Skip to content

Commit 005b147

Browse files
renovate[bot]renovate[bot]
authored
chore(deps): update dependency prismjs to v1.30.0 [security] (#493)
This PR contains the following updates: | Package | Change | Age | Adoption | Passing | Confidence | |---|---|---|---|---|---| | [prismjs](https://redirect.github.com/PrismJS/prism) | [`1.29.0` -> `1.30.0`](https://renovatebot.com/diffs/npm/prismjs/1.29.0/1.30.0) | [![age](https://developer.mend.io/api/mc/badges/age/npm/prismjs/1.30.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/prismjs/1.30.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/prismjs/1.29.0/1.30.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/prismjs/1.29.0/1.30.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | ### GitHub Vulnerability Alerts #### [CVE-2024-53382](https://nvd.nist.gov/vuln/detail/CVE-2024-53382) Prism (aka PrismJS) through 1.29.0 allows DOM Clobbering (with resultant XSS for untrusted input that contains HTML but does not directly contain JavaScript), because document.currentScript lookup can be shadowed by attacker-injected HTML elements. --- ### Release Notes <details> <summary>PrismJS/prism (prismjs)</summary> ### [`v1.30.0`](https://redirect.github.com/PrismJS/prism/compare/v1.29.0...v1.30.0) [Compare Source](https://redirect.github.com/PrismJS/prism/compare/v1.29.0...v1.30.0) </details> --- ### Configuration 📅 **Schedule**: Branch creation - "" (UTC), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR was generated by [Mend Renovate](https://mend.io/renovate/). View the [repository job log](https://developer.mend.io/github/octokit/rest.js). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzOS4xODUuNCIsInVwZGF0ZWRJblZlciI6IjM5LjE4NS40IiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6WyJUeXBlOiBNYWludGVuYW5jZSJdfQ==--> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
1 parent 3517730 commit 005b147

File tree

1 file changed

+4
-3
lines changed

1 file changed

+4
-3
lines changed

‎docs/package-lock.json

Lines changed: 4 additions & 3 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

0 commit comments

Comments
 (0)