From c708f00e977cbad7797009861f9551faf9e83181 Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Tue, 21 Oct 2025 08:07:46 +0000 Subject: [PATCH 1/8] Bump react-syntax-highlighter to v15.6.6 to fix security vulnerabilities Co-authored-by: Hotell <1223799+Hotell@users.noreply.github.com> --- packages/react-monaco-editor/package.json | 2 +- yarn.lock | 70 +++++++++++++++++++++-- 2 files changed, 67 insertions(+), 5 deletions(-) diff --git a/packages/react-monaco-editor/package.json b/packages/react-monaco-editor/package.json index 33269a18f94881..24a35fbe412343 100644 --- a/packages/react-monaco-editor/package.json +++ b/packages/react-monaco-editor/package.json @@ -30,7 +30,7 @@ "@fluentui/react-hooks": "^8.10.0", "@fluentui/react-charting": "^5.25.0", "raw-loader": "4.0.2", - "react-syntax-highlighter": "^10.1.3", + "react-syntax-highlighter": "^15.6.6", "tslib": "^2.1.0" }, "peerDependencies": { diff --git a/yarn.lock b/yarn.lock index 940793321b0eb8..fd3423b8895bc5 100644 --- a/yarn.lock +++ b/yarn.lock @@ -11053,7 +11053,7 @@ fastq@^1.6.0: dependencies: reusify "^1.0.0" -fault@^1.0.1, fault@^1.0.2: +fault@^1.0.0, fault@^1.0.1, fault@^1.0.2: version "1.0.4" resolved "https://registry.yarnpkg.com/fault/-/fault-1.0.4.tgz#eafcfc0a6d214fc94601e170df29954a4f842f13" integrity sha512-CJ0HCB5tL5fYTEA7ToAq5+kTwd++Borf1/bifxd9iT70QcXr4MRrO3Llf8Ifs70q+SJcGHFtnIE/Nw6giCtECA== @@ -12297,7 +12297,7 @@ hasown@^2.0.2: dependencies: function-bind "^1.1.2" -hast-util-parse-selector@^2.2.0: +hast-util-parse-selector@^2.0.0, hast-util-parse-selector@^2.2.0: version "2.2.5" resolved "https://registry.yarnpkg.com/hast-util-parse-selector/-/hast-util-parse-selector-2.2.5.tgz#d57c23f4da16ae3c63b3b6ca4616683313499c3a" integrity sha512-7j6mrk/qqkSehsM92wQjdIgWM2/BW61u/53G6xmC8i1OmEdKLHbk419QKQUjz6LglWsfqoiHmyMRkP1BGjecNQ== @@ -12338,6 +12338,17 @@ hastscript@^5.0.0: property-information "^5.0.1" space-separated-tokens "^1.0.0" +hastscript@^6.0.0: + version "6.0.0" + resolved "https://registry.yarnpkg.com/hastscript/-/hastscript-6.0.0.tgz#e8768d7eac56c3fdeac8a92830d58e811e5bf640" + integrity sha512-nDM6bvd7lIqDUiYEiu5Sl/+6ReP0BMk/2f4U/Rooccxkj0P5nm+acM5PrGJ/t5I8qPGiqZSE6hVAwZEdZIvP4w== + dependencies: + "@types/hast" "^2.0.0" + comma-separated-tokens "^1.0.0" + hast-util-parse-selector "^2.0.0" + property-information "^5.0.0" + space-separated-tokens "^1.0.0" + hdr-histogram-js@^2.0.1: version "2.0.3" resolved "https://registry.yarnpkg.com/hdr-histogram-js/-/hdr-histogram-js-2.0.3.tgz#0b860534655722b6e3f3e7dca7b78867cf43dcb5" @@ -12377,11 +12388,21 @@ hermes-parser@^0.20.1: dependencies: hermes-estree "0.20.1" +highlight.js@^10.4.1, highlight.js@~10.7.0: + version "10.7.3" + resolved "https://registry.yarnpkg.com/highlight.js/-/highlight.js-10.7.3.tgz#697272e3991356e40c3cac566a74eef681756531" + integrity sha512-tzcUFauisWKNHaRkN4Wjl/ZA07gENAjFl3J/c480dprkGTg5EQstgaNFqBfUqCq54kZRIEcreTsAgF/m2quD7A== + highlight.js@~9.13.0: version "9.13.1" resolved "https://registry.yarnpkg.com/highlight.js/-/highlight.js-9.13.1.tgz#054586d53a6863311168488a0f58d6c505ce641e" integrity sha512-Sc28JNQNDzaH6PORtRLMvif9RSn1mYuOoX3omVjnb0+HbpPygU2ALBI0R/wsiqCb4/fcp07Gdo8g+fhtFrQl6A== +highlightjs-vue@^1.0.0: + version "1.0.0" + resolved "https://registry.yarnpkg.com/highlightjs-vue/-/highlightjs-vue-1.0.0.tgz#fdfe97fbea6354e70ee44e3a955875e114db086d" + integrity sha512-PDEfEF102G23vHmPhLyPboFCD+BkMGu+GuJe2d9/eH4FsCwvgBpnc9n0pGE+ffKdph38s6foEZiEjdgHdzp+IA== + homedir-polyfill@^1.0.1: version "1.0.3" resolved "https://registry.yarnpkg.com/homedir-polyfill/-/homedir-polyfill-1.0.3.tgz#743298cef4e5af3e194161fbadcc2151d3a058e8" @@ -15084,6 +15105,14 @@ lowercase-keys@^3.0.0: resolved "https://registry.yarnpkg.com/lowercase-keys/-/lowercase-keys-3.0.0.tgz#c5e7d442e37ead247ae9db117a9d0a467c89d4f2" integrity sha512-ozCC6gdQ+glXOQsveKD0YsDy8DSQFjDTz4zyzEHNV5+JP5D62LmfDZ6o1cycFx9ouG940M5dE8C8CTewdj2YWQ== +lowlight@^1.17.0: + version "1.20.0" + resolved "https://registry.yarnpkg.com/lowlight/-/lowlight-1.20.0.tgz#ddb197d33462ad0d93bf19d17b6c301aa3941888" + integrity sha512-8Ktj+prEb1RoCPkEOrPMYUN/nCggB7qAWe3a7OpMjWQkh3l2RD5wKRQ+o8Q8YuI9RG/xs95waaI/E6ym/7NsTw== + dependencies: + fault "^1.0.0" + highlight.js "~10.7.0" + lowlight@~1.11.0: version "1.11.0" resolved "https://registry.yarnpkg.com/lowlight/-/lowlight-1.11.0.tgz#1304d83005126d4e8b1dc0f07981e9b689ec2efc" @@ -17045,6 +17074,18 @@ parse-entities@^1.1.0, parse-entities@^1.1.2: is-decimal "^1.0.0" is-hexadecimal "^1.0.0" +parse-entities@^2.0.0: + version "2.0.0" + resolved "https://registry.yarnpkg.com/parse-entities/-/parse-entities-2.0.0.tgz#53c6eb5b9314a1f4ec99fa0fdf7ce01ecda0cbe8" + integrity sha512-kkywGpCcRYhqQIchaWqZ875wzpS/bMKhz5HnN3p7wveJTkTtyAB/AlnS0f8DFSqYW1T82t6yEAkEcB+A1I3MbQ== + dependencies: + character-entities "^1.0.0" + character-entities-legacy "^1.0.0" + character-reference-invalid "^1.0.0" + is-alphanumerical "^1.0.0" + is-decimal "^1.0.0" + is-hexadecimal "^1.0.0" + parse-entities@^4.0.0: version "4.0.1" resolved "https://registry.yarnpkg.com/parse-entities/-/parse-entities-4.0.1.tgz#4e2a01111fb1c986549b944af39eeda258fc9e4e" @@ -17684,7 +17725,7 @@ pretty-hrtime@^1.0.3: resolved "https://registry.yarnpkg.com/pretty-hrtime/-/pretty-hrtime-1.0.3.tgz#b7e3ea42435a4c9b2759d99e0f201eb195802ee1" integrity sha1-t+PqQkNaTJsnWdmeDyAesZWALuE= -prismjs@^1.30.0, prismjs@^1.8.4, prismjs@~1.17.0: +prismjs@^1.30.0, prismjs@^1.8.4, prismjs@~1.17.0, prismjs@~1.27.0: version "1.30.0" resolved "https://registry.yarnpkg.com/prismjs/-/prismjs-1.30.0.tgz#d9709969d9d4e16403f6f348c63553b19f0975a9" integrity sha512-DEvV2ZF2r2/63V+tK8hQvrR2ZGn10srHbXviTlcv7Kpzw8jWiNTqbVgjO3IY8RxrrOUF8VPMQQFysYYYv0YZxw== @@ -17733,7 +17774,7 @@ prop-types@^15.5.10, prop-types@^15.6.0, prop-types@^15.6.2, prop-types@^15.7.2, object-assign "^4.1.1" react-is "^16.13.1" -property-information@^5.0.1: +property-information@^5.0.0, property-information@^5.0.1: version "5.6.0" resolved "https://registry.yarnpkg.com/property-information/-/property-information-5.6.0.tgz#61675545fb23002f245c6540ec46077d4da3ed69" integrity sha512-YUHSPk+A30YPv+0Qf8i9Mbfe/C0hdPXk1s1jPVToV8pk8BQtpw10ct89Eo7OWkutrwqvT0eicAxlOg3dOAu8JA== @@ -18133,6 +18174,18 @@ react-syntax-highlighter@^10.1.3: prismjs "^1.8.4" refractor "^2.4.1" +react-syntax-highlighter@^15.6.6: + version "15.6.6" + resolved "https://registry.yarnpkg.com/react-syntax-highlighter/-/react-syntax-highlighter-15.6.6.tgz#77417c81ebdc554300d0332800a2e1efe5b1190b" + integrity sha512-DgXrc+AZF47+HvAPEmn7Ua/1p10jNoVZVI/LoPiYdtY+OM+/nG5yefLHKJwdKqY1adMuHFbeyBaG9j64ML7vTw== + dependencies: + "@babel/runtime" "^7.3.1" + highlight.js "^10.4.1" + highlightjs-vue "^1.0.0" + lowlight "^1.17.0" + prismjs "^1.30.0" + refractor "^3.6.0" + react-test-renderer@18.3.1: version "18.3.1" resolved "https://registry.yarnpkg.com/react-test-renderer/-/react-test-renderer-18.3.1.tgz#e693608a1f96283400d4a3afead6893f958b80b4" @@ -18323,6 +18376,15 @@ refractor@^2.4.1: parse-entities "^1.1.2" prismjs "~1.17.0" +refractor@^3.6.0: + version "3.6.0" + resolved "https://registry.yarnpkg.com/refractor/-/refractor-3.6.0.tgz#ac318f5a0715ead790fcfb0c71f4dd83d977935a" + integrity sha512-MY9W41IOWxxk31o+YvFCNyNzdkc9M20NoZK5vq6jkv4I/uh2zkWcfudj0Q1fovjUQJrNewS9NMzeTtqPf+n5EA== + dependencies: + hastscript "^6.0.0" + parse-entities "^2.0.0" + prismjs "~1.27.0" + regenerate-unicode-properties@^10.1.0: version "10.1.0" resolved "https://registry.yarnpkg.com/regenerate-unicode-properties/-/regenerate-unicode-properties-10.1.0.tgz#7c3192cab6dd24e21cb4461e5ddd7dd24fa8374c" From 05f7d107f65b9a45fed70a6f60f09da5beb78e70 Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Tue, 21 Oct 2025 08:09:54 +0000 Subject: [PATCH 2/8] Add beachball change file for security update Co-authored-by: Hotell <1223799+Hotell@users.noreply.github.com> --- ...monaco-editor-f9365ed8-0a5a-4955-922e-e68420a659e0.json | 7 +++++++ 1 file changed, 7 insertions(+) create mode 100644 change/@fluentui-react-monaco-editor-f9365ed8-0a5a-4955-922e-e68420a659e0.json diff --git a/change/@fluentui-react-monaco-editor-f9365ed8-0a5a-4955-922e-e68420a659e0.json b/change/@fluentui-react-monaco-editor-f9365ed8-0a5a-4955-922e-e68420a659e0.json new file mode 100644 index 00000000000000..a8803cb0380deb --- /dev/null +++ b/change/@fluentui-react-monaco-editor-f9365ed8-0a5a-4955-922e-e68420a659e0.json @@ -0,0 +1,7 @@ +{ + "type": "patch", + "comment": "Bump react-syntax-highlighter to v15.6.6 to fix security vulnerabilities", + "packageName": "@fluentui/react-monaco-editor", + "email": "198982749+Copilot@users.noreply.github.com", + "dependentChangeType": "patch" +} From 68877da920f5d771b8d05faf5a8a9b0a1a17d990 Mon Sep 17 00:00:00 2001 From: Martin Hochel Date: Tue, 21 Oct 2025 13:11:39 +0200 Subject: [PATCH 3/8] Update change/@fluentui-react-monaco-editor-f9365ed8-0a5a-4955-922e-e68420a659e0.json --- ...eact-monaco-editor-f9365ed8-0a5a-4955-922e-e68420a659e0.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/change/@fluentui-react-monaco-editor-f9365ed8-0a5a-4955-922e-e68420a659e0.json b/change/@fluentui-react-monaco-editor-f9365ed8-0a5a-4955-922e-e68420a659e0.json index a8803cb0380deb..02e2b5f8e94482 100644 --- a/change/@fluentui-react-monaco-editor-f9365ed8-0a5a-4955-922e-e68420a659e0.json +++ b/change/@fluentui-react-monaco-editor-f9365ed8-0a5a-4955-922e-e68420a659e0.json @@ -1,6 +1,6 @@ { "type": "patch", - "comment": "Bump react-syntax-highlighter to v15.6.6 to fix security vulnerabilities", + "comment": "fix: bump react-syntax-highlighter to v15.6.6 to fix security vulnerabilities", "packageName": "@fluentui/react-monaco-editor", "email": "198982749+Copilot@users.noreply.github.com", "dependentChangeType": "patch" From 993f583e44aab99f5e53405474ab43b2cdf4313b Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Tue, 21 Oct 2025 12:26:26 +0000 Subject: [PATCH 4/8] Bump react-syntax-highlighter to v15.6.6 in react-docsite-components Co-authored-by: Hotell <1223799+Hotell@users.noreply.github.com> --- .../react-docsite-components/package.json | 2 +- yarn.lock | 53 ++----------------- 2 files changed, 6 insertions(+), 49 deletions(-) diff --git a/packages/react-docsite-components/package.json b/packages/react-docsite-components/package.json index 6f05455edcf710..5c6ce1f38cc3c3 100644 --- a/packages/react-docsite-components/package.json +++ b/packages/react-docsite-components/package.json @@ -43,7 +43,7 @@ "markdown-to-jsx": "^7.0.0", "office-ui-fabric-core": "^11.0.0", "react-custom-scrollbars": "^4.2.1", - "react-syntax-highlighter": "^10.1.3", + "react-syntax-highlighter": "^15.6.6", "tslib": "^2.1.0" } } diff --git a/yarn.lock b/yarn.lock index fd3423b8895bc5..94693ca5488a2e 100644 --- a/yarn.lock +++ b/yarn.lock @@ -11053,7 +11053,7 @@ fastq@^1.6.0: dependencies: reusify "^1.0.0" -fault@^1.0.0, fault@^1.0.1, fault@^1.0.2: +fault@^1.0.0, fault@^1.0.1: version "1.0.4" resolved "https://registry.yarnpkg.com/fault/-/fault-1.0.4.tgz#eafcfc0a6d214fc94601e170df29954a4f842f13" integrity sha512-CJ0HCB5tL5fYTEA7ToAq5+kTwd++Borf1/bifxd9iT70QcXr4MRrO3Llf8Ifs70q+SJcGHFtnIE/Nw6giCtECA== @@ -12297,7 +12297,7 @@ hasown@^2.0.2: dependencies: function-bind "^1.1.2" -hast-util-parse-selector@^2.0.0, hast-util-parse-selector@^2.2.0: +hast-util-parse-selector@^2.0.0: version "2.2.5" resolved "https://registry.yarnpkg.com/hast-util-parse-selector/-/hast-util-parse-selector-2.2.5.tgz#d57c23f4da16ae3c63b3b6ca4616683313499c3a" integrity sha512-7j6mrk/qqkSehsM92wQjdIgWM2/BW61u/53G6xmC8i1OmEdKLHbk419QKQUjz6LglWsfqoiHmyMRkP1BGjecNQ== @@ -12328,16 +12328,6 @@ hast-util-whitespace@^2.0.0: resolved "https://registry.yarnpkg.com/hast-util-whitespace/-/hast-util-whitespace-2.0.1.tgz#0ec64e257e6fc216c7d14c8a1b74d27d650b4557" integrity sha512-nAxA0v8+vXSBDt3AnRUNjyRIQ0rD+ntpbAp4LnPkumc5M9yUbSMa4XDU9Q6etY4f1Wp4bNgvc1yjiZtsTTrSng== -hastscript@^5.0.0: - version "5.1.0" - resolved "https://registry.yarnpkg.com/hastscript/-/hastscript-5.1.0.tgz#a19b3cca6a26a2bcd0f1b1eac574af9427c1c7df" - integrity sha512-7mOQX5VfVs/gmrOGlN8/EDfp1GqV6P3gTNVt+KnX4gbYhpASTM8bklFdFQCbFRAadURXAmw0R1QQdBdqp7jswQ== - dependencies: - comma-separated-tokens "^1.0.0" - hast-util-parse-selector "^2.2.0" - property-information "^5.0.1" - space-separated-tokens "^1.0.0" - hastscript@^6.0.0: version "6.0.0" resolved "https://registry.yarnpkg.com/hastscript/-/hastscript-6.0.0.tgz#e8768d7eac56c3fdeac8a92830d58e811e5bf640" @@ -12393,11 +12383,6 @@ highlight.js@^10.4.1, highlight.js@~10.7.0: resolved "https://registry.yarnpkg.com/highlight.js/-/highlight.js-10.7.3.tgz#697272e3991356e40c3cac566a74eef681756531" integrity sha512-tzcUFauisWKNHaRkN4Wjl/ZA07gENAjFl3J/c480dprkGTg5EQstgaNFqBfUqCq54kZRIEcreTsAgF/m2quD7A== -highlight.js@~9.13.0: - version "9.13.1" - resolved "https://registry.yarnpkg.com/highlight.js/-/highlight.js-9.13.1.tgz#054586d53a6863311168488a0f58d6c505ce641e" - integrity sha512-Sc28JNQNDzaH6PORtRLMvif9RSn1mYuOoX3omVjnb0+HbpPygU2ALBI0R/wsiqCb4/fcp07Gdo8g+fhtFrQl6A== - highlightjs-vue@^1.0.0: version "1.0.0" resolved "https://registry.yarnpkg.com/highlightjs-vue/-/highlightjs-vue-1.0.0.tgz#fdfe97fbea6354e70ee44e3a955875e114db086d" @@ -15113,14 +15098,6 @@ lowlight@^1.17.0: fault "^1.0.0" highlight.js "~10.7.0" -lowlight@~1.11.0: - version "1.11.0" - resolved "https://registry.yarnpkg.com/lowlight/-/lowlight-1.11.0.tgz#1304d83005126d4e8b1dc0f07981e9b689ec2efc" - integrity sha512-xrGGN6XLL7MbTMdPD6NfWPwY43SNkjf/d0mecSx/CW36fUZTjRHEq0/Cdug3TWKtRXLWi7iMl1eP0olYxj/a4A== - dependencies: - fault "^1.0.2" - highlight.js "~9.13.0" - lru-cache@^10.0.1, lru-cache@^10.2.0: version "10.4.3" resolved "https://registry.yarnpkg.com/lru-cache/-/lru-cache-10.4.3.tgz#410fc8a17b70e598013df257c2446b7f3383f119" @@ -17062,7 +17039,7 @@ parse-diff@0.7.1: resolved "https://registry.yarnpkg.com/parse-diff/-/parse-diff-0.7.1.tgz#9b7a2451c3725baf2c87c831ba192d40ee2237d4" integrity sha512-1j3l8IKcy4yRK2W4o9EYvJLSzpAVwz4DXqCewYyx2vEwk2gcf3DBPqc8Fj4XV3K33OYJ08A8fWwyu/ykD/HUSg== -parse-entities@^1.1.0, parse-entities@^1.1.2: +parse-entities@^1.1.0: version "1.2.2" resolved "https://registry.yarnpkg.com/parse-entities/-/parse-entities-1.2.2.tgz#c31bf0f653b6661354f8973559cb86dd1d5edf50" integrity sha512-NzfpbxW/NPrzZ/yYSoQxyqUZMZXIdCfE0OIN4ESsnptHJECoUk3FZktxNuzQf4tjt5UEopnxpYJbvYuxIFDdsg== @@ -17725,7 +17702,7 @@ pretty-hrtime@^1.0.3: resolved "https://registry.yarnpkg.com/pretty-hrtime/-/pretty-hrtime-1.0.3.tgz#b7e3ea42435a4c9b2759d99e0f201eb195802ee1" integrity sha1-t+PqQkNaTJsnWdmeDyAesZWALuE= -prismjs@^1.30.0, prismjs@^1.8.4, prismjs@~1.17.0, prismjs@~1.27.0: +prismjs@^1.30.0, prismjs@~1.27.0: version "1.30.0" resolved "https://registry.yarnpkg.com/prismjs/-/prismjs-1.30.0.tgz#d9709969d9d4e16403f6f348c63553b19f0975a9" integrity sha512-DEvV2ZF2r2/63V+tK8hQvrR2ZGn10srHbXviTlcv7Kpzw8jWiNTqbVgjO3IY8RxrrOUF8VPMQQFysYYYv0YZxw== @@ -17774,7 +17751,7 @@ prop-types@^15.5.10, prop-types@^15.6.0, prop-types@^15.6.2, prop-types@^15.7.2, object-assign "^4.1.1" react-is "^16.13.1" -property-information@^5.0.0, property-information@^5.0.1: +property-information@^5.0.0: version "5.6.0" resolved "https://registry.yarnpkg.com/property-information/-/property-information-5.6.0.tgz#61675545fb23002f245c6540ec46077d4da3ed69" integrity sha512-YUHSPk+A30YPv+0Qf8i9Mbfe/C0hdPXk1s1jPVToV8pk8BQtpw10ct89Eo7OWkutrwqvT0eicAxlOg3dOAu8JA== @@ -18163,17 +18140,6 @@ react-style-singleton@^2.2.1: invariant "^2.2.4" tslib "^2.0.0" -react-syntax-highlighter@^10.1.3: - version "10.3.5" - resolved "https://registry.yarnpkg.com/react-syntax-highlighter/-/react-syntax-highlighter-10.3.5.tgz#3b3e2d1eba92fb7988c3b50d22d2c74ae0263fdd" - integrity sha512-KR4YE7Q91bHEhvIxuvs/J3tJWfxTyBAAMS4fcMOR9h0C6SoCZIr1OUkVamHOqHMDEck4tdS9gp0D/vlAyPLftA== - dependencies: - "@babel/runtime" "^7.3.1" - highlight.js "~9.13.0" - lowlight "~1.11.0" - prismjs "^1.8.4" - refractor "^2.4.1" - react-syntax-highlighter@^15.6.6: version "15.6.6" resolved "https://registry.yarnpkg.com/react-syntax-highlighter/-/react-syntax-highlighter-15.6.6.tgz#77417c81ebdc554300d0332800a2e1efe5b1190b" @@ -18367,15 +18333,6 @@ reflect.getprototypeof@^1.0.6, reflect.getprototypeof@^1.0.9: get-proto "^1.0.1" which-builtin-type "^1.2.1" -refractor@^2.4.1: - version "2.10.1" - resolved "https://registry.yarnpkg.com/refractor/-/refractor-2.10.1.tgz#166c32f114ed16fd96190ad21d5193d3afc7d34e" - integrity sha512-Xh9o7hQiQlDbxo5/XkOX6H+x/q8rmlmZKr97Ie1Q8ZM32IRRd3B/UxuA/yXDW79DBSXGWxm2yRTbcTVmAciJRw== - dependencies: - hastscript "^5.0.0" - parse-entities "^1.1.2" - prismjs "~1.17.0" - refractor@^3.6.0: version "3.6.0" resolved "https://registry.yarnpkg.com/refractor/-/refractor-3.6.0.tgz#ac318f5a0715ead790fcfb0c71f4dd83d977935a" From 678d80981b4e350d5ba97bbc48f682e54954c186 Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Tue, 21 Oct 2025 12:28:18 +0000 Subject: [PATCH 5/8] Add beachball change file for react-docsite-components Co-authored-by: Hotell <1223799+Hotell@users.noreply.github.com> --- ...te-components-4dd3c21a-22f3-431e-bd6a-798f27705b75.json | 7 +++++++ 1 file changed, 7 insertions(+) create mode 100644 change/@fluentui-react-docsite-components-4dd3c21a-22f3-431e-bd6a-798f27705b75.json diff --git a/change/@fluentui-react-docsite-components-4dd3c21a-22f3-431e-bd6a-798f27705b75.json b/change/@fluentui-react-docsite-components-4dd3c21a-22f3-431e-bd6a-798f27705b75.json new file mode 100644 index 00000000000000..23a15d38892825 --- /dev/null +++ b/change/@fluentui-react-docsite-components-4dd3c21a-22f3-431e-bd6a-798f27705b75.json @@ -0,0 +1,7 @@ +{ + "type": "patch", + "comment": "fix: bump react-syntax-highlighter to v15.6.6 to fix security vulnerabilities", + "packageName": "@fluentui/react-docsite-components", + "email": "198982749+Copilot@users.noreply.github.com", + "dependentChangeType": "patch" +} From e46f7f67460969b4f820c655d9f5eb335df856fd Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Tue, 21 Oct 2025 12:51:24 +0000 Subject: [PATCH 6/8] Bump @types/react-syntax-highlighter to v15.5.13 Co-authored-by: Hotell <1223799+Hotell@users.noreply.github.com> --- packages/react-monaco-editor/jest.config.js | 1 + packages/react-monaco-editor/package.json | 2 +- .../src/components/TypeScriptSnippet.tsx | 7 +++---- yarn.lock | 8 ++++---- 4 files changed, 9 insertions(+), 9 deletions(-) diff --git a/packages/react-monaco-editor/jest.config.js b/packages/react-monaco-editor/jest.config.js index c93a531aba0d3d..edd78a214523de 100644 --- a/packages/react-monaco-editor/jest.config.js +++ b/packages/react-monaco-editor/jest.config.js @@ -3,6 +3,7 @@ const { createV8Config: createConfig } = require('@fluentui/scripts-jest'); const config = createConfig({ moduleNameMapper: { 'react-syntax-highlighter/dist/esm/(.*)$': 'react-syntax-highlighter/dist/cjs/$1', + 'react-syntax-highlighter/dist/styles/(.*)$': 'react-syntax-highlighter/dist/cjs/styles/$1', // have to manually add this one because monaco-editor intentionally doesn't have a `main` '@fluentui/monaco-editor/lib/(.*)$': '@fluentui/monaco-editor/lib-commonjs/$1', }, diff --git a/packages/react-monaco-editor/package.json b/packages/react-monaco-editor/package.json index 24a35fbe412343..cde4ea9fc3635b 100644 --- a/packages/react-monaco-editor/package.json +++ b/packages/react-monaco-editor/package.json @@ -17,7 +17,7 @@ }, "devDependencies": { "@fluentui/eslint-plugin": "*", - "@types/react-syntax-highlighter": "^10.2.1", + "@types/react-syntax-highlighter": "^15.5.13", "@fluentui/scripts-jest": "*", "@fluentui/scripts-tasks": "*", "@fluentui/scripts-webpack": "*" diff --git a/packages/react-monaco-editor/src/components/TypeScriptSnippet.tsx b/packages/react-monaco-editor/src/components/TypeScriptSnippet.tsx index 1cffef3d9c3378..9af470ba48f8a3 100644 --- a/packages/react-monaco-editor/src/components/TypeScriptSnippet.tsx +++ b/packages/react-monaco-editor/src/components/TypeScriptSnippet.tsx @@ -2,7 +2,6 @@ import * as React from 'react'; import { mergeStyles } from '@fluentui/react/lib/Styling'; import { css } from '@fluentui/react/lib/Utilities'; import { CODE_FONT_FAMILY } from './consts'; -import type { IRawStyle } from '@fluentui/react/lib/Styling'; import type { SyntaxHighlighterProps } from 'react-syntax-highlighter'; // react-syntax-highlighter has typings, but they're wrong aside from the props and missing many paths... @@ -11,7 +10,7 @@ const SyntaxHighlighter = require<{ default: React.ComponentType & { registerLanguage: (lang: string, func: any) => void }; }>('react-syntax-highlighter/dist/esm/prism-light').default; const ts = require('react-syntax-highlighter/dist/esm/languages/prism/tsx').default; -const style: { [key: string]: IRawStyle } = require('react-syntax-highlighter/dist/styles/prism/vs').default; +const style: { [key: string]: React.CSSProperties } = require('react-syntax-highlighter/dist/styles/prism/vs').default; /* eslint-enable @typescript-eslint/no-explicit-any */ // Register languages @@ -26,7 +25,7 @@ const colorMap: { [key: string]: string } = { '#ff0000': '#ee0000', // attrs, various (not from monaco) '#393a34': '#000000', // operators, function names }; -const codeStyle: IRawStyle = { +const codeStyle: React.CSSProperties = { fontFamily: CODE_FONT_FAMILY, fontSize: '12px', // matches Monaco color: 'black', @@ -76,7 +75,7 @@ export interface ITypeScriptSnippetProps { export const TypeScriptSnippet: React.FunctionComponent> = props => { return ( - {props.children} + {String(props.children || '')} ); }; diff --git a/yarn.lock b/yarn.lock index 94693ca5488a2e..9751171635fa6b 100644 --- a/yarn.lock +++ b/yarn.lock @@ -5601,10 +5601,10 @@ dependencies: "@types/react" "^18" -"@types/react-syntax-highlighter@^10.2.1": - version "10.2.1" - resolved "https://registry.yarnpkg.com/@types/react-syntax-highlighter/-/react-syntax-highlighter-10.2.1.tgz#b0f75c22cbe7d12104581648348d91d3cd7f13fa" - integrity sha512-M2BAOiiQ2KDkCiuhO1UxAsSNfrSegUfXL1MabRggOoqJoPpaoSuTxGF+TgLuAjMEVW8dJDtp7WpBjjRLMxWgrQ== +"@types/react-syntax-highlighter@^15.5.13": + version "15.5.13" + resolved "https://registry.yarnpkg.com/@types/react-syntax-highlighter/-/react-syntax-highlighter-15.5.13.tgz#c5baf62a3219b3bf28d39cfea55d0a49a263d1f2" + integrity sha512-uLGJ87j6Sz8UaBAooU0T6lWJ0dBmjZgN1PZTrj05TNql2/XpC6+4HhMT5syIdFUUt+FASfCeLLv4kBygNU+8qA== dependencies: "@types/react" "*" From 9a1a48e1724d7f2e2fc018a34b9e4237bacc0672 Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Tue, 21 Oct 2025 13:40:46 +0000 Subject: [PATCH 7/8] Fix webpack bundling by updating style import paths to use /esm/ directory Co-authored-by: Hotell <1223799+Hotell@users.noreply.github.com> --- .../src/components/CodeSnippet/CodeSnippet.tsx | 5 ++--- .../src/components/CodeSnippet/PrismCodeSnippet.tsx | 8 ++++---- packages/react-monaco-editor/jest.config.js | 1 - .../src/components/TypeScriptSnippet.tsx | 2 +- 4 files changed, 7 insertions(+), 9 deletions(-) diff --git a/packages/react-docsite-components/src/components/CodeSnippet/CodeSnippet.tsx b/packages/react-docsite-components/src/components/CodeSnippet/CodeSnippet.tsx index 0c1ba2bdd25881..6afbb7528377b5 100644 --- a/packages/react-docsite-components/src/components/CodeSnippet/CodeSnippet.tsx +++ b/packages/react-docsite-components/src/components/CodeSnippet/CodeSnippet.tsx @@ -5,7 +5,6 @@ import { IStyle, styled, classNamesFunction, - IRawStyle, DefaultPalette, } from '@fluentui/react'; import { NeutralColors, SharedColors } from '@fluentui/theme'; @@ -23,7 +22,7 @@ const xml = require('react-syntax-highlighter/dist/esm/languages/hljs/xml') /* eslint-enable @typescript-eslint/no-explicit-any */ // Import SyntaxHighlighter styles -const style: { [key: string]: IRawStyle } = require('react-syntax-highlighter/dist/styles/hljs/github').default; +const style: { [key: string]: React.CSSProperties } = require('react-syntax-highlighter/dist/esm/styles/hljs/github').default; // Register languages SyntaxHighlighter.registerLanguage('typescript', ts); @@ -35,7 +34,7 @@ SyntaxHighlighter.registerLanguage('html', xml); // Customize imported SyntaxHighlighter styles. Available properties: // https://github.com/conorhastings/react-syntax-highlighter/blob/master/src/styles/hljs/github.js style.hljs = { - ...baseCodeStyle, + ...(baseCodeStyle as React.CSSProperties), padding: 8, overflowX: 'auto', }; diff --git a/packages/react-docsite-components/src/components/CodeSnippet/PrismCodeSnippet.tsx b/packages/react-docsite-components/src/components/CodeSnippet/PrismCodeSnippet.tsx index 3c365b45f7461a..b8f9acc97f59f9 100644 --- a/packages/react-docsite-components/src/components/CodeSnippet/PrismCodeSnippet.tsx +++ b/packages/react-docsite-components/src/components/CodeSnippet/PrismCodeSnippet.tsx @@ -3,7 +3,7 @@ // import * as React from 'react'; -import { styled, classNamesFunction, IRawStyle } from '@fluentui/react'; +import { styled, classNamesFunction } from '@fluentui/react'; import { ICodeSnippetStyleProps, ICodeSnippetStyles, ICodeSnippetProps } from './CodeSnippet'; import { getStyles, baseCodeStyle } from './CodeSnippet.styles'; @@ -19,7 +19,7 @@ const markup = require('react-syntax-highlighter/dist/esm/languages/prism/m /* eslint-enable @typescript-eslint/no-explicit-any */ // Import SyntaxHighlighter styles -const style: { [key: string]: IRawStyle } = require('react-syntax-highlighter/dist/styles/prism/prism').default; +const style: { [key: string]: React.CSSProperties } = require('react-syntax-highlighter/dist/esm/styles/prism/prism').default; // Register languages SyntaxHighlighter.registerLanguage('tsx', ts); @@ -28,8 +28,8 @@ SyntaxHighlighter.registerLanguage('markdown', md); SyntaxHighlighter.registerLanguage('bash', bash); SyntaxHighlighter.registerLanguage('html', markup); -const codeStyle: IRawStyle = { - ...baseCodeStyle, +const codeStyle: React.CSSProperties = { + ...(baseCodeStyle as React.CSSProperties), lineHeight: '1.6', border: 'none', overflow: undefined, diff --git a/packages/react-monaco-editor/jest.config.js b/packages/react-monaco-editor/jest.config.js index edd78a214523de..c93a531aba0d3d 100644 --- a/packages/react-monaco-editor/jest.config.js +++ b/packages/react-monaco-editor/jest.config.js @@ -3,7 +3,6 @@ const { createV8Config: createConfig } = require('@fluentui/scripts-jest'); const config = createConfig({ moduleNameMapper: { 'react-syntax-highlighter/dist/esm/(.*)$': 'react-syntax-highlighter/dist/cjs/$1', - 'react-syntax-highlighter/dist/styles/(.*)$': 'react-syntax-highlighter/dist/cjs/styles/$1', // have to manually add this one because monaco-editor intentionally doesn't have a `main` '@fluentui/monaco-editor/lib/(.*)$': '@fluentui/monaco-editor/lib-commonjs/$1', }, diff --git a/packages/react-monaco-editor/src/components/TypeScriptSnippet.tsx b/packages/react-monaco-editor/src/components/TypeScriptSnippet.tsx index 9af470ba48f8a3..2f03c47dec1fe5 100644 --- a/packages/react-monaco-editor/src/components/TypeScriptSnippet.tsx +++ b/packages/react-monaco-editor/src/components/TypeScriptSnippet.tsx @@ -10,7 +10,7 @@ const SyntaxHighlighter = require<{ default: React.ComponentType & { registerLanguage: (lang: string, func: any) => void }; }>('react-syntax-highlighter/dist/esm/prism-light').default; const ts = require('react-syntax-highlighter/dist/esm/languages/prism/tsx').default; -const style: { [key: string]: React.CSSProperties } = require('react-syntax-highlighter/dist/styles/prism/vs').default; +const style: { [key: string]: React.CSSProperties } = require('react-syntax-highlighter/dist/esm/styles/prism/vs').default; /* eslint-enable @typescript-eslint/no-explicit-any */ // Register languages From cd96e4fe1dbe72891929e6f66dec216527fe20d0 Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Tue, 21 Oct 2025 15:31:08 +0000 Subject: [PATCH 8/8] Run nx format to fix formatting issues Co-authored-by: Hotell <1223799+Hotell@users.noreply.github.com> --- .../src/components/CodeSnippet/CodeSnippet.tsx | 12 +++--------- .../src/components/CodeSnippet/PrismCodeSnippet.tsx | 3 ++- .../src/components/TypeScriptSnippet.tsx | 3 ++- 3 files changed, 7 insertions(+), 11 deletions(-) diff --git a/packages/react-docsite-components/src/components/CodeSnippet/CodeSnippet.tsx b/packages/react-docsite-components/src/components/CodeSnippet/CodeSnippet.tsx index 6afbb7528377b5..d85551cbfc81af 100644 --- a/packages/react-docsite-components/src/components/CodeSnippet/CodeSnippet.tsx +++ b/packages/react-docsite-components/src/components/CodeSnippet/CodeSnippet.tsx @@ -1,12 +1,5 @@ import * as React from 'react'; -import { - IStyleFunctionOrObject, - ITheme, - IStyle, - styled, - classNamesFunction, - DefaultPalette, -} from '@fluentui/react'; +import { IStyleFunctionOrObject, ITheme, IStyle, styled, classNamesFunction, DefaultPalette } from '@fluentui/react'; import { NeutralColors, SharedColors } from '@fluentui/theme'; import { baseCodeStyle, getStyles } from './CodeSnippet.styles'; @@ -22,7 +15,8 @@ const xml = require('react-syntax-highlighter/dist/esm/languages/hljs/xml') /* eslint-enable @typescript-eslint/no-explicit-any */ // Import SyntaxHighlighter styles -const style: { [key: string]: React.CSSProperties } = require('react-syntax-highlighter/dist/esm/styles/hljs/github').default; +const style: { [key: string]: React.CSSProperties } = + require('react-syntax-highlighter/dist/esm/styles/hljs/github').default; // Register languages SyntaxHighlighter.registerLanguage('typescript', ts); diff --git a/packages/react-docsite-components/src/components/CodeSnippet/PrismCodeSnippet.tsx b/packages/react-docsite-components/src/components/CodeSnippet/PrismCodeSnippet.tsx index b8f9acc97f59f9..bf392790f1c9e0 100644 --- a/packages/react-docsite-components/src/components/CodeSnippet/PrismCodeSnippet.tsx +++ b/packages/react-docsite-components/src/components/CodeSnippet/PrismCodeSnippet.tsx @@ -19,7 +19,8 @@ const markup = require('react-syntax-highlighter/dist/esm/languages/prism/m /* eslint-enable @typescript-eslint/no-explicit-any */ // Import SyntaxHighlighter styles -const style: { [key: string]: React.CSSProperties } = require('react-syntax-highlighter/dist/esm/styles/prism/prism').default; +const style: { [key: string]: React.CSSProperties } = + require('react-syntax-highlighter/dist/esm/styles/prism/prism').default; // Register languages SyntaxHighlighter.registerLanguage('tsx', ts); diff --git a/packages/react-monaco-editor/src/components/TypeScriptSnippet.tsx b/packages/react-monaco-editor/src/components/TypeScriptSnippet.tsx index 2f03c47dec1fe5..2fed3c4d3f53d5 100644 --- a/packages/react-monaco-editor/src/components/TypeScriptSnippet.tsx +++ b/packages/react-monaco-editor/src/components/TypeScriptSnippet.tsx @@ -10,7 +10,8 @@ const SyntaxHighlighter = require<{ default: React.ComponentType & { registerLanguage: (lang: string, func: any) => void }; }>('react-syntax-highlighter/dist/esm/prism-light').default; const ts = require('react-syntax-highlighter/dist/esm/languages/prism/tsx').default; -const style: { [key: string]: React.CSSProperties } = require('react-syntax-highlighter/dist/esm/styles/prism/vs').default; +const style: { [key: string]: React.CSSProperties } = + require('react-syntax-highlighter/dist/esm/styles/prism/vs').default; /* eslint-enable @typescript-eslint/no-explicit-any */ // Register languages