Bump prismjs from 1.25.0 to 1.27.0

[dependabot]

Bumps prismjs from 1.25.0 to 1.27.0.

Release notes

Sourced from prismjs's releases.

v1.27.0

Release 1.27.0

v1.26.0

Release 1.26.0

Changelog

Sourced from prismjs's changelog.

1.27.0 (2022-02-17)

New components

• UO Razor Script (#3309) 3f8cc5a0

Updated components

• AutoIt
  • Allow hyphen in directive (#3308) bcb2e2c8
• EditorConfig
  • Change alias of section from keyword to selector (#3305) e46501b9
• Ini
  • Swap out header for section (#3304) deb3a97f
• MongoDB
  • Added v5 support (#3297) 8458c41f
• PureBasic
  • Added missing keyword and fixed constants ending with $ (#3320) d6c53726
• Scala
  • Added support for interpolated strings (#3293) 441a1422
• Systemd configuration file
  • Swap out operator for punctuation (#3306) 2eb89e15

Updated plugins

• Command Line
  • Escape markup in command line output (#3341) e002e78c
  • Add support for line continuation and improved colors (#3326) 1784b175
  • Added span around command and output (#3312) 82d0ca15

Other

• Core
  • Added better error message for missing grammars (#3311) 2cc4660b

1.26.0 (2022-01-06)

New components

• Atmel AVR Assembly (#2078) b5a70e4c
• Go module (#3209) 8476a9ab
• Keepalived Configure (#2417) d908e457
• Tremor & Trickle & Troy (#3087) ec25ba65
• Web IDL (#3107) ef53f021

Updated components

• Use \d for [0-9] (#3097) 9fe2f93e
• 6502 Assembly
  • Use standard tokens and minor improvements (#3184) 929c33e0

... (truncated)

Commits

• 703881e 1.27.0
• 7ac1373 Updated changelog for v1.27.0 (#3342)
• e002e78 Command Line: Escape markup in command line output (#3341)
• 13b56a9 Bump follow-redirects from 1.14.7 to 1.14.8 (#3338)
• f094c4a Bump yargs-parser from 5.0.0 to 5.0.1 (#3334)
• 9fd4c74 Bump ajv from 6.10.0 to 6.12.6 (#3333)
• 3fcca6b Bump pathval from 1.1.0 to 1.1.1 (#3331)
• 1784b17 Command Line: Add support for line continuation and improved colors (#3326)
• f545843 ESLint: Allow Map and Set in ES5 code (#3328)
• d6c5372 PureBasic: Added missing keyword and fixed constants ending with $ (#3320)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
• @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
• @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
• @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
• @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

[foxpatch-aleph]

This is a straightforward dependency bump PR from prismjs 1.25.0 to 1.27.0, addressing a security vulnerability. The diff is primarily lock file changes generated by dependabot. Beyond the prismjs version bump itself, the lock file also reflects cascading updates to transitive dependencies: @solana/web3.js moved from 0.90.5 to 1.35.1 (a major version upgrade of a transitive dep), jayson 3.6.5→3.6.6 with uuid updated from v3 to v8, ws 7.5.5→7.5.7, superstruct 0.8.4→0.14.2, rpc-websockets 7.4.16→7.4.17, and numerous packages being correctly re-classified as devDependencies. The removal of several packages (cheerio, esdoc-inject-style-plugin, npm-run-all, mz, crypto-hash, buffer-layout, etc.) appears to be a consequence of the @solana/web3.js major version upgrade dropping those dependencies. None of these changes touch application source code, only lock files. The prismjs bump fixes a known security vulnerability (ReDoS) and the compatibility score from Dependabot is shown. No logic, security, or correctness issues are introduced by this PR.

package-lock.json (line None): The @solana/web3.js transitive dependency has jumped from 0.90.5 to 1.35.1 — a significant major version change. While this is lock-file only and driven by the upstream dependency tree, it's worth verifying that no behavioral regressions were introduced for any Solana-related functionality in the project. The superstruct upgrade (0.8.4→0.14.2) bundled with this is also a breaking major version change in that package's own API, though it's only consumed internally by @solana/web3.js here.