dependencies: Update react-syntax-highlighter to fix transitive vulnerability #17127
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Issue: #16163 #16848
Vulnerability stemming from PrismJS which is a part of react-syntax-highlighter. Similar to #17116 but with further version updates. If that PR is updated and merged first then this one can be closed.
GitHub Vulnerability link: GHSA-hqhp-5p83-hx96
Fix PR reference for react-syntax-highlighter: react-syntax-highlighter/react-syntax-highlighter#430
Fix commit in react-syntax-highlighter: react-syntax-highlighter/react-syntax-highlighter@20d9444
What I did
Upgraded the react-syntax-highlighter package in both addons/storysource && lib/components. Ran
yarn test
and there were no additional test failures.How to test
If your answer is yes to any of these, please make sure to include it in your PR.