Skip to content
This repository was archived by the owner on Jun 3, 2026. It is now read-only.

⬆️ Update dependency prismjs to v1.30.0 [SECURITY]#2340

Open
renovate[bot] wants to merge 1 commit into
masterfrom
renovate/npm-prismjs-vulnerability
Open

⬆️ Update dependency prismjs to v1.30.0 [SECURITY]#2340
renovate[bot] wants to merge 1 commit into
masterfrom
renovate/npm-prismjs-vulnerability

Conversation

@renovate

@renovate renovate Bot commented Mar 1, 2026

Copy link
Copy Markdown
Contributor

This PR contains the following updates:

Package Change Age Confidence
prismjs 1.29.01.30.0 age confidence

PrismJS DOM Clobbering vulnerability

CVE-2024-53382 / GHSA-x7hr-w5r2-h6wg

More information

Details

Prism (aka PrismJS) through 1.29.0 allows DOM Clobbering (with resultant XSS for untrusted input that contains HTML but does not directly contain JavaScript), because document.currentScript lookup can be shadowed by attacker-injected HTML elements.

Severity

  • CVSS Score: 4.9 / 10 (Medium)
  • Vector String: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:N

References

This data is provided by the GitHub Advisory Database (CC-BY 4.0).


Release Notes

PrismJS/prism (prismjs)

v1.30.0

Compare Source

What's Changed

New Contributors

Full Changelog: PrismJS/prism@v1.29.0...v1.30.0


Configuration

📅 Schedule: (UTC)

  • Branch creation
    • ""
  • Automerge
    • At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.


  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@github-actions

github-actions Bot commented Mar 1, 2026

Copy link
Copy Markdown

Coverage Report

Status Category Percentage Covered / Total
🔵 Lines 17% 5636 / 33141
🔵 Statements 17% 5636 / 33141
🔵 Functions 6.48% 34 / 524
🔵 Branches 37.08% 135 / 364
File CoverageNo changed files found.
Generated in workflow #7088 for commit 5af6f99 by the Vitest Coverage Report Action

@renovate renovate Bot changed the title ⬆️ Update dependency prismjs to v1.30.0 [SECURITY] ⬆️ Update dependency prismjs to v1.30.0 [SECURITY] - autoclosed Mar 27, 2026
@renovate renovate Bot closed this Mar 27, 2026
@renovate renovate Bot deleted the renovate/npm-prismjs-vulnerability branch March 27, 2026 05:00
@renovate renovate Bot changed the title ⬆️ Update dependency prismjs to v1.30.0 [SECURITY] - autoclosed ⬆️ Update dependency prismjs to v1.30.0 [SECURITY] Mar 30, 2026
@renovate renovate Bot reopened this Mar 30, 2026
@renovate renovate Bot force-pushed the renovate/npm-prismjs-vulnerability branch 2 times, most recently from ab779ad to c3218bc Compare March 30, 2026 17:56
@renovate renovate Bot changed the title ⬆️ Update dependency prismjs to v1.30.0 [SECURITY] ⬆️ Update dependency prismjs to v1.30.0 [SECURITY] - autoclosed Apr 27, 2026
@renovate renovate Bot closed this Apr 27, 2026
@renovate renovate Bot changed the title ⬆️ Update dependency prismjs to v1.30.0 [SECURITY] - autoclosed ⬆️ Update dependency prismjs to v1.30.0 [SECURITY] Apr 28, 2026
@renovate renovate Bot reopened this Apr 28, 2026
@renovate renovate Bot force-pushed the renovate/npm-prismjs-vulnerability branch 2 times, most recently from c3218bc to 5af6f99 Compare April 28, 2026 06:34
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants