Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom

chore(deps): update dependency prismjs to v1.30.0 [security] #582

Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

chore(deps): update dependency prismjs to v1.30.0 [security] #582

wants to merge 1 commit into from

Conversation

renovate[bot]
Copy link
Contributor

@renovate renovate bot commented Mar 18, 2025

This PR contains the following updates:

Package Change Age Adoption Passing Confidence
prismjs 1.29.0 -> 1.30.0 age adoption passing confidence

GitHub Vulnerability Alerts

CVE-2024-53382

Prism (aka PrismJS) through 1.29.0 allows DOM Clobbering (with resultant XSS for untrusted input that contains HTML but does not directly contain JavaScript), because document.currentScript lookup can be shadowed by attacker-injected HTML elements.

Release Notes

PrismJS/prism (prismjs)

v1.30.0

Compare Source

What's Changed

New Contributors

Full Changelog: PrismJS/prism@v1.29.0...v1.30.0

Configuration

📅 Schedule: Branch creation - "" in timezone EST, Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@stackblitz StackBlitz
Copy link

stackblitz bot commented Mar 18, 2025

Review PR in StackBlitz Codeflow Run & review this pull request in StackBlitz Codeflow.

@changeset-bot changeset-bot
Copy link

changeset-bot bot commented Mar 18, 2025
edited
Loading

⚠️ No Changeset found

Latest commit: fe1b547

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

This PR includes no changesets

When changesets are added to this PR, you'll see the packages that this PR includes changesets for and the associated semver types

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR

@github-actions GitHub Actions
Copy link
Contributor

github-actions bot commented Mar 18, 2025
edited
Loading

built with Refined Cloudflare Pages Action

⚡ Cloudflare Pages Deployment

Name Status Preview Last Commit
svelte-ux ✅ Ready (View Log) Visit Preview fe1b547

@pkg-pr-new pkg.pr.new
Copy link

pkg-pr-new bot commented Mar 18, 2025
edited
Loading

Open in StackBlitz

npm i https://pkg.pr.new/svelte-ux@582

commit: fe1b547

@renovate renovate bot force-pushed the renovate/npm-prismjs-vulnerability branch from bba3dcd to fe1b547 Compare March 31, 2025 19:54
# for free to join this conversation on GitHub. Already have an account? # to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
dependencies
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
0 participants