Added extra newlines in pretty token streams (#​2070) 681adeef
  • Tests: Added test for identifier support across all languages (#​2371) 48fac3b2
  • Tests: Added test to sort the language list (#​2222) a3758728
  • Tests: Always pretty-print token streams (#​2421) 583e7eb5
  • Tests: Always use components.json (#​2370) e416341f
  • Tests: Better error messages for pattern tests (#​2364) 10ca6433
  • Tests: Included console in VM context (#​2353) b4ed5ded
• Website
  • Fixed typos "Prims" (#​2455) dfa5498a
  • New assets directory for all web-only files (#​2180) 91fdd0b1
  • Improvements (#​2053) ce0fa227
  • Fixed Treeview page (#​2484) a0efa40b
  • Line Numbers: Fixed class name on website 453079bf
  • Line Numbers: Improved documentation (#​2456) 447429f0
  • Line Numbers: Style inline code on website (#​2435) ad9c13e2
  • Filter highlightAll: Fixed typo (#​2391) 55bf7ec1

v1.20.0

Compare Source

New components

• Concurnas (#​2206) b24f7348
• DAX (#​2248) 9227853f
• Excel Formula (#​2219) bf4f7bfa
• Factor (#​2203) f941102e
• LLVM IR (#​2221) 43efde2e
• PowerQuery (#​2250) 8119e57b
• Solution file (#​2213) 15983d52

Updated components

• Bash
  • Added support for escaped quotes (#​2256) 328d0e0e
• BBcode
  • Added "shortcode" alias (#​2273) 57eebced
• C/C++/OpenCL C
  • Improvements (#​2196) 674f4b35
• C
  • Improvemed comment pattern (#​2229) fa630726
• C#
  • Fixed keywords in type lists blocking type names (#​2277) 947a55bd
  • C# improvements (#​1444) 42b15463
• C++
  • Added C++20 keywords (#​2236) 462ad57e
• CSS
  • Fixed url() containing "@​" (#​2272) 504a63ba
• CSS Extras
  • Added support for the selector function (#​2201) 2e0eff76
• Elixir
  • Added support for attributes names ending with ? (#​2182) 5450e24c
• Java
  • Added record keyword (#​2185) 47910b5c
• Markdown
  • Added support for nested lists (#​2228) 73c8a376
• OpenCL
  • Require C (#​2231) 26626ded
• PHPDoc
  • Fixed exponential backtracking (#​2198) 3b42536e
• Ruby
  • Fixed exponential backtracking (#​2225) c5de5aa8
• SAS
  • Fixed SAS' "peerDependencies" (#​2230) 7d8ff7ea
• Shell session
  • Improvements (#​2208) bd16bd57
• Visual Basic
  • Added support for comments with line continuations (#​2195) a7d67ca3
• YAML
  • Improvements (#​2226) 5362ba16
  • Fixed highlighting of anchors and aliases (#​2217) 6124c974

New plugins

• Treeview (#​2265) be909b18

Updated plugins

• Inline Color
  • Support for (semi-)transparent colors and minor improvements (#​2223) 8d2c5a3e
• Keep Markup
  • Remove self & document from IIFE arguments (#​2258) 3c043338
• Toolbar
  • data-toolbar-order is now inherited (#​2205) 238f1163

Other

• Updated all String.propotype.replace calls for literal strings 5d7aab56
• Core
  • Linked list implementation for matchGrammar (#​1909) 2d4c94cd
  • Faster Token.stringify (#​2171) f683972e
  • Fixed scope problem in script mode (#​2184) 984e5d2e
• Infrastructure
  • Travis: Updated NodeJS versions (#​2246) e635260b
  • gulp: Inline regex source improvement (#​2227) 67afc5ad
  • Tests: Added new pattern check for octal escapes (#​2189) 81e1c3dd
  • Tests: Fixed optional dependencies in pattern tests (#​2242) 1e3070a2
  • Tests: Added test for zero-width lookbehinds (#​2220) 7d03ece4
  • Added tests for examples (#​2216) 1f7a245c
• Website
  • Removed invalid strings from C# example (#​2266) c917a8ca
  • Fixed Diff highlight plugin page title (#​2233) a82770f8
  • Added link to prism-liquibase Bash language extension. (#​2191) 0bf73dc7
  • Examples: Updated content header (#​2232) 6232878b
  • Website: Added Coy bug to the known failures page. (#​2170) e9dab85e

v1.19.0

Compare Source

New components

• Latte (#​2140) 694a81b8
• Neon (#​2140) 694a81b8
• QML (#​2139) c40d96c6

Updated components

• Handlebars
  • Added support for : and improved the variable pattern (#​2172) ef4d29d9
• JavaScript
  • Added support for keywords after a spread operator (#​2148) 1f3f8929
  • Better regex detection (#​2158) a23d8f84
• Markdown
  • Better language detection for code blocks (#​2114) d7ad48f9
• OCaml
  • Improvements (#​2179) 2a570fd4
• PHP
  • Fixed exponential runtime of a pattern (#​2157) 24c8f833
• React JSX
  • Improved spread operator in tag attributes (#​2159) fd857e7b
  • Made $ a valid character for attribute names (#​2144) f018cf04
• Reason
  • Added support for single line comments (#​2150) 7f1c55b7
• Ruby
  • Override 'class-name' definition (#​2135) 401d4b02
• SAS
  • Added CASL support (#​2112) 99d979a0

Updated plugins

• Custom Class
  • Fixed TypeError when mapper is undefined (#​2167) 543f04d7

Updated themes

• Added missing .token selector (#​2161) 86780457

Other

• Added a check for redundant dependency declarations (#​2142) a06aca06
• Added a check for examples (#​2128) 0b539136
• Added silent option to loadLanguages (#​2147) 191b4116
• Infrastructure
  • Dependencies: Improved getLoader (#​2151) 199bdcae
  • Updated gulp to v4.0.2 (#​2178) e5678a00
• Website
  • Custom Class: Fixed examples (#​2160) 0c2fe405
  • Added documentation for new dependency API (#​2141) 59068d67

v1.18.0

Compare Source

New components

• ANTLR4 (#​2063) aaaa29a8
• AQL (#​2025) 3fdb7d55
• BBcode (#​2095) aaf13aa6
• BrightScript (#​2096) 631f1e34
• Embedded Lua templating (#​2050) 0b771c90
• Firestore security rules (#​2010) 9f722586
• FreeMarker Template Language (#​2080) 2f3da7e8
• GDScript (#​2006) e2b99f40
• MoonScript (#​2100) f31946b3
• Robot Framework (only the plain text format) (#​2034) f7eaa618
• Solidity (Ethereum) (#​2031) cc2cf3f7
• SPARQL (#​2033) c42f877d
• SQF: Status Quo Function (Arma 3) (#​2079) cfac94ec
• Turtle & TriG (#​2012) 508d57ac
• Zig (#​2019) a7cf56b7

Updated components

• Minor improvements for C-like and Clojure (#​2064) 7db0cab3
• Inlined some unnecessary rest properties (#​2082) ad3fa443
• AQL
  • Disallow unclosed multiline comments again (#​2089) 717ace02
  • Allow unclosed multi-line comments (#​2058) f3c6ba59
  • More pseudo keywords (#​2055) 899574eb
  • Added missing keyword + minor improvements (#​2047) 32a4c422
• Clojure
  • Added multiline strings (lisp style) (#​2061) 8ea685b8
• CSS Extras
  • CSS Extras & PHP: Fixed too greedy number token (#​2009) ebe363f4
• D
  • Fixed strings (#​2029) 010a0157
• Groovy
  • Minor improvements (#​2036) fb618331
• Java
  • Added missing :: operator (#​2101) ee7fdbee
  • Added support for new Java 13 syntax (#​2060) a7b95dd3
• JavaScript
  • Added Optional Chaining and Nullish Coalescing (#​2084) fdb7de0d
  • Tokenize : as an operator (#​2073) 0e5c48d1
• Less
  • Fixed exponential backtracking (#​2016) d03d19b4
• Markup
  • Improved doctype pattern (#​2094) 99994c58
• Python
  • Fixed decorators (#​2018) 5b8a16d9
• Robot Framework
  • Rename "robot-framework" to "robotframework" (#​2113) baa78774
• Ruby
  • Made true and false booleans (#​2098) 68d1c472
  • Added missing keywords (#​2097) f460eafc
• SAS
  • Added support for embedded Groovy and Lua code (#​2091) 3640b3f2
  • Minor improvements (#​2085) 07020c7a
  • Fixed proc-args token by removing backreferences from string pattern (#​2013) af5a36ae
  • Major improvements (#​1981) 076f6155
• Smalltalk
  • Fixed single quote character literal (#​2041) 1aabcd17
• Turtle
  • Minor improvements (#​2038) 8ccd258b
• TypeScript
  • Added missing keyword undefined (#​2088) c8b48b9f

Updated plugins

• New Match Braces plugin (#​1944) 365faade
• New Inline color plugin (#​2007) 8403e453
• New Filter highlightAll plugin (#​2074) a7f70090
• Custom Class
  • New class adder feature (#​2075) dab7998e
• File Highlight
  • Made the download button its own plugin (#​1840) c6c62a69

Other

• Issue template improvements (#​2069) 53f07b1b
• Readme: Links now use HTTPS if available (#​2045) 6cd0738a
• Core
  • Fixed null reference (#​2106) 0fd062d5
  • Fixed race condition caused by deferring the script (#​2103) a3785ec9
  • Minor improvements (#​1973) 2d858e0a
  • Fixed greedy partial lookbehinds not working (#​2030) 174ed103
  • Fixed greedy targeting bug (#​1932) e864d518
  • Doubly check the manual flag (#​1957) d49f0f26
  • IE11 workaround for currentScript (#​2104) 2108c60f
• Infrastructure
  • gulp: Fixed changes task 2f495905
  • npm: Added .github folder to npm ignore (#​2052) 1af89e06
  • npm: Updated dependencies to fix 122 vulnerabilities (#​1997) 3af5d744
  • Tests: New test for unused capturing groups (#​1996) c187e229
  • Tests: Simplified error message format (#​2056) 007c9af4
  • Tests: New test for nice names (#​1911) 3fda5c95
  • Standardized dependency logic implementation (#​1998) 7a4a0c7c
• Website
  • Added @​mAAdhaTTah and @​RunDevelopment to credits and footer 5d07aa7c
  • Added plugin descriptions to plugin list (#​2076) cdfa60ac
  • Use HTTPS link to alistapart.com (#​2044) 8bcc1b85
  • Fixed the Toolbar plugin's overflow issue (#​1966) 56a8711c
  • FAQ update (#​1977) 8a572af5
  • Use modern JavaScript in the NodeJS usage section (#​1942) 5c68a556
  • Improved test page performance for Chromium (#​2020) 3509f3e5
  • Fixed alias example in extending page (#​2011) 7cb65eec
  • Robot Framework: Renamed example file (#​2126) 9908ca69

v1.17.1

Compare Source

Other

• Infrastructure
  • Add .DS_Store to npmignore c2229ec2

v1.17.0

Compare Source

New components

• DNS zone file (#​1961) bb84f98c
• JQ (#​1896) 73d964be
• JS Templates: Syntax highlighting inside tagged template literals (#​1931) c8844286
• LilyPond (#​1967) 5d992fc5
• PascaLIGO (#​1947) 858201c7
• PC-Axis (#​1940) 473f7fbd
• Shell session (#​1892) 96044979
• Splunk SPL (#​1962) c93c066b

New plugins

• Diff Highlight: Syntax highlighting inside diff blocks (#​1889) e7702ae1

Updated components

• Bash
  • Major improvements (#​1443) 363281b3
• C#
  • Added cs alias (#​1899) a8164559
• C++
  • Fixed number pattern (#​1887) 3de29e72
• CSS
  • Extended url inside (#​1874) f0a10669
  • Removed unnecessary flag and modifier (#​1875) 74050c68
• CSS Extras
  • Added even & odd keywords to n-th pattern (#​1872) 5e5a3e00
• F#
  • Improved character literals (#​1956) d58d2aeb
• JavaScript
  • Fixed escaped template interpolation (#​1931) c8844286
  • Added support for private fields (#​1950) 7bd08327
  • Added support for numeric separators (#​1895) 6068bf18
  • Increased bracket count of interpolation expressions in template strings (#​1845) c13d6e7d
  • Added support for the s regex flag (#​1846) 9e164935
  • Formatting: Added missing semicolon (#​1856) e2683959
• JSON
  • Kinda fixed comment issue (#​1853) cbe05ec3
• Julia
  • Added struct keyword (#​1941) feb1b6f5
  • Highlight Inf and NaN as constants (#​1921) 2141129f
  • Added in keyword (#​1918) feb3187f
• LaTeX
  • Added TeX and ConTeXt alias (#​1915) 5ad58a75
  • Added support for $$ equations 6f53f749
• Markdown
  • Markdown: Added support for auto-loading code block languages (#​1898) 05823e88
  • Improved URLs (#​1955) b9ec6fd8
  • Added support for nested bold and italic expressions (#​1897) 11903721
  • Added support for tables (#​1848) cedb8e84
• Perl
  • Added return keyword (#​1943) 2f39de97
• Protocol Buffers
  • Full support for PB2 and PB3 syntax + numerous other improvements (#​1948) de10bd1d
• reST (reStructuredText)
  • Fixed exponentially backtracking pattern (#​1986) 8b5d67a3
• Rust
  • Added async and await keywords. (#​1882) 4faa3314
  • Improved punctuation and operators (#​1839) a42b1557
• Sass (Scss)
  • Fixed exponential url pattern (#​1938) 4b6b6e8b
• Scheme
  • Added support for rational number literals (#​1964) e8811d22
• TOML
  • Minor improvements (#​1917) 3e181241
• Visual Basic
  • Added support for interpolation strings (#​1971) 4a2c90c1

Updated plugins

• Autolinker
  • Improved component path guessing (#​1928) 452d5c7d
  • Improved URL regex (#​1842) eb28b62b
• Autoloader
  • Fixed and improved callbacks (#​1935) b19f512f
• Command Line
  • Fix for uncaught errors for empty 'commandLine' object. (#​1862) c24831b5
• Copy to Clipboard Button
  • Switch anchor to button (#​1926) 79880197
• Custom Class
  • Added mapper functions for language specific transformations (#​1873) acceb3b5
• Line Highlight
  • Batching DOM read/writes to avoid reflows ([#&handle case were source is unavailable #8

---

Configuration

📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR has been generated by Mend Renovate. View repository job log here.

[renovate]

Edited/Blocked Notification

Renovate will not automatically rebase this PR, because it does not recognize the last commit author and assumes somebody else may have edited the PR.

You can manually request rebase by checking the rebase/retry box above.

⚠️ Warning: custom changes will be lost.

[renovate]

Autoclosing Skipped

This PR has been flagged for autoclosing. However, it is being skipped due to the branch being already modified. Please close/delete it manually or report a bug if you think this is in error.