Update react-syntax-hightlighter to v15.5.0 for fixing XSS vulnerability issue by prismjs

[oti]

Is your feature request related to a problem? Please describe

@storybook/components which depends on react-syntax-highlighter has a XSS vulnerability issue by prismjs.
It was resolved in react-syntax-highlighter v15.5.0
https://github.com/react-syntax-highlighter/react-syntax-highlighter/releases/tag/15.5.0

Describe the solution you'd like

Update react-syntax-hightlighter to v15.5.0

[curtvict]

It would be great if this could be included in the next minor.

PrismJS/prism#3341 was included in their v1.27.0 release.

More context: GHSA-3949-f494-cm99

[tkdphoenix]

It seems that prismjs is a devDependency. Is that correct? If so, you can move it to devDependencies in package.json and it wouldn't be a security vuln for everyone, but you would want to update it ASAP, of course.

[curtvict]

Seemed like less work to just bump the version, so I did.

[shilman]

Ooh-la-la!! I just released https://github.com/storybookjs/storybook/releases/tag/v7.0.0-alpha.10 containing PR #18009 that references this issue. Upgrade today to the @future NPM tag to try it out!

npx sb upgrade --prerelease

Closing this issue. Please re-open if you think there's still more to do.

[curtvict]

Thanks @shilman!