update prismJS to 1.30.0 #74

przemyslawjanpietrzak · 2025-03-11T09:07:40Z

prims < 1.30.0 has some XSS vulnerability

wooorm · 2025-03-11T09:34:47Z

Oh? Wouldn’t that be listed in the changelog? https://github.com/PrismJS/prism/releases/tag/v1.30.0 And, wouldn’t a patch release be used for fixes instead of a minor release?

neethan · 2025-03-11T11:14:28Z

Oh? Wouldn’t that be listed in the changelog? https://github.com/PrismJS/prism/releases/tag/v1.30.0 And, wouldn’t a patch release be used for fixes instead of a minor release?

Seems the linked PR notes that it fixes the vulnerability: PrismJS/prism#3863

The changelog for that release seems just a regular autogen'd changelog via Github, rather than a proper changelog. I guess they don't follow semver strictly ;)

wooorm · 2025-03-11T11:38:45Z

I do not see that affects this project; please read the code of this project. That code is not here. Prism is not a dependency of this project and this project is not vulnerable.

wooorm · 2025-03-11T11:39:51Z

This PR does not work

wooorm · 2025-03-11T11:51:02Z

Working on a release

wooorm · 2025-03-11T15:25:07Z

there’s a release pulling in prism 1.30. And a new major. But, importantly: this project was never vulnerable

update prismJS to 1.30.0

f6ebdcc

wooorm closed this Mar 11, 2025

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Uh oh!

update prismJS to 1.30.0 #74

update prismJS to 1.30.0 #74

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

update prismJS to 1.30.0 #74

update prismJS to 1.30.0 #74

Uh oh!

Conversation

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!