Update dependency highlight.js to v10 [SECURITY]

[renovate]

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence
highlight.js (source)	^9.8.0 -> ^10.0.0

GitHub Vulnerability Alerts

CVE-2020-26237

Impact

Affected versions of this package are vulnerable to Prototype Pollution. A malicious HTML code block can be crafted that will result in prototype pollution of the base object's prototype during highlighting. If you allow users to insert custom HTML code blocks into your page/app via parsing Markdown code blocks (or similar) and do not filter the language names the user can provide you may be vulnerable.

The pollution should just be harmless data but this can cause problems for applications not expecting these properties to exist and can result in strange behavior or application crashes, i.e. a potential DOS vector.

If your website or application does not render user provided data it should be unaffected.

Patches

Versions 9.18.2 and 10.1.2 and newer include fixes for this vulnerability. If you are using version 7 or 8 you are encouraged to upgrade to a newer release.

Workarounds

Patch your library

Manually patch your library to create null objects for both languages and aliases:

const HLJS = function(hljs) {
  // ...
  var languages = Object.create(null);
  var aliases = Object.create(null);

Filter out bad data from end users

Filter the language names that users are allowed to inject into your HTML to guarantee they are valid.

References

• What is Prototype Pollution?
• use null prototype objects for languages/aliases highlightjs/highlight.js#2636

For more information

If you have any questions or comments about this advisory:

• Please file an issue against highlight.js

GHSA-7wwv-vh3v-89cq

Impact: Potential ReDOS vulnerabilities (exponential and polynomial RegEx backtracking)

oswasp:

The Regular expression Denial of Service (ReDoS) is a Denial of Service attack, that exploits the fact that most Regular Expression implementations may reach extreme situations that cause them to work very slowly (exponentially related to input size). An attacker can then cause a program using a Regular Expression to enter these extreme situations and then hang for a very long time.

If are you are using Highlight.js to highlight user-provided data you are possibly vulnerable. On the client-side (in a browser or Electron environment) risks could include lengthy freezes or crashes... On the server-side infinite freezes could occur... effectively preventing users from accessing your app or service (ie, Denial of Service).

This is an issue with grammars shipped with the parser (and potentially 3rd party grammars also), not the parser itself. If you are using Highlight.js with any of the following grammars you are vulnerable. If you are using highlightAuto to detect the language (and have any of these grammars registered) you are vulnerable.

All versions prior to 10.4.1 are vulnerable, including version 9.18.5.

Grammars with exponential backtracking issues:

• c-like (c, cpp, arduino)
• handlebars (htmlbars)
• gams
• perl
• jboss-cli
• r
• erlang-repl
• powershell
• routeros
• livescript (10.4.0 and 9.18.5 included this fix)
• javascript & typescript (10.4.0 included partial fixes)

And of course any aliases of those languages have the same issue. ie: hpp is no safer than cpp.

Grammars with polynomial backtracking issues:

• kotlin
• gcode
• d
• aspectj
• moonscript
• coffeescript/livescript
• csharp
• scilab
• crystal
• elixir
• basic
• ebnf
• ruby
• fortran/irpf90
• livecodeserver
• yaml
• x86asm
• dsconfig
• markdown
• ruleslanguage
• xquery
• sqf

And again: any aliases of those languages have the same issue. ie: ruby and rb share the same ruby issues.

Patches

• Version 10.4.1 resolves these vulnerabilities. Please upgrade.

Workarounds / Mitigations

• Discontinue use the affected grammars. (or perhaps use only those with poly vs exponential issues)
• Attempt cherry-picking the grammar fixes into older versions...
• Attempt using newer CDN versions of any affected languages. (ie using an older CDN version of the library with newer CDN grammars). Your mileage may vary.

References

• https://owasp.org/www-community/attacks/Regular_expression_Denial_of_Service_-_ReDoS

For more information

If you have any questions or comments about this advisory:

• Open an issue: https://github.com/highlightjs/highlight.js/issues
• Email us at security@highlightjs.com

---

Release Notes

highlightjs/highlight.js

v10.4.1

Compare Source

Security

• (fix) Exponential backtracking fixes for: Josh Goebel
  • cpp
  • handlebars
  • gams
  • perl
  • jboss-cli
  • r
  • erlang-repl
  • powershell
  • routeros
• (fix) Polynomial backtracking fixes for: Josh Goebel
  • asciidoc
  • reasonml
  • latex
  • kotlin
  • gcode
  • d
  • aspectj
  • moonscript
  • coffeescript/livescript
  • csharp
  • scilab
  • crystal
  • elixir
  • basic
  • ebnf
  • ruby
  • fortran/irpf90
  • livecodeserver
  • yaml
  • x86asm
  • dsconfig
  • markdown
  • ruleslanguage
  • xquery
  • sqf

Very grateful to Michael Schmidt for all the help.

v10.4.0

Compare Source

A largish release with many improvements and fixes from quite a few different contributors. Enjoy!

Deprecations:

• (chore) requireLanguage is deprecated.
  • Prefer getLanguage (with custom error handling) or built-time dependencies.
  • See Library API for more information.

Parser:

• enh(parser) use negative look-ahead for beginKeywords support (#​2813) Josh Goebel
• enh(grammars) allow classNameAliases for more complex grammars Josh Goebel
• fix(vue): Language name now appears in CSS class (#​2807) Michael Rush
• (chore) Clean up all regexs to be UTF-8 compliant/ready (#​2759) Josh Goebel
• enh(grammars) allow classNameAliases for more complex grammars Josh Goebel

New Languages:

• Added 3rd party Chapel grammar to SUPPORTED_LANGUAGES (#​2806) Brad Chamberlain
• Added BBCode grammar to SUPPORTED_LANGUAGES (#​2867) Paul Reid
• enh(javascript) Added node-repl for Node.js REPL sessions (#​2792) Marat Nagayev

Language Improvements:

• enh(shell) Recognize prompts which contain tilde ~ (#​2859) Guillaume Grossetie
• enh(shell) Add support for multiline commands with line continuation \ (#​2861) Guillaume Grossetie
• enh(autodetect) Over 30+ improvements to auto-detect (#​2745) Josh Goebel
  • 4-5% improvement in auto-detect against large sample set
  • properties, angelscript, lsl, javascript, n1ql, ocaml, ruby
  • protobuf, hy, scheme, crystal, yaml, r, vbscript, groovy
  • python, java, php, lisp, matlab, clojure, csharp, css
• fix(r) fixed keywords not properly spaced (#​2852) Josh Goebel
• fix(javascript) fix potential catastrophic backtracking (#​2852) Josh Goebel
• fix(livescript) fix potential catastrophic backtracking (#​2852) Josh Goebel
• bug(xml) XML grammar was far too imprecise/fuzzy Josh Goebel
• enh(xml) Improve precision to prevent false auto-detect positives Josh Goebel
• fix(js/ts) Prevent for/while/if/switch from falsly matching as functions (#​2803) Josh Goebel
• enh(julia) Update keyword lists for Julia 1.x (#​2781) Fredrik Ekre
• enh(python) Match numeric literals per the language reference Richard Gibson
• enh(ruby) Match numeric literals per language documentation Richard Gibson
• enh(javascript) Match numeric literals per ECMA-262 spec Richard Gibson
• enh(java) Match numeric literals per Java Language Specification Richard Gibson
• enh(swift) Match numeric literals per language reference Richard Gibson
• enh(php) highlight variables (#​2785) Taufik Nurrohman
• fix(python) Handle comments on decorators (#​2804) Jonathan Sharpe
• enh(diff) improve highlighting of diff for git patches [Florian Bezdeka][]
• fix(llvm) lots of small improvements and fixes (#​2830) Josh Goebel
• enh(mathematica) Rework entire implementation Patrick Scheibe
  • Correct matching of the many variations of Mathematica's numbers
  • Matching of named-characters aka special symbols like \[Gamma]
  • Updated list of version 12.1 built-in symbols
  • Matching of patterns, slots, message-names and braces
• fix(swift) Handle keywords that start with # Marcus Ortiz
• enh(swift) Match some keyword Marcus Ortiz
• enh(swift) Match @main attribute Marcus Ortiz

Dev Improvements:

• chore(dev) add theme picker to the tools/developer tool (#​2770) Josh Goebel
• fix(dev) the Vue.js plugin no longer throws an exception when hljs is not in the global namespace Kyle Brown

New themes:

• StackOverflow Dark by Jan Pilzer
• StackOverflow Light by Jan Pilzer

v10.3.2

Compare Source

Tiny tiny release, just to fix the website incorrectly not listing Javascript
in the list of languages you could choose for a custom build. NPM and CDN
build should not have been affected so 10.3.1 is effectively the same as
10.3.2 for those builds.

If you made a custom build from the website with 10.3 or 10.3.1 you may
want to check and make sure it includes Javascript, and if not, build it again.

v10.3.1

Compare Source

Prior version let some look-behind regex sneak in, which does not work
yet on Safari. This release removes those incompatible regexes.

Fix:

• fix(Safari) Remove currently unsupported look-behind regex (fix) Josh Goebel

v10.3.0

Compare Source

Language Improvements:

• enh(latex) Complete ground up rewrite of LaTex grammar schtandard
• fix(cpp) implement backslash line continuation in comments (#​2757) Konrad Rudolph
• fix(cpp) improve parsing issues with templates (#​2752) [Josh Goebel][]
• enh(cpp) add support for enum (struct|class) and union (#​2752) [Josh Goebel][]
• fix(js/ts) Fix nesting of {} inside template literals SUBST expression (#​2748) [Josh Goebel][]
• enh(js/ts) Highlight class methods as functions (#​2727) [Josh Goebel][]
• fix(js/ts) constructor is now highlighted as a function title (not keyword) (#​2727) [Josh Goebel][]
• fix(c-like) preprocessor directives not detected after else (#​2738) [Josh Goebel][]
• enh(javascript) allow # for private class fields (#​2701) Chris Krycho
• fix(js) prevent runaway regex (#​2746) [Josh Goebel][]
• fix(bash) enh(bash) allow nested params (#​2731) [Josh Goebel][]
• fix(python) Fix highlighting of keywords and strings (#​2713, #​2715) Konrad Rudolph
• fix(fsharp) Prevent (*) from being detected as a multi-line comment [Josh Goebel][]
• enh(bash) add support for heredocs (#​2684) [Josh Goebel][]
• enh(r) major overhaul of the R language grammar (and fix a few bugs) (#​2680) Konrad Rudolph
• enh(csharp) Add all C# 9 keywords, and other missing keywords (#​2679) David Pine
• enh(objectivec) Add objective-c++ and obj-c++ aliases for Objective-C [Josh Goebel][]
• enh(java) Add support for record (#​2685) [Josh Goebel][]
• fix(csharp) prevent modifier keywords wrongly flagged as title (#​2683) [Josh Goebel][]
• enh(axapta) Update keyword list for Axapta (X++) (#​2686) Ryan Jonasson
• fix(fortran) FORTRAN 77-style comments (#​2677) Philipp Engel
• fix(javascript) Comments inside params should be highlighted (#​2702) [Josh Goebel][]
• fix(scala) Comments inside class header should be highlighted (#​1559) [Josh Goebel][]
• fix(c-like) Correctly highlight modifiers (final) in class declaration (#​2696) [Josh Goebel][]
• enh(angelscript) Improve heredocs, numbers, metadata blocks (#​2724) Melissa Geels
• enh(javascript) Implement Numeric Separators (#​2617) Antoine du Hamel
• enh(typescript) TypeScript also gains support for numeric separators (#​2617) Antoine du Hamel
• enh(php) Add support for PHP 8 match keyword and add php8 as an alias (#​2733) Ayesh Karunaratne
• fix(handlebars) Support if else keyboards (#​2659) Tom Wallace

Deprecations:

• useBR option deprecated and will be removed in v11.0. (#​2559) [Josh Goebel][]

v10.2.1

Compare Source

Parser Engine:

• fix(parser) complete fix for resuming matches from same index (#​2678) Josh Goebel

v10.2.0

Compare Source

Parser Engine:

• (fix) When ignoring a potential match highlighting can terminate early (#​2649) Josh Goebel

New themes:

• Gradient Light by Samia Ali

Deprecations:

• fixMarkup is now deprecated and will be removed in v11.0. (#​2534) Josh Goebel

Big picture:

• Add simple Vue plugin for basic use cases (#​2544) Josh Goebel

Language Improvements:

• fix(bash) Fewer false positives for keywords in arguments (#​2669) sirosen
• fix(js) Prevent long series of /////// from causing freezes (#​2656) Josh Goebel
• enh(csharp) Add init and record keywords for C# 9.0 (#​2660) Youssef Victor
• enh(matlab) Add new R2019b arguments keyword and fix enumeration keyword (#​2619) Andrew Janke
• fix(kotlin) Remove very old keywords and update example code (#​2623) kageru
• fix(night) Prevent object prototypes method values from being returned in getLanguage (#​2636) night
• enh(java) Add support for enum, which will identify as a class now (#​2643) ezksd
• enh(nsis) Add support for NSIS 3.06 commands (#​2653) idleberg
• enh(php) detect newer more flexible HEREdoc syntax (#​2658) eytienne

v10.1.2

Compare Source

Fixes:

• fix(night) Prevent object prototype values from being returned by getLanguage (#​2636) night

v10.1.1

Compare Source

Fixes:

• Resolve issue on Node 6 due to dangling comma (#​2608) Edwin Hoogerbeets
• Resolve index.d.ts is not a module error (#​2603) Josh Goebel

v10.1.0

Compare Source

New themes:

• NNFX and NNFX-dark by Jim Mason
• lioshi by lioshi

Parser Engine:

• (parser) Now escapes quotes in text content when escaping HTML (#​2564) Josh Goebel
• (parser) Adds keywords.$pattern key to grammar definitions (#​2519) Josh Goebel
• (parser) Adds SHEBANG utility mode Josh Goebel
• (parser) Adds registerAliases method (#​2540) [Taufik Nurrohman][]
• (enh) Added on:begin callback for modes (#​2261) Josh Goebel
• (enh) Added on:end callback for modes (#​2261) Josh Goebel
• (enh) Added ability to programatically ignore begin and end matches (#​2261) Josh Goebel
• (enh) Added END_SAME_AS_BEGIN mode to replace endSameAsBegin parser attribute (#​2261) Josh Goebel
• (fix) fixMarkup would rarely destroy markup when useBR was enabled (#​2532) Josh Goebel

Deprecations:

• htmlbars grammar is now deprecated. Use handlebars instead. (#​2344) Nils Knappmeier
• when using highlightBlock result.re deprecated. Use result.relevance instead. (#​2552) Josh Goebel
• ditto for result.second_best.re => result.second_best.relevance (#​2552)
• lexemes is now deprecated in favor of keywords.$pattern key (#​2519) Josh Goebel
• endSameAsBegin is now deprecated. (#​2261) Josh Goebel

Language Improvements:

• fix(groovy) strings are not allowed inside ternary clauses (#​2217) Josh Goebel
• fix(typescript) add readonly keyword (#​2562) Martin (Lhoerion)
• fix(javascript) fix regex inside parens after a non-regex (#​2530) Josh Goebel
• enh(typescript) use identifier to match potential keywords, preventing false positivites (#​2519) Josh Goebel
• enh(javascript) use identifier to match potential keywords, preventing false positivites (#​2519) Josh Goebel
• [enh] Add OPTIMIZE: and HACK: to the labels highlighted inside comments Josh Goebel
• enh(typescript/javascript/coffeescript/livescript) derive ECMAscript keywords from a common foudation (#​2518) Josh Goebel
• enh(typescript) add setInterval, setTimeout, clearInterval, clearTimeout (#​2514) Josh Goebel
• enh(javascript) add setInterval, setTimeout, clearInterval, clearTimeout (#​2514) Vania Kucher
• enh(cpp) add pair, make_pair, priority_queue as built-ins (#​2538) Hankun Lin
• enh(cpp) recognize priority_queue pair as cpp containers (#​2541) Hankun Lin
• fix(javascript) prevent set keyword conflicting with setTimeout, etc. (#​2514) Vania Kucher
• fix(cpp) Fix highlighting of unterminated raw strings (#​2261) David Benjamin
• fix(javascript) => function with nested () in params now works (#​2502) Josh Goebel
• fix(typescript) => function with nested () in params now works (#​2502) Josh Goebel
• fix(yaml) Fix tags to include non-word characters (#​2486) Peter Plantinga
• fix(swift) @objcMembers was being partially highlighted (#​2543) Nick Randall
• enh(dart) Add late and required keywords, the Never built-in type, and nullable built-in types (#​2550) Sam Rawlins
• enh(erlang) Add underscore separators to numeric literals (#​2554) Sergey Prokhorov
• enh(handlebars) Support for sub-expressions, path-expressions, hashes, block-parameters and literals (#​2344) Nils Knappmeier
• enh(protobuf) Support multiline comments (#​2597) Pavel Evstigneev
• fix(toml) Improve key parsing (#​2595) Antoine du Hamel

v10.0.3

Compare Source

v10.0.2

Compare Source

Brower build:

• Issue (bug) Fix: Version 10 fails to load as CommonJS module. (#​2511) Josh Goebel
• Issue (removal) AMD module loading support has been removed. (#​2511) Josh Goebel

Parser Engine Changes:

• Issue fix(parser) Fix freez issue with illegal 0 width matches (#​2524) Josh Goebel

v10.0.1

Compare Source

Parser Engine Changes:

• (bug) Fix sublanguage with no relevance score (#​2506) Josh Goebel

v10.0.0

Compare Source

New languages:

• add(php-template) Explicit language to detect PHP templates (vs xml) Josh Goebel
• enh(python) Added python-repl for Python REPL sessions
• add(never) Added 3rd party Never language support

New themes:

• Srcery by Chen Bin

Parser Engine Changes:

• (bug) Fix beginKeywords to ignore . matches (#​2434) Josh Goebel
• (enh) add before:highlight plugin API callback (#​2395) Josh Goebel
• (enh) add after:highlight plugin API callback (#​2395) Josh Goebel
• (enh) split out parse tree generation and HTML rendering concerns (#​2404) Josh Goebel
• (enh) every language can have a name attribute now (#​2400) Josh Goebel
• (enh) improve regular expression detect (less false-positives) (#​2380) Josh Goebel
• (enh) make noHighlightRe and languagePrefixRe configurable (#​2374) Josh Goebel

Language Improvements:

• enh(python) Exclude parens from functions params (#​2490) Álvaro Mondéjar
• enh(swift) Add compactMap to keywords as built_in (#​2478) Omid Golparvar
• enh(nim) adds func keyword (#​2468) Adnan Yaqoob
• enh(xml) deprecate ActionScript inside script tags (#​2444) Josh Goebel
• fix(javascript) prevent get/set variables conflicting with keywords (#​2440) Josh Goebel
• bug(clojure) Now highlights defn- properly (#​2438) Josh Goebel
• enh(bash) default value is another variable (#​2439) Josh Goebel
• enh(bash) string nested within string (#​2439) Josh Goebel
• enh(bash) Add arithmetic expression support (#​2439) Josh Goebel
• enh(clojure) Add support for global definitions name (#​2347) Alexandre Grison
• enh(fortran) Support Fortran 77 style comments (#​2416) Josh Goebel
• (csharp) add support for @identifier style identifiers (#​2414) Josh Goebel
• fix(elixir) Support function names with a slash (#​2406) Josh Goebel
• fix(javascript) comma is allowed in a "value container" (#​2403) Josh Goebel
• enh(apache) add deny and allow keywords Josh Goebel
• enh(apache) highlight numeric attributes values Josh Goebel
• enh(apache) highlight IP addresses, ports, and strings in sections Josh Goebel
• enh(php) added more keywords and include <?= syntax to meta Taufik Nurrohman
• fix(protobuf) Fix rpc when followed by a block (#) Josh Goebel
• enh(zephir) almost complete rework of the zephir grammar (#​2387) Josh Goebel
• (markdown) much improved code block support (#​2382) Josh Goebel
• (markdown) improve bold/italic nesting (#​2382) Josh Goebel
• enh(csharp) Support where keyword as class constraint (#​2378) Josh Goebel
• enh(csharp) Allow reference path in class inheritance lists (#​2378) Josh Goebel
• enh(csharp) Add generic modifiers (in, out) (#​2378) Josh Goebel
• (fortran) enh(fortran) support intrinsic data types (#​2379) Josh Goebel
• enh(java) annotations can include numbers (#​2377) Josh Goebel
• enh(java) annotations can take params (#​2377) Josh Goebel
• enh(java) allow annotations inside function call params (#​2377) Josh Goebel
• enh(parser) pre/post-highlightBlock callbacks via plugin (#​2285) Josh Goebel
• (fortran) Add Fortran 2018 keywords and coarray intrinsics (#​2361) Sam Miller
• (delphi) highlight hexadecimal, octal, and binary numbers (#​2370) Robert Riebisch
• enh(plaintext) added text and txt as alias (#​2360) Taufik Nurrohman
• enh(powershell) added PowerShell v5.1/v7 default aliases as "built_in"s (#​2423) Sean Williams
• enh(yaml) added support for timestamps (#​2475) [Peter Plantinga][]

Developer Tools:

• added Dockerfile for optionally developing with a container

v9.18.1

Compare Source

Grammar Improvements:

• bug(coffeescript) fix freezing bug due to badly behaved regex (#​2376) Josh Goebel

v9.18.0

Compare Source

New languages:

• none.

New themes:

• none.

Core Changes:

• none.

Language Improvements:

• (javascript) fix JSX self-closing tag issues (#​2322) Josh Goebel
• (fortran) added block and endblock keywords (#​2343) Philipp Engel
• (javascript) support jsx fragments (#​2333) Josh Goebel
• (ini) support TOML arrays, clean up grammar (#​2335) Josh Goebel
• (vbnet) add nameof operator to the keywords (#​2329) Youssef Victor
• (stan) updated with improved coverage of language keywords and patterns. (#​1829) Jeffrey Arnold
• enh(cpp) Detect namespaced function types (A::typeName func(...)) (#​2332) Josh Goebel
• enh(cpp) Detect namespaced functions also (A::functionName) (#​2332) Josh Goebel
• enh(cpp) Properly detect decltype(auto) (#​2332) Josh Goebel
• enh(cpp) recognize primitive types (int8_t, etc.) as function types (#​2332) Josh Goebel

Developer Tools:

• feat(developer): add button to show parsed structure (#​2345) Nils Knappmeier

v9.17.1

Compare Source

Fixes:

• fix(parser): resolve IE 11 issue with Object.freeze() (#​2319) Josh Goebel

v9.17.0

Compare Source

New languages:

• none.

New themes:

• Gradient Dark by Samia Ali

Core Improvements:

• chore(parser): switch from createElementNS to createElement (#​2314) Josh Goebel
• enh(parser): add better error when a language requirement is missing (#​2311) Josh Goebel
• fix(parser/docs): disallow self mode at the top-level of a language (#​2294) Josh Goebel
• enh(parser) add safe & debug modes. Better error handling for crash conditions. (#​2286) Josh Goebel
• fix(parser): Fix merger HTML attribute quoting (#​2235) Josh Goebel
• fix(parser): Look-ahead regex now work for end matches also (#​2237) Josh Goebel
• fix(parser): Better errors when a language is missing (#​2236) Josh Goebel
• fix(parser): freeze built-in modes to prevent grammars altering them (#​2271) Josh Goebel
• fix(themes): fix inconsistencies between some themes padding/spacing (#​2300) Josh Goebel
• ehh(build) Add CI check for building a "use strict" safe rollup package from NPM builds (#​2247) Josh Goebel
• fix(pkg): Prefix global addEventListener with window to be able to minify with closure compiler (#​2305) Kirill Saksin

Language Improvements:

• fix(sql): backslash is not used to escape in strings in standard SQL (#​1748) Mike Schall
• enh(ebnf) add backticks as additional string variant (#​2290) Chris Marchesi
• chore(javascript): add esm related extensions to aliases (#​2298) Rongjian Zhang
• fix(kotlin): fix termination of """ string literals (#​2295) Josh Goebel
• fix(mercury): don't change global STRING modes (#​2271) Josh Goebel
• enh(xml) expand and improve document type highlighting (#​2287) w3suli
• enh(ebnf) add underscore as allowed meta identifier character, and dot as terminator (#​2281) Chris Marchesi
• fix(makefile) fix double relevance for assigns, improves auto-detection (#​2278) Josh Goebel
• enh(xml) support for highlighting entities (#​2260) w3suli
• enh(gml) fix naming of keyword class (consistency fix) (#​2254) Liam Nobel
• enh(javascript): Add support for jsdoc comments (#​2245) Milutin Kristofic
• fix(python) fix if getting confused as an f-string (#​2200) Josh Goebel and Carl Baxter
• enh(powershell) major overhaul, huge improvements (#​2224)
• enh(css) Improve @​rule highlighting, including properties (#​2241) Josh Goebel
• enh(css) Improve highlighting of numbers inside expr/func calc(2px+3px) (#​2241)
• enh(scss) Pull some of the CSS improvements back into SCSS (#​2241)
• fix(go): Fix escaped character literals (#​2266) David Benjamin
• fix(objectivec): Fix various preprocessor highlighting issues (#​2265) David Benjamin
• fix(objectivec): Handle multibyte character literals (#​2268) David Benjamin
• enh(cpp): Add additional keywords (#​2289) Adrian Ostrowski

v9.16.2

Compare Source

New languages:
none.

New styles:
none.

Improvements:

• fix(arduino) Resolves issue with arduino.js not being "use strict" safe (#​2247)

v9.16.1

Compare Source

New languages:
none.

New styles:

• Night Owl by Carl Baxter

Improvements:

• Add CLI tool to quickly check for relevance conflicts Mark Ellis (#​1554)
• enhance(twig) update list of filter and tags (#​2090)
• fix(crystal): correctly highlight !~ method definition (#​2222)
• fix dropping characters if we choke up on a 0-width match (#​2219)
• (accesslog) improve accesslog relevancy scoring (#​2172)
• fix(shell): fix parsing of prompts with forward slash (#​2218)
• improve parser to properly support look-ahead regex in begin matchers (#​2135)
• blacklist super-common keywords from having relevance (#​2179)
• fix(swift): support for @dynamicMemberLookup and @propertyWrapper (#​2202)
• fix: endWithParent inside starts now always works (#​2201)
• fix(typescript): constructor in declaration doesn't break highlighting
• fix(typescript): only match function keyword as a separate identifier (#​2191)
• feature(arduino) make arduino a super-set of cpp grammar
• fix(javascript): fix object attributes immediately following line comments
• fix(xml): remove vbscript as potential script tag subLanguage
• fix(Elixir): improve regex for numbers
• fix(YAML): improve matching for keys, blocks and numbers
• fix(Pony): improve regex for numbers
• fix(handlebars): add support for raw-blocks, and triple-mustaches(#​2175)
• fix(handlebars): fix parsing of block-comments containing closing mustaches (#​2175)
• fix(handlebars): add support for segment-literal notation, and escaped mustaches (#​2184)
• JSON: support for comments in JSON (#​2016)
• fix(cpp): improve string literal matching
• fix(highlight.js): omit empty span-tags in the output (#​2182)
• fix(Go): improve function declaration matching
• fix(python): added support for f-string literal curly braces (#​2195)
• fix(cpp): add future built-in (#​1610)
• fix(python): support comments within function parameters (#​2214)

v9.15.10

Compare Source

New languages:
none.
New styles:
none.
Improvements:

• support for ruby's squiggly heredoc (#​2049)
• support css custom properties (#​2082)
• fix(PureBASIC): update to 5.60 (#​1508)
• fix(Kotlin): parenthesized types in function declaration (#​2107)
• fix(Kotlin): nested comment (#​2104)
• fix(isbl): contains key typo (#​2103)
• fix(github-gist.css): match Github styles (#​2100)
• fix(elm): update to latest elm syntax (#​2088)
• fix: Support highlighting inline HTML and CSS tagged template strings in JS and TS (#​2105)
• feat(YAML): add YAML to common languages (#​1952)
• feat(xml): Add support for Windows Script File (.wsf), inline VBScript in XML script tags (#​1690)

v9.15.9

Compare Source

Improvements:

• fix(AutoHotkey): order and extended highlighting (#​1579)
• fix(Go): correctly highlight hex numbers, rather than stopping at last 'd' or 'f'. (#​2060)
• fix(Mathematica): Improvements to language (#​2065)
• fix(Node): Adds SCSS build (#​2079)
• fix(Rust): update keywords (#​2052)
• fix(Stata): Added keywords for the meta-analysis suite introduced in Stata 16 (#​2081)
• fix(Bash): escape double quotes (#​2048)

v9.15.8

Compare Source

New languages:
none.
New styles:
none.
Improvements:

• fix(bash): revert escaped double quotes - broke Firefox/Safari.

v9.15.7

Compare Source

New languages:
none.
New styles:
none.
Improvements:

• fix(powershell): Add cmdlets (#​2022)
• fix(Bash): escaped double quotes (#​2041)
• fix(c++): add aliases 'hh', 'hxx', 'cxx' (#​2017)
• fix(ini/toml): Support comments on the same line. (#​2039)
• fix(JSX): not rendering well in a function without parentheses. (#​2024)
• fix(LiveCode): language definition update (#​2021)
• fix(markdown): indented lists (#​2004)
• fix(styles/school-book): don't style all the pre, use .hljs instead (#​2034)
• fix(JSX): Modify JSX tag detection to use XML language regex in place of simplistic \w+

v9.15.6

Compare Source

New languages:
none.
New styles:
none.
Improvements:

• Move dependencies to be devDependencies.
• Fixed security issues in dev dependencies.

v9.15.5

Compare Source

New languages:
none.
New styles:
none.
Improvements:
🔥 Hot fix: updated build tool.

v9.15.2

Compare Source

New languages:
none.
New styles:
none.
Improvements:
🔥 Hot fix that was preventing highlight.js from installing.

v9.15.1

Compare Source

New languages:
none.
New styles:
none.
Improvements:

• support for ruby's squiggly heredoc (#​2049)
• support css custom properties (#​2082)
• fix(PureBASIC): update to 5.60 (#​1508)
• fix(Kotlin): parenthesized types in function declaration (#​2107)
• fix(Kotlin): nested comment (#​2104)
• fix(isbl): contains key typo (#​2103)
• fix(github-gist.css): match Github styles (#​2100)
• fix(elm): update to latest elm syntax (#​2088)
• fix: Support highlighting inline HTML and CSS tagged template strings in JS and TS (#​2105)
• feat(YAML): add YAML to common languages (#​1952)
• feat(xml): Add support for Windows Script File (.wsf), inline VBScript in XML script tags (#​1690)

v9.14.2

Compare Source

New languages:
none.
New styles:
none.
Improvements:

• Gauss fixed to stop global namespace pollution Scott Hyndman.
• fix(Tcl): removed apostrophe string delimiters (don't exist)

v9.14.1

Compare Source

New languages:
none.
New styles:
none.
Improvements:

• Pony: language improvements (#​1958)

v9.13.1

Compare Source

Improvements:

• C# function declarations no longer include trailing whitespace, by JeremyTCD
• Added new and missing keywords to AngelScript, by Melissa Geels
• TypeScript decorator factories highlighting fix, by [Antoine Boisier-Michaud][]
• Added support for multiline strings to Swift, by [Alejandro Isaza][]
• Fixed issue that was causing some minifiers to fail.
• Fixed autoDetection to accept language aliases.

[Antoine Bois

---

Configuration

📅 Schedule: "" (UTC).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, click this checkbox.

---

This PR has been generated by WhiteSource Renovate. View repository job log here.