Update dependency prismjs to v1.27.0 [SECURITY]

[renovate]

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence
prismjs	1.26.0 -> 1.27.0

GitHub Vulnerability Alerts

CVE-2022-23647

Impact

Prism's Command line plugin can be used by attackers to achieve an XSS attack. The Command line plugin did not properly escape its output, leading to the input text being inserted into the DOM as HTML code.

Server-side usage of Prism is not impacted. Websites that do not use the Command Line plugin are also not impacted.

Patches

This bug has been fixed in v1.27.0.

Workarounds

Do not use the Command line plugin on untrusted inputs, or sanitized all code blocks (remove all HTML code text) from all code blocks that use the Command line plugin.

References

• Command Line: Escape markup in command line output PrismJS/prism#3341

---

Release Notes

PrismJS/prism

v1.27.0

Compare Source

New components

• UO Razor Script (#​3309) 3f8cc5a0

Updated components

• AutoIt
  • Allow hyphen in directive (#​3308) bcb2e2c8
• EditorConfig
  • Change alias of section from keyword to selector (#​3305) e46501b9
• Ini
  • Swap out header for section (#​3304) deb3a97f
• MongoDB
  • Added v5 support (#​3297) 8458c41f
• PureBasic
  • Added missing keyword and fixed constants ending with $ (#​3320) d6c53726
• Scala
  • Added support for interpolated strings (#​3293) 441a1422
• Systemd configuration file
  • Swap out operator for punctuation (#​3306) 2eb89e15

Updated plugins

• Command Line
  • Escape markup in command line output (#​3341) e002e78c
  • Add support for line continuation and improved colors (#​3326) 1784b175
  • Added span around command and output (#​3312) 82d0ca15

Other

• Core
  • Added better error message for missing grammars (#​3311) 2cc4660b

---

Configuration

📅 Schedule: "" in timezone Asia/Tokyo.

🚦 Automerge: Disabled due to failing status checks.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, click this checkbox.

---

This PR has been generated by WhiteSource Renovate. View repository job log here.

[github-actions]

depcheck Result

List up libraries that are defined in dependencies and devDependencies in package.json but not used in your codes.

• Unused dependencies

  • @fortawesome/free-regular-svg-icons
  • @fortawesome/free-solid-svg-icons
  • react-dom
  • react-error-overlay
  • react-flickr-hero
  • react-typography
  • sharp
  • tween
  • typescript

• Unused devdependencies

  • @babel/core
  • @storybook/addon-a11y
  • @storybook/addon-controls
  • @storybook/addon-docs
  • @storybook/addon-essentials
  • @storybook/addon-info
  • @storybook/addon-interactions
  • @storybook/addon-knobs
  • @storybook/addon-links
  • @storybook/addon-storyshots
  • @storybook/jest
  • @storybook/react
  • @storybook/testing-library
  • @types/aws-lambda
  • @types/jest
  • @types/node
  • @types/react-fontawesome
  • @types/storybook__addon-info
  • axe-core
  • babel-preset-gatsby
  • babel-preset-react-app
  • chromatic
  • cypress
  • eslint
  • eslint-plugin-import
  • eslint-plugin-jsx-a11y
  • eslint-plugin-react
  • gatsby-cli
  • gh-pages
  • greenkeeper-lockfile
  • identity-obj-proxy
  • jest
  • netlify-cli
  • netlify-lambda
  • percy
  • prettier
  • react-test-renderer
  • start-server-and-test
  • stylelint
  • stylelint-config-idiomatic-order
  • stylelint-config-prettier
  • stylelint-config-recommended
  • stylelint-config-styled-components
  • stylelint-processor-styled-components
  • ts-dedent
  • ts-jest
  • tslint-react

• Missing

  • build-url

    • /github/workspace/src/components/flickrHero.tsx

  • @fortawesome/fontawesome-common-types

    • /github/workspace/src/components/socialIcons.tsx

  • axios

    • /github/workspace/functions/src/contact.js

  • @babel/preset-react

    • /github/workspace/.storybook/main.js

  • @babel/preset-env

    • /github/workspace/.storybook/main.js

  • @babel/plugin-proposal-class-properties

    • /github/workspace/.storybook/main.js

[github-actions]

Deploy path: /home/runner/work/portfolio/portfolio/public
Functions path: /home/runner/work/portfolio/portfolio/functions/src
Configuration path: /home/runner/work/portfolio/portfolio/netlify.toml
Deploying to draft URL...

Logs: https://app.netlify.com/sites/sleepy-neumann-6a84c0/deploys/6247b26335b225332f9adbb4
Website Draft URL: https://6247b26335b225332f9adbb4--sleepy-neumann-6a84c0.netlify.app

If everything looks good on your draft URL, deploy it to your main site URL with the --prod flag.
netlify deploy --prod

[github-actions]

depcheck Result

List up libraries that are defined in dependencies and devDependencies in package.json but not used in your codes.

• Unused dependencies

  • @fortawesome/free-regular-svg-icons
  • @fortawesome/free-solid-svg-icons
  • react-error-overlay
  • react-flickr-hero
  • sharp
  • tween

• Unused devdependencies

  • @storybook/addon-a11y
  • @storybook/addon-controls
  • @storybook/addon-docs
  • @storybook/addon-essentials
  • @storybook/addon-info
  • @storybook/addon-interactions
  • @storybook/addon-knobs
  • @storybook/addon-links
  • @storybook/addon-storyshots
  • @storybook/jest
  • @storybook/testing-library
  • @types/aws-lambda
  • @types/jest
  • @types/node
  • @types/react-fontawesome
  • @types/storybook__addon-info
  • babel-preset-gatsby
  • babel-preset-react-app
  • chromatic
  • eslint-plugin-import
  • eslint-plugin-jsx-a11y
  • eslint-plugin-react
  • greenkeeper-lockfile
  • identity-obj-proxy
  • netlify-cli
  • netlify-lambda
  • percy
  • react-test-renderer
  • stylelint-config-idiomatic-order
  • stylelint-config-prettier
  • stylelint-config-recommended
  • stylelint-config-styled-components
  • stylelint-processor-styled-components
  • ts-dedent
  • ts-jest
  • tslint-react

• Missing

  • build-url

    • /github/workspace/src/components/flickrHero.tsx

  • @fortawesome/fontawesome-common-types

    • /github/workspace/src/components/socialIcons.tsx

  • axios

    • /github/workspace/functions/src/contact.js

  • @babel/preset-react

    • /github/workspace/.storybook/main.js

  • @babel/preset-env

    • /github/workspace/.storybook/main.js

  • @babel/plugin-proposal-class-properties

    • /github/workspace/.storybook/main.js

[github-actions]

Deploy path: /home/runner/work/portfolio/portfolio/public
Functions path: /home/runner/work/portfolio/portfolio/functions/src
Configuration path: /home/runner/work/portfolio/portfolio/netlify.toml
Deploying to draft URL...

Logs: https://app.netlify.com/sites/sleepy-neumann-6a84c0/deploys/6249381f20abb64175c117d4
Website Draft URL: https://6249381f20abb64175c117d4--sleepy-neumann-6a84c0.netlify.app

If everything looks good on your draft URL, deploy it to your main site URL with the --prod flag.
netlify deploy --prod

[github-actions]

depcheck Result

List up libraries that are defined in dependencies and devDependencies in package.json but not used in your codes.

• Unused dependencies

  • @fortawesome/free-regular-svg-icons
  • @fortawesome/free-solid-svg-icons
  • react-error-overlay
  • react-flickr-hero
  • sharp
  • tween

• Unused devdependencies

  • @storybook/addon-a11y
  • @storybook/addon-controls
  • @storybook/addon-docs
  • @storybook/addon-essentials
  • @storybook/addon-info
  • @storybook/addon-interactions
  • @storybook/addon-knobs
  • @storybook/addon-links
  • @storybook/addon-storyshots
  • @storybook/jest
  • @storybook/testing-library
  • @types/aws-lambda
  • @types/jest
  • @types/node
  • @types/react-fontawesome
  • @types/storybook__addon-info
  • babel-preset-gatsby
  • babel-preset-react-app
  • chromatic
  • eslint-plugin-import
  • eslint-plugin-jsx-a11y
  • eslint-plugin-react
  • greenkeeper-lockfile
  • identity-obj-proxy
  • netlify-cli
  • netlify-lambda
  • percy
  • react-test-renderer
  • stylelint-config-idiomatic-order
  • stylelint-config-prettier
  • stylelint-config-recommended
  • stylelint-config-styled-components
  • stylelint-processor-styled-components
  • ts-dedent
  • ts-jest
  • tslint-react

• Missing

  • build-url

    • /github/workspace/src/components/flickrHero.tsx

  • @fortawesome/fontawesome-common-types

    • /github/workspace/src/components/socialIcons.tsx

  • axios

    • /github/workspace/functions/src/contact.js

  • @babel/preset-react

    • /github/workspace/.storybook/main.js

  • @babel/preset-env

    • /github/workspace/.storybook/main.js

  • @babel/plugin-proposal-class-properties

    • /github/workspace/.storybook/main.js

[github-actions]

Deploy path: /home/runner/work/portfolio/portfolio/public
Functions path: /home/runner/work/portfolio/portfolio/functions/src
Configuration path: /home/runner/work/portfolio/portfolio/netlify.toml
Deploying to draft URL...

Logs: https://app.netlify.com/sites/sleepy-neumann-6a84c0/deploys/6249b58235b2255a609add3e
Website Draft URL: https://6249b58235b2255a609add3e--sleepy-neumann-6a84c0.netlify.app

If everything looks good on your draft URL, deploy it to your main site URL with the --prod flag.
netlify deploy --prod