Update dependency highlight.js to v11 [SECURITY]

[renovate]

ℹ️ Note

This PR body was truncated due to platform limits.

This PR contains the following updates:

Package	Change	Age	Confidence
highlight.js (source)	^9.12.0 → ^11.0.0

GitHub Vulnerability Alerts

GHSA-7wwv-vh3v-89cq

Impact: Potential ReDOS vulnerabilities (exponential and polynomial RegEx backtracking)

oswasp:

The Regular expression Denial of Service (ReDoS) is a Denial of Service attack, that exploits the fact that most Regular Expression implementations may reach extreme situations that cause them to work very slowly (exponentially related to input size). An attacker can then cause a program using a Regular Expression to enter these extreme situations and then hang for a very long time.

If are you are using Highlight.js to highlight user-provided data you are possibly vulnerable. On the client-side (in a browser or Electron environment) risks could include lengthy freezes or crashes... On the server-side infinite freezes could occur... effectively preventing users from accessing your app or service (ie, Denial of Service).

This is an issue with grammars shipped with the parser (and potentially 3rd party grammars also), not the parser itself. If you are using Highlight.js with any of the following grammars you are vulnerable. If you are using highlightAuto to detect the language (and have any of these grammars registered) you are vulnerable. Exponential grammars (C, Perl, JavaScript) are auto-registered when using the common grammar subset/library require('highlight.js/lib/common') as of 10.4.0 - see https://cdn.jsdelivr.net/gh/highlightjs/cdn-release@10.4.0/build/highlight.js

All versions prior to 10.4.1 are vulnerable, including version 9.18.5.

Grammars with exponential backtracking issues:

• c-like (c, cpp, arduino)
• handlebars (htmlbars)
• gams
• perl
• jboss-cli
• r
• erlang-repl
• powershell
• routeros
• livescript (10.4.0 and 9.18.5 included this fix)
• javascript & typescript (10.4.0 included partial fixes)

And of course any aliases of those languages have the same issue. ie: hpp is no safer than cpp.

Grammars with polynomial backtracking issues:

• kotlin
• gcode
• d
• aspectj
• moonscript
• coffeescript/livescript
• csharp
• scilab
• crystal
• elixir
• basic
• ebnf
• ruby
• fortran/irpf90
• livecodeserver
• yaml
• x86asm
• dsconfig
• markdown
• ruleslanguage
• xquery
• sqf

And again: any aliases of those languages have the same issue. ie: ruby and rb share the same ruby issues.

Patches

• Version 10.4.1 resolves these vulnerabilities. Please upgrade.

Workarounds / Mitigations

• Discontinue use the affected grammars. (or perhaps use only those with poly vs exponential issues)
• Attempt cherry-picking the grammar fixes into older versions...
• Attempt using newer CDN versions of any affected languages. (ie using an older CDN version of the library with newer CDN grammars). Your mileage may vary.

References

• https://owasp.org/www-community/attacks/Regular_expression_Denial_of_Service_-_ReDoS

For more information

If you have any questions or comments about this advisory:

• Open an issue: https://github.com/highlightjs/highlight.js/issues
• Email us at security@highlightjs.com

---

Release Notes

highlightjs/highlight.js (highlight.js)

v11.11.1

Compare Source

• Fixes regression with Rust grammar.

v11.11.0

Compare Source

CAVEATS / POTENTIALLY BREAKING CHANGES

• Nothing yet.

Core Grammars:

• fix(rust) - adds emoji support in single quote strings [joshgoebel][]
• fix(apache) - support line continuation via \ Josh Goebel
• fix(makefile) - allow strings inside $() expressions aneesh98
• enh(arcade) updated to ArcGIS Arcade version 1.29 Kristian Ekenes
• enh(css) add all properties listed on MDN (96 additions including anchor-name, aspect-ratio, backdrop-filter, container, margin-trim, place-content, scroll-timeline, ...) BaliBalo
• enh(excel) add built-in functions for Excel 365 release to 2024 Danny Winrow
• enh(erlang) OTP 27 triple-quoted strings nixxquality
• enh(erlang) OTP 27 doc attribute nixxquality
• enh(erlang) OTP 27 Sigil type nixxquality
• enh(erlang) OTP25/27 maybe statement nixxquality
• enh(dart) Support digit-separators in number literals [Sam Rawlins][]
• enh(csharp) add Contextual keywords file, args, dynamic, record, required and scoped Alvin Joy
• enh(lua) add 'pluto' as an alias Sainan
• enh(bash) add reserved keywords time and coproc Álvaro Mondéjar
• enh(nix) update keywords [h7x4][]
• enh(nix) support paths [h7x4][]
• enh(nix) support lookup paths [h7x4][]
• enh(nix) support operators [h7x4][]
• enh(nix) support REPL keywords [h7x4][]
• enh(nix) support markdown comments [h7x4][]
• enh(nix) support basic function params [h7x4][]
• enh(nix) better parsing of attrsets [h7x4][]
• fix(c) - Fixed hex numbers with decimals Dxuian
• fix(typescript) - Fixedoptional property not highlighted correctly Dxuian
• fix(ruby) - fix |= operator false positives (as block arguments) Aboobacker MK
• enh(gcode) rewrote language for modern gcode support Barthélémy Bonhomme
• fix(sql) - Fixed sql primary key and foreign key spacing issue Dxuian
• fix(cpp) added flat_set and flat_map as a part of cpp 23 version Lavan
• fix(yaml) - Fixed special chars in yaml Dxuian
• fix(basic) - Fixed closing quotation marks not required for a PRINT statement Somya
• fix(nix) remove add builtin [h7x4][]
• fix(nix) mark or as builtin instead of literal [h7x4][]
• fix(nix) handle ''' string escapes [h7x4][]
• fix(nix) handle backslash string escapes [h7x4][]
• fix(nix) don't mix escapes for " and '' strings [h7x4][]
• fix(swift) - Fixed syntax highlighting for class func/var declarations guuido
• fix(yaml) - Fixed wrong escaping behavior in single quoted strings guuido
• enh(nim) - Add concept and defer to list of Nim keywords Jake Leahy
• fix(cpp) - Exclude keywords from highlighting as function calls Eisenwave

New Grammars:

• added 3rd party TTCN-3 grammar to SUPPORTED_LANGUAGES Osmocom
• added 3rd party Odin grammar to SUPPORTED_LANGUAGES clsource
• added 3rd party Liquid grammar to SUPPORTED_LANGUAGES Laurel King

Developer Tools:

• Nothing yet.

Themes:

• Added Rosé Pine theme William Wilkinson
• Added Cybertopia Cherry theme Alexandre ZANNI
• Added Cybertopia Dimmer theme Alexandre ZANNI
• Added Cybertopia Icecap theme Alexandre ZANNI
• Added Cybertopia Saturated theme Alexandre ZANNI

Improvements:

• Resolve the memory leak problem when creating multiple Highlight.js instances Imken

CONTRIBUTORS

v11.10.0

Compare Source

CAVEATS / POTENTIALLY BREAKING CHANGES

• Drops support for Node 16.x, which is no longer supported by Node.js.

Core Grammars:

• enh(typescript) add support for satisfies operator Kisaragi Hiu
• enc(c) added more C23 keywords Melkor-1
• enh(json) added jsonc as an alias BackupMiles
• enh(gml) updated to latest language version (GML v2024.2) gnysek
• enh(c) added more C23 keywords and preprcoessor directives Eisenwave
• enh(js/ts) support namespaced tagged template strings Aral Balkan
• enh(perl) fix false-positive variable match at end of string Josh Goebel
• fix(cpp) not all kinds of number literals are highlighted correctly Lê Duy Quang
• fix(css) fix overly greedy pseudo class matching Bradley Mackey
• enh(arcade) updated to ArcGIS Arcade version 1.24 Kristian Ekenes
• fix(typescript): params types Mohamed Ali
• fix(rust) fix escaped double quotes in string Mohamed Ali
• fix(rust) fix for r# raw identifier not being highlighted correctly. JaeBaek Lee
• enh(rust) Adding union to be recognized as a keyword in Rust. JaeBaek Lee
• fix(yaml) fix for yaml with keys having brackets highlighted incorrectly Aneesh Kulkarni
• fix(csharp) add raw string highlighting for C# 11. Tara
• fix(bash) fix # within token being detected as the start of a comment Felix Uhl
• fix(python) fix or conflicts with string highlighting Mohamed Ali
• enh(python) adds a scope to the self variable [Lee Falin][]
• enh(delphi) allow digits to be omitted for hex and binary literals Jonah Jeleniewski
• enh(delphi) add support for digit separators Jonah Jeleniewski
• enh(delphi) add support for character strings with non-decimal numerics Jonah Jeleniewski
• fix(javascript) incorrect function name highlighting CY Fung
• fix(1c) fix escaped symbols "+-;():=,[]" literals Vitaly Barilko
• fix(swift) correctly highlight generics and conformances in type definitions Bradley Mackey
• enh(swift) add package keyword Bradley Mackey
• fix(swift) ensure keyword attributes highlight correctly Bradley Mackey
• fix(types) fix interface LanguageDetail > keywords Patrick Chiu
• enh(java) add goto to be recognized as a keyword in Java Alvin Joy
• enh(bash) add keyword sudo Alvin Joy
• fix(haxe) captures new keyword without capturing it within variables/class names Cameron Taylor
• fix(go) fix go number literals to accept _ separators, add hex p exponents Lisa Ugray
• enh(markdown) add entity support [David Schach][] TaraLei
• enh(css) add justify-items and justify-self attributes Vasily Polovnyov
• enh(css) add accent-color, appearance, color-scheme, rotate, scale and translate attributes Carl Räfting
• fix(fortran) fixes parsing of keywords delimited by dots Julien Bloino
• enh(css) add select, option, optgroup, picture and source to list of known tags Vasily Polovnyov
• enh(css) add inset, inset-*, border-start-*-radius and border-end-*-radius attributes Vasily Polovnyov
• enh(css) add text-decoration-skip-ink, text-decoration-thickness and text-underline-offset attributes Vasily Polovnyov
• enh(java) add when to be recognized as a keyword in Java Chiel van de Steeg

New Grammars:

• added 3rd party CODEOWNERS grammar to SUPPORTED_LANGUAGES nataliia-radina
• added 3rd party Luau grammar to SUPPORTED_LANGUAGES Robloxian Demo
• added 3rd party ReScript grammar to SUPPORTED_LANGUAGES Paul Tsnobiladzé
• added 3rd party Zig grammar to SUPPORTED_LANGUAGES [Hyou BunKen][]
• added 3rd party WGSL grammar to SUPPORTED_LANGUAGES Arman Uguray
• added 3rd party Unison grammar to SUPPORTED_LANGUAGES Rúnar Bjarnason
• added 3rd party Phix grammar to SUPPORTED_LANGUAGES PeteLomax
• added 3rd party Mirth grammar to SUPPORTED_LANGUAGES Sierra
• added 3rd party JSONata grammar to SUPPORTED_LANGUAGES Vlad Dimov

Developer Tool:

• enh(tools): order CSS options picklist [David Schach][]
• enh(tools): remove duplicate CSS options [David Schach][]
• (typescript): deprecate old highlight API [Misha Kaletsky][]

Themes:

• Added 1c-light theme a like in the IDE 1C:Enterprise 8 (for 1c) Vitaly Barilko

v11.9.0

Compare Source

CAVEATS / POTENTIALLY BREAKING CHANGES

• Drops support for Node 14.x, which is no longer supported by Node.js.
• In the node build styles/*.css files now ship un-minified
  with minified counterparts as: styles/*.min.css mvorisek
  (this makes things consistent with our cdn builds)

Parser:

• (enh) prevent re-highlighting of an element [joshgoebel][]
• (chore) Remove discontinued badges from README Bradley Mackey
• (chore) Fix build size report Bradley Mackey

New Grammars:

• added 3rd party Iptables grammar to SUPPORTED_LANGUAGES Checconio
• added 3rd party x86asmatt grammar to SUPPORTED_LANGUAGES gondow
• added 3rd party riscv64 grammar to SUPPORTED_LANGUAGES aana-h2
• added 3rd party Ballerina grammar to SUPPORTED_LANGUAGES Yasith Deelaka

Core Grammars:

• fix(cpp) fixed highlighter break state Md Saad Akhtar
• fix(rust) added negative-lookahead for callable keywords if while for [Omar Hussein][]
• enh(armasm) added x0-x30 and w0-w30 ARMv8 registers Nicholas Thompson
• enh(haxe) added final, is, macro keywords and $ identifiers Robert Borghese
• enh(haxe) support numeric separators and suffixes Robert Borghese
• fix(haxe) fixed metadata arguments and support non-colon syntax Robert Borghese
• fix(haxe) differentiate abstract declaration from keyword Robert Borghese
• fix(bash) do not delimit a string by an escaped apostrophe [hancar][]
• enh(swift) support macro keyword Bradley Mackey
• enh(swift) support parameter pack keywords Bradley Mackey
• enh(swift) regex literal support Bradley Mackey
• enh(swift) @unchecked and @Sendable support Bradley Mackey
• enh(scala) add using directives support //> using foo bar [Jamie Thompson][]
• fix(scala) fixed comments in constructor arguments not being properly highlighted Isaac Nonato
• enh(swift) ownership modifiers support Bradley Mackey
• enh(nsis) Add !assert compiler flag [idleberg][]
• fix(haskell) do not treat double dashes inside infix operators as comments [Zlondrej][]
• enh(rust) added eprintln! macro qoheniac
• enh(leaf) update syntax to 4.0 Samuel Bishop
• fix(reasonml) simplify syntax and align it with ocaml jchavarri
• fix(swift) warn_unqualified_access is an attribute Bradley Mackey
• enh(swift) macro attributes are highlighted as keywords Bradley Mackey
• enh(stan) updated for version 2.33 (#​3859) Brian Ward
• enh(llvm) match additional types wtz
• fix(css) added '_' css variable detection Md Saad Akhtar
• enh(groovy) add record and var as keywords Guillaume Laforge

Developer Tool:

• (chore) Update dev tool to use the new highlight API. Shah Shabbir Ahmmed
• (enh) Auto-update the highlighted output when the language dropdown changes. Shah Shabbir Ahmmed

v11.8.0

Compare Source

Parser engine:

• added a function to default export to generate a fresh highlighter instance to be used by extensions WisamMechano
• added BETA __emitTokens key to grammars to allow then to direct their own parsing, only using Highlight.js for the HTML rendering Josh Goebel
• (enh) add removePlugin api faga295
• (fix) typo in language name of JavaScript Cyrus Kao

New Grammars:

• added 3rd party Lang grammar to SUPPORTED_LANGUAGES AdamRaichu
• added 3rd party C3 grammar to SUPPORTED_LANGUAGES aliaegik

Core Grammars:

• enh(sql) support _ in variable names [joshgoebel][]
• enh(mathematica) update keywords list to 13.2.1 arnoudbuzing
• enh(protobuf) add proto alias for Protobuf [dimitropoulos][]
• enh(sqf) latest changes in Arma 3 v2.11 Leopard20
• enh(js/ts) Added support for GraphQL tagged template strings Ali Ukani
• enh(javascript) add sessionStorage to list of built-in variables Jeroen van Vianen
• enh(http) Add support for HTTP/3 Rijenkii
• added 3rd party Motoko grammar to SUPPORTED_LANGUAGES rvanasa
• added 3rd party Candid grammar to SUPPORTED_LANGUAGES rvanasa
• fix(haskell) Added support for characters CrystalSplitter
• enh(dart) Add base, interface, sealed, and when keywords Sam Rawlins
• enh(php) detect newer more flexible NOWdoc syntax (#​3679) Timur Kamaev
• enh(python) improve autodetection of code with type hinting any function's return type (making the -> operator legal) Keyacom
• enh(bash) add select and until as keywords

v11.7.0

Compare Source

New Grammars:

• added 3rd party LookML grammar to SUPPORTED_LANGUAGES Josh Temple
• added 3rd party FunC grammar to SUPPORTED_LANGUAGES [Nikita Sobolev][]
• Added 3rd party Flix grammar to SUPPORTED_LANGUAGES The Flix Organisation
• Added 3rd party RVT grammar to SUPPORTED_LANGUAGES Sopitive

Grammars:

• enh(scheme) add scm alias for Scheme matyklug18
• fix(typescript) patterns like <T = are not JSX Josh Goebel
• fix(bash) recognize the (( keyword Nick Chambers
• enh(Ruby) misc improvements (kws, class names, etc) Josh Goebel
• fix(js) do not flag import() as a function, rather a keyword nathnolt
• fix(bash) recognize the (( keyword Nick Chambers
• fix(nix) support escaped dollar signs in strings h7x4
• enh(cmake) support bracket comments Hirse
• enh(java) add yield keyword to java MBoegers
• enh(java) add permits keyword to java MBoegers
• fix(javascript/typescript) correct identifier matching when using numbers Lachlan Heywood

Improvements:

• Documentation typo fix by Eddymens

v11.6.0

Compare Source

Supported Node.js versions:

• (chore) Drops support for Node 12.x, which is no longer supported by Node.js.

Default build changes:

• add wasm to default :common build (#​3526) [Josh Goebel][]
• add graphql to default :common build (#​3526) [Josh Goebel][]

Grammars:

• fix(json) changed null/booleans from keyword to literal shikhar13012001
• enh(gml) reorganized and added additional keywords Bluecoreg
• enh(csharp) Added support for the new scoped keyword in C# (#​3571) [David Pine][]
• enh(scala) add transparent keyword Matt Bovel
• fix(rust) highlight types immediately preceeding :: (#​3540) [Josh Goebel][]
• Added 3rd party Apex grammar to SUPPORTED_LANGUAGES (#​3546) David Schach
• fix(rust) recognize include_bytes! macro (#​3541) Serial-ATA
• fix(java) do not intepret == as a variable declaration Mousetail
• enh(swift) add SE-0335 existential any keyword (#​3515) Bradley Mackey
• enh(swift) add support for distributed keyword Marcus Ortiz
• enh(xml) recognize Unicode letters instead of only ASCII letters in XML element and attribute names (#​3256)Martin Honnen
• Added 3rd party Toit grammar to SUPPORTED_LANGUAGES Serzhan Nasredin
• Use substring() instead of deprecated substr() Tobias Buschor
• Added 3rd party Oak grammar to SUPPORTED_LANGUAGES Tim Smith
• enh(python) add match and case keywords Avrumy Lunger
• Added 3rd party COBOL grammar to SUPPORTED_LANGUAGES Gabriel Gonçalves

v11.5.1: Version 11.5.1

Compare Source

Just a tiny release to hopefully fix the issues some are having with CSS not seen as having side effects with web pack, etc...

---

Packaging:

• (chore) explicitly set sideEffect for css and scss files, fixes #​3504

v11.5.0

Compare Source

Themes:

• Added Tokyo-Night-dark theme Henri Vandersleyen
• Added Tokyo-Night-light theme Henri Vandersleyen
• Added panda-syntax-dark theme Annmarie Switzer
• Added panda-syntax-light theme Annmarie Switzer

New Grammars:

• Added GraphQL to SUPPORTED_LANGUAGES John Foster
• Added Macaulay2 to SUPPORTED_LANGUAGES Doug Torrance

Grammars:

• enh(ruby) lots of small Ruby cleanups/improvements Josh Goebel
• enh(objectivec) add type and variable.language scopes Josh Goebel
• enh(xml) support processing instructions (#​3492) Josh Goebel
• enh(ruby ) better support multi-line IRB prompts
• enh(bash) improved keyword $pattern (numbers allowed in command names) Martin Mattel
• add meta.prompt scope for REPL prompts, etc Josh Goebel
• fix(markdown) Handle ***Hello world*** without breaking Josh Goebel
• enh(php) add support for PHP Attributes Wojciech Kania
• fix(java) prevent false positive variable init on else Josh Goebel
• enh(php) named arguments Wojciech Kania
• fix(php) PHP constants Wojciech Kania
• fix(angelscript) incomplete int8, int16, int32, int64 highlighting Melissa Geels
• enh(ts) modify TypeScript-specific keywords and types list anydonym
• fix(brainfuck) fix highlighting of initial ++/-- Christina Hanson
• fix(llvm) escaping in strings and number formats Flakebi
• enh(elixir) recognize references to modules Mark Ericksen
• enh(css): add support for more properties Nicolaos Skimas

v11.4.0

Compare Source

New Language:

• Added 3rd party Pine Script grammar to SUPPORTED_LANGUAGES Jeylani B
• Added 3rd party cURL grammar to SUPPORTED_LANGUAGES highlightjs-curl

Themes:

• Default is now much closer WCAG AA (contrast) (#​3402) Josh Goebel
• Dark now meets WCAG AA (contrast) (#​3402) Josh Goebel
• Added intellij-light theme Pegasis
• Added felipec theme Felipe Contreras

These changes should be for the better and should not be super noticeable but if you're super picky about your colors you may want to intervene here or copy over the older themes from 11.3 or prior.

Grammars:

• enh(twig) update keywords list for symfony (#​3453) Matthieu Lempereur
• enh(arcade) updated to ArcGIS Arcade version 1.16 John Foster
• enh(php) Left and right-side of double colon Wojciech Kania
• enh(php) add PHP constants Wojciech Kania
• enh(php) add PHP 8.1 keywords Wojciech Kania
• fix(cpp) fix vector<< template false positive (#​3437) Josh Goebel
• enh(php) support First-class Callable Syntax (#​3427) Wojciech Kania
• enh(php) support class constructor call (#​3427) Wojciech Kania
• enh(php) support function invoke (#​3427) Wojciech Kania
• enh(php) Switch highlighter to partially case-insensitive (#​3427) Wojciech Kania
• enh(php) improve namespace and use highlighting (#​3427) Josh Goebel
• enh(php) $this is a variable.language now (#​3427) Josh Goebel
• enh(php) add __COMPILER_HALT_OFFSET__ (#​3427) Josh Goebel
• enh(js/ts) fix => async function title highlights (#​3405) Josh Goebel
• enh(twig) update keywords list (#​3415) Matthieu Lempereur
• fix(python) def, class keywords detected mid-identifier (#​3381) Josh Goebel
• fix(python) Fix recognition of numeric literals followed by keywords without whitespace (#​2985) Richard Gibson
• enh(swift) add SE-0290 unavailability condition (#​3382) Bradley Mackey
• fix(fsharp) Highlight operators, match type names only in type annotations, support quoted identifiers, and other smaller fixes. Melvyn Laïly
• enh(java) add sealed and non-sealed keywords (#​3386) Bradley Mackey
• enh(js/ts) improve CLASS_REFERENCE (#​3411) Josh Goebel
• enh(nsis) Update defines pattern to allow ! (#​3417) idleberg
• enh(nsis) Update language strings pattern to allow ! (#​3420) idleberg
• fix(stan) Updated for Stan 2.28 and other misc. improvements (#​3410)
• enh(nsis) Update variables pattern (#​3416) idleberg
• fix(clojure) Several issues with Clojure highlighting (#​3397) Björn Ebbinghaus
  • fix(clojure) comment macro catches more than it should (#​3395)
  • fix(clojure) $ in symbol breaks highlighting
  • fix(clojure) Add complete regex for number detection
  • enh(clojure) Add character mode for character literals
  • fix(clojure) Inconsistent namespaced map highlighting
  • enh(clojure) Add regex mode to regex literal
  • fix(clojure) Remove inconsistent/broken highlighting for metadata
  • enh(clojure) Add punctuation mode for commas.
• fix(julia) Enable the jldoctest alias (#​3432) Fons van der Plas

Developer Tools:

• (chore) add gzip size compression report (#​3400) Bradley Mackey

Themes:

• Modified background color in css for Gradient Light and Gradient Dark themes Samia Ali

v11.3.1

Compare Source

Build:

• (fix) Grammar CDN modules not generated correctly. (#​3363) Josh Goebel

v11.3.0

Compare Source

Build:

• add HighlightJS named export (#​3295) Josh Goebel
• add .default named export to CJS builds (#​3333) Josh Goebel

Parser:

• add first rough performance testing script (#​3280) Austin Schick
• add throwUnescapedHTML to warn against potential HTML injection Josh Goebel
• expose regex helper functions via hljs injection Josh Goebel
  • concat
  • lookahead
  • either
  • optional
  • anyNumberOfTimes

Grammars:

• fix(ts) some complex types would classify as JSX (#​3278) Josh Goebel
• fix(js/ts) less false positives for class X extends Y (#​3278) Josh Goebel
• enh(css): add properties from several W3C (Candidate) Recommendations (#​3308)
• fix(js/ts) Float32Array highlighted incorrectly (#​3353) Josh Goebel
• fix(css) single-colon psuedo-elements no longer break highlighting (#​3240) Josh Goebel
• fix(scss) single-colon psuedo-elements no longer break highlighting (#​3240) Josh Goebel
• enh(fsharp) rewrite most of the grammar, with many improvements Melvyn Laïly
• enh(go) better type highlighting, add error type Josh Goebel
• fix(js/ts) regex inside SUBST is no longer highlighted Josh Goebel
• fix(python) added support for unicode identifiers (#​3280) Austin Schick
• enh(css/less/stylus/scss) improve consistency of function dispatch (#​3301) Josh Goebel
• enh(css/less/stylus/scss) detect block comments more fully (#​3301) Josh Goebel
• fix(cpp) switch is a keyword (#​3312) Josh Goebel
• fix(cpp) fix xor_eq keyword highlighting. Denis Kovalchuk
• enh(c,cpp) highlight type modifiers as type (#​3316) Josh Goebel
• enh(css/less/stylus/scss) add support for CSS Grid properties monochromer
• enh(java) add support for Java Text Block (#​3322) Teletha
• enh(scala) add missing do and then keyword (#​3323) Nicolas Stucki
• enh(scala) add missing enum, export and given keywords (#​3328) Nicolas Stucki
• enh(scala) remove symbol syntax and fix quoted code syntax (#​3324) Nicolas Stucki
• enh(scala) add Scala 3 extension soft keyword (#​3326) Nicolas Stucki
• enh(scala) add Scala 3 end soft keyword (#​3327) Nicolas Stucki
• enh(scala) add inline soft keyword (#​3329) Nicolas Stucki
• enh(scala) add using soft keyword (#​3330) Nicolas Stucki
• enh(fsharp) added f# alias (#​3337) Bahnschrift
• enh(bash) added gnu core utilities (#​3342) katzeprior
• enh(nsis) add new NSIS commands (#​3351) idleberg
• fix(nsis) set case_insensitive to true (#​3351) idleberg
• fix(css/less/stylus/scss) highlight single-colon psuedo-elements properly (#​3240) zsoltlengyelit
• fix(css) add css hex color alpha support (#​3360) ierehon1905

v11.2.0

Compare Source

Build:

• fix: run Node build CSS files thru CSS processor also (#​3284) Josh Goebel

Parser:

• fix(csharp) Fix assignments flagging as functions Josh Goebel
• fix(types) Fix some type definition issues (#​3274) Josh Goebel
• fix(verilog) Fix directive handling (#​3283) Josh Goebel
• fix(verilog) Fix binary number false positives on _ (#​3283) Josh Goebel
• enh(verilog) __FILE__ and __LINE__ constants (#​3283) Josh Goebel
• enh(verilog) tighten keyword regex (#​3283) Josh Goebel

Grammars:

• enh(swift) Add isolated/nonisolated keywords (#​3296) Bradley Mackey

New Languages:

• Added 3rd party X# grammar to SUPPORTED_LANGUAGES Patrick Kruselburger
• Added 3rd party MKB grammar to SUPPORTED_LANGUAGES (#​3297) Dereavy

v11.1.0

Compare Source

Grammars:

• fix(csharp) add missing catch keyword (#​3251) Konrad Rudolph
• add additional keywords to csp.js (#​3244) Elijah Conners
• feat(css) handle css variables syntax (#​3239) Thanos Karagiannis
• fix(markdown) Images with empty alt or links with empty text (#​3233) Josh Goebel
• enh(powershell) added pwsh alias (#​3236) tebeco
• fix(r) fix bug highlighting examples in doc comments Konrad Rudolph
• fix(python) identifiers starting with underscore not highlighted (#​3221) Antoine Lambert
• enh(clojure) added edn alias (#​3213) Stel Abrego
• enh(elixir) much improved regular expression sigil support (#​3207) Josh Goebel
• enh(elixir) updated list of keywords (#​3212) Angelika Tyborska
• fix(elixir) fixed number detection when numbers start with a zero (#​3212) Angelika Tyborska
• fix(ps1) Flag highlighted incorrectly (#​3167) Pankaj Patil
• fix(latex) Allow wider syntax for magic comments (#​3243) Benedikt Wilde
• fix(js/ts) Constants may include numbers Josh Goebel

v11.0.1

Compare Source

• (fix) use console.log for .js.js deprecation warning (#​3222) Josh Goebel
• (fix) do not restrict exports from cdn-assets (#​3223) Josh Goebel

v11.0.0

Compare Source

This is a major release. As such it contains breaking changes which may require action from users. Please read VERSION_11_UPGRADE.md for a detailed summary of all breaking changes.

Potentially breaking changes

Unless otherwise attributed items below are thanks to Josh Goebel (ref: #​2558).

The below list should only be considered to be a high-level summary.

Deprecations / Removals / API Changes:

• initHighlighting() and initHighlightingOnLoad() deprecated. Use highlightAll().
• highlightBlock(el) deprecated. Use highlightElement(el)
• before:highlightBlock & after:highlightBlock callbacks deprecated. Use equivalent highlightElement callbacks.
• highlight(languageName, code, ignoreIllegals, continuation) signature deprecated. Use highlight(code, {language, ignoreIllegals}).
• Deprecated highlight() signature no longer supports continuation argument.
• tabReplace option removed. Consider a plugin.
• useBR option removed. Consider a plugin or CSS.
• requireLanguage() removed. Use getLanguage().
• endSameAsBegin mode key removed. Use hljs.END_SAME_AS_BEGIN.
• lexemes mode key removed. Use keywords.$pattern.
• The return values/keys of some APIs have changed slightly.

Security:

• HTML auto-passthru has been removed. Consider a plugin.
• Unescaped HTML is now stripped (for security). A warning is logged to the console. (#​3057) Josh Goebel

Themes:

• The default padding of all themes increases (0.5em => 1em).
• schoolbook has been updated to remove the lined background.
• github updated to better match modern GitHub (#​1616) [Jan Pilzer][]
• github-gist has been removed in favor of github [Jan Pilzer][]
• Base16 named themes have been updated to their "canonical" versions
• nnfx updated for v11 xml styles and improved css support

Language Grammars:

• Default CDN build drops support for several languages.
• Some language grammar files have been removed.
• Some redundant language aliases have been removed.

Other changes

Parser:

• enh(vala) improve language detection for Vala (#​3195) [Konrad Rudolph][]
• enh(r) add support for operators, fix number highlighting bug (#​3194, #​3195) [Konrad Rudolph][]
• enh(parser) add beginScope and endScope to allow separate scoping begin and end (#​3159) Josh Goebel
• enh(parsed) endScope now supports multi-class matchers as well (#​3159) Josh Goebel
• enh(parser) highlightElement now always tags blocks with a consistent language-[name] class Josh Goebel
  • subLanguage span tags now also always have the language- prefix added
• enh(parser) support multi-class matchers (#​3081) Josh Goebel
• enh(parser) Detect comments based on english like text, rather than keyword list Josh Goebel
• adds title.class.inherited sub-scope support Josh Goebel
• adds title.class sub-scope support (#​3078) Josh Goebel
• adds title.function sub-scope support (#​3078) Josh Goebel
• adds beforeMatch compiler extension (#​3078) Josh Goebel
• adds cssSelector configuration option (#​3180) [James Edington][]

Grammars:

• enh(all) .meta-keyword => .meta .keyword (nested scopes) (#​3167) Josh Goebel
• enh(all) .meta-string => .meta .string (nested scopes) (#​3167) Josh Goebel
• enh(swift) add actor keyword (#​3171) Bradley Mackey
• enh(crystal) highlight variables (#​3154) Josh Goebel
• fix(ruby) Heredoc without interpolation (#​3154) Josh Goebel
• enh(swift) add @resultBuilder attribute (#​3151) Bradley Mackey
• enh(processing) added pde alias (#​3142) [Dylan McBean][]
• enh(thrift) Use proper scope for types Josh Goebel
• enh(java) Simplified class-like matcher (#​3078) Josh Goebel
• enh(cpp) Simplified class-like matcher (#​3078) Josh Goebel
• enh(rust) Simplified class-like matcher (#​3078) Josh Goebel
• enh(actionscript) Simplified class-like matcher (#​3078) Josh Goebel
• enh(arcade) function.title => title.function (#​3078) Josh Goebel
• enh(autoit) function.title => title.function (#​3078) Josh Goebel
• enh(c) function.title => title.function (#​3078) Josh Goebel
• enh(rust) support function invoke and impl (#​3078) Josh Goebel
• chore(properties) disable auto-detection #​3102 Josh Goebel
• fix(properties) fix incorrect handling of non-alphanumeric keys #​3102 [Egor Rogov][]
• enh(java) support functions with nested template types (#​2641) Josh Goebel
• enh(java) highlight types and literals separate from keywords (#​3074) Josh Goebel
• enh(shell) add alias ShellSession [Ryan Mulligan][]
• enh(shell) consider one space after prompt as part of prompt [Ryan Mulligan][]
• fix(nginx) fix bug with $ and @​ variables Josh Goebel
• enh(nginx) improving highlighting of some sections Josh Goebel
• fix(vim) variable names may not be zero length Josh Goebel
• enh(sqf) Updated keywords to Arma 3 v2.02 (#​3084) [R3voA3][]
• enh(sqf) Refactored function regex to match CBA component func naming scheme (#​3181) [JonBons][]
• enh(nim) highlight types properly (not as built-ins) Josh Goebel
• (chore) throttle deprecation messages (#​3092) [Mihkel Eidast][]
• enh(c) Update keyword list for C11/C18 (#​3010) Josh Goebel
• enh(parser) highlight object properties (#​3072) Josh Goebel
• enh(javascript/typescript) highlight object properties (#​3072) Josh Goebel
• enh(haskell) add support for BinaryLiterals (#​3150) [Martijn Bastiaan][]
• enh(haskell) add support for NumericUnderscores (#​3150) [Martijn Bastiaan][]
• enh(haskell) add support for HexFloatLiterals (#​3150) [Martijn Bastiaan][]
• fix(c,cpp) allow declaring multiple functions and (for C++) par

---

Configuration

📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.