[Snyk] Security upgrade react-syntax-highlighter from 15.5.0 to 16.0.0

[bozza-man]

Snyk has created this PR to fix 1 vulnerabilities in the npm dependencies of this project.

Snyk changed the following file(s):

• package.json
• package-lock.json

Vulnerabilities that will be fixed with an upgrade:

	Issue	Score
	Arbitrary Code Injection SNYK-JS-PRISMJS-9055448	110

---

Important

• Check the changes in this PR to ensure they won't cause issues with your project.
• Max score is 1000. Note that the real score may have changed since the PR was raised.
• This PR was automatically created by Snyk using the credentials of a real user.
• Snyk has automatically assigned this pull request, set who gets assigned.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report
👩‍💻 Set who automatically gets assigned
📜 Customise PR templates
🛠 Adjust project settings
📚 Read about Snyk's upgrade logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Arbitrary Code Injection

---

Note

Bumps react-syntax-highlighter to 16.0.0 and updates associated highlighting libraries and type packages via lockfile refresh.

• Dependencies:
  • Upgrade react-syntax-highlighter from ^15.x to ^16.0.0 in package.json and package-lock.json.
  • Refresh transitive deps for syntax highlighting:
    • prismjs → 1.30.0, refractor → 5.x (adds @types/prismjs, updates to hastscript@9, parse-entities@4).
    • Add highlightjs-vue@^1.0.0 and decode-named-character-reference.
    • Update unified/hast ecosystem packages (e.g., @types/hast@3, @types/unist@3, property-information@7, token/character utilities to latest major versions).

^{Written by Cursor Bugbot for commit 400d9ac. This will update automatically on new commits. Configure here.}

[phylum-io]

Phylum OSS Supply Chain Risk Analysis - FAILED

This repository analyzes the risk of new dependencies. An
administrator of this repository has set requirements via Phylum policy.

If you see this comment, one or more dependencies have failed Phylum's risk analysis.

Package: prismjs@1.30.0 failed.

prismjs@1.30.0 is decoding Base64 strings

Risk Domain: Malicious Code
Risk Level: low

Reason: Obfuscated code

View this project in the Phylum UI

[coderabbitai]

Important

Review skipped

Ignore keyword(s) in the title.

Please check the settings in the CodeRabbit UI or the .coderabbit.yaml file in this repository. To trigger a single review, invoke the @coderabbitai review command.

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

✨ Finishing touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch snyk-fix-9e14303aeb656204e5f39b9f01eef524

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}