[Snyk] Upgrade codemirror from 5.30.0 to 5.59.2

[Krrishdhaneja]

Snyk has created this PR to upgrade codemirror from 5.30.0 to 5.59.2.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

---

• The recommended version is 43 versions ahead of your current version.
• The recommended version was released 2 months ago, on 2021-01-20.

The recommended version fixes:

Severity	Issue	PriorityScore (*)	Exploit Maturity
	Regular Expression Denial of Service (ReDoS) SNYK-JS-CODEMIRROR-1016937	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-CODEMIRROR-569611	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Release notes

Package name: codemirror

• 5.59.2 - 2021-01-20
  

  Version 5.59.2

  Bug fixes

  Don't try to scroll the selection into view in readonly: "nocursor" mode.

  closebrackets addon: Fix a regression in the behavior of pressing enter between brackets.

  javascript mode: Fix an infinite loop on specific syntax errors in object types.

  various modes: Fix inefficient RegExp matching.

• 5.59.1 - 2020-12-31
  

  Version 5.59.1

  Bug fixes

  Fix an issue where some Chrome browsers were detected as iOS.

• 5.59.0 - 2020-12-20
  

  Version 5.59.0

  Bug fixes

  Fix platform detection on recent iPadOS.

  lint addon: Don't show duplicate messages for a given line.

  clojure mode: Fix regexp that matched in exponential time for some inputs.

  hardwrap addon: Improve handling of words that are longer than the line length.

  matchbrackets addon: Fix leaked event handler on disabling the addon.

  New features

  search addon: Make it possible to configure the search addon to show the dialog at the bottom of the editor.

• 5.58.3 - 2020-11-19
  

  Version 5.58.3

  Bug fixes

  Suppress quick-firing of blur-focus events when dragging and clicking on Internet Explorer.

  Fix the insertAt option to addLineWidget to actually allow the widget to be placed after all widgets for the line.

  soy mode: Support @ Attribute and element composition.

  shell mode: Support heredoc quoting.

• 5.58.2 - 2020-10-23
  No content.
• 5.58.1 - 2020-09-23
  

  Version 5.58.1

  Bug fixes

  placeholder addon: Remove arrow function that ended up in the code.

• 5.58.0 - 2020-09-21
  

  Version 5.58.0

  Bug fixes

  Make backspace delete by code point, not glyph.

  Suppress flickering focus outline when clicking on scrollbars in Chrome.

  Fix a bug that prevented attributes added via markText from showing up unless the span also had some other styling.

  Suppress cut and paste context menu entries in readonly editors in Chrome.

  placeholder addon: Update placeholder visibility during composition.

  New features

  Make it less cumbersome to style new lint message types.

  vim bindings: Support black hole register, gn and gN

• 5.57.0 - 2020-08-20
  

  Version 5.57.0

  Bug fixes

  Fix issue that broke binding the macOS Command key.

  comment addon: Keep selection in front of inserted markers when adding a block comment.

  css mode: Recognize more properties and value names.

  annotatescrollbar addon: Don't hide matches in collapsed content.

  New features

  vim bindings: Support tag text objects in xml and html modes.

• 5.56.0 - 2020-07-20
• 5.55.0 - 2020-06-21
• 5.54.0 - 2020-05-20
• 5.53.2 - 2020-04-21
• 5.53.0 - 2020-04-21
• 5.52.2 - 2020-03-20
• 5.52.0 - 2020-02-20
• 5.51.0 - 2020-01-20
• 5.50.2 - 2020-01-01
• 5.50.0 - 2019-12-20
• 5.49.2 - 2019-10-21
• 5.49.0 - 2019-09-20
• 5.48.4 - 2019-08-19
• 5.48.2 - 2019-07-19
• 5.48.0 - 2019-06-20
• 5.47.0 - 2019-05-21
• 5.46.0 - 2019-04-22
• 5.45.0 - 2019-03-20
• 5.44.0 - 2019-02-21
• 5.43.0 - 2019-01-21
• 5.42.2 - 2018-12-21
• 5.42.0 - 2018-11-20
• 5.41.0 - 2018-10-25
• 5.40.2 - 2018-09-20
• 5.40.0 - 2018-08-25
• 5.39.2 - 2018-07-20
• 5.39.0 - 2018-06-20
• 5.38.0 - 2018-05-22
• 5.37.0 - 2018-04-20
• 5.36.0 - 2018-03-20
• 5.35.0 - 2018-02-20
• 5.34.0 - 2018-01-29
• 5.33.0 - 2017-12-21
• 5.32.0 - 2017-11-22
• 5.31.0 - 2017-10-20
• 5.30.0 - 2017-09-20

from codemirror GitHub release notes

Commit messages

Package name: codemirror

• 48487ee Mark version 5.59.2
• 8852916 [real-world uses] Rename writeLaTeX to Overleaf
• b29c728 [matchbrackets addon] Treat and null tokes as interchangeable
• 5c4f7a6 [javascript mode] Fix another hang in TS object type parsing
• 126a266 [various modes] Add missing ^ anchors to StringStream.match() as optimization
• 281f132 [various modes[ Replace regexp stream.match with string matches
• 4823ade [matchbrackets addon] Add highlightNonMatching option
• 8d13f24 Add CodeMirror 6 banner to front page
• 14dec2b Don't scroll the selection into view in nocursor mode
• 6aa4fef [brace-fold addon] Pick first opening token on a given line
• 760f416 [closebrackets] Fix regression in exploding brackets
• 79d2f88 [vue demo] Fix further spelling mistake
• 1b178d3 Fix spelling in vim test
• 498e7c0 Fix various spelling mistakes
• d19a746 Fix bug in findPosH
• 36c786b [closetag demo] Add description
• a46e330 [show-hint addon] Changed closeOnCursorActivity to updateOnCursorActivity
• c805973 [real world uses] Update "clone-it" url
• 9749ba3 [real world uses] Add coderush.xyz (typing speed test)
• bd37a96 Mark version 5.59.1
• 1698f00 [manual] Add link to demo for jump-to-line
• 5e25c3c [sponsors] Add Execute Program logo
• 37d7b2e Fix moving backwards across astral chars
• 863c189 [javascript mode] Make sure type props don't consume closing braces

Compare

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs