chore: switch dashboard code blocks highlight to shiki

[camera-2018]

Modifications / 改动点

除 t2i 模板外，更换了前端中所有使用 highlightjs 的位置 to shiki

t2i模板内的高亮功能始终不会触发，，是个老bug，已改好但不想放在这个pr里，等这个pr合入后我再提个

1. 插件文档内的code高亮

2. webchat高亮

3. 顺带修复了切换亮暗模式的时候，代码框内背景不会实时切换的问题

• This is NOT a breaking change. / 这不是一个破坏性变更。

Screenshots or Test Results / 运行截图或测试结果

---

Checklist / 检查清单

• 😊 If there are new features added in the PR, I have discussed it with the authors through issues/emails, etc.
  / 如果 PR 中有新加入的功能，已经通过 Issue / 邮件等方式和作者讨论过。

• 👀 My changes have been well-tested, and "Verification Steps" and "Screenshots" have been provided above.
  / 我的更改经过了良好的测试，并已在上方提供了“验证步骤”和“运行截图”。

• 🤓 I have ensured that no new dependencies are introduced, OR if new dependencies are introduced, they have been added to the appropriate locations in requirements.txt and pyproject.toml.
  / 我确保没有引入新依赖库，或者引入了新依赖库的同时将其添加到 requirements.txt 和 pyproject.toml 文件相应位置。

• 😮 My changes do not introduce malicious code.
  / 我的更改没有引入恶意代码。

[sourcery-ai]

Hey - I've found 1 issue, and left some high level feedback:

• In ReadmeDialog.vue, updateRenderedHtml currently parses the markdown twice (once in collectMarkdownFenceLanguages and again in md.render); you could parse once, reuse the token list to both collect fence languages and render, which would reduce work for large READMEs.

Prompt for AI Agents

Please address the comments from this code review:

## Overall Comments
- In `ReadmeDialog.vue`, `updateRenderedHtml` currently parses the markdown twice (once in `collectMarkdownFenceLanguages` and again in `md.render`); you could parse once, reuse the token list to both collect fence languages and render, which would reduce work for large READMEs.

## Individual Comments

### Comment 1
<location path="dashboard/src/components/chat/message_list_comps/IPythonToolBlock.vue" line_range="93" />
<code_context>
+        );
     } catch (err) {
         console.error('Failed to highlight code:', err);
         return `<pre><code>${code.value}</code></pre>`;
</code_context>
<issue_to_address>
**🚨 issue (security):** The fallback HTML for code is not escaped, which can allow HTML injection if `code.value` is untrusted.

This error path injects `code.value` directly into `<pre><code>` and then renders it via `v-html`, so untrusted tool output can trigger XSS. Escape `code.value` before embedding (at least `&`, `<`, `>`, `"`, `'`), or reuse the same escaping you use in your markdown/README renderer to keep the fallback safe when highlighting fails.
</issue_to_address>

---

Sourcery is free for open source - if you like our reviews please consider sharing them ✨

• X
• Mastodon
• LinkedIn
• Facebook

_{Help me be more useful! Please click 👍 or 👎 on each comment and I'll use the feedback to improve your reviews.}

[gemini-code-assist]

Code Review

This pull request replaces highlight.js with shiki for syntax highlighting across the dashboard, introducing a new shiki utility and a ThemeAwareMarkdownCodeBlock component to handle theme-specific rendering. Key updates include migrating ReadmeDialog and IPythonToolBlock to the new highlighting system and removing obsolete highlight.js dependencies and styles. A performance optimization was recommended for the shiki utility to load multiple languages in parallel using Promise.all.

[Copilot]

Pull request overview

This PR updates the dashboard’s markdown/code rendering pipeline to use Shiki for syntax highlighting (including better dark/light mode behavior), and removes the previous Highlight.js styling approach.

Changes:

• Remove Highlight.js CSS usage and dark-mode overrides; add Shiki-focused dark theme styling.
• Add a shared Shiki helper (src/utils/shiki.js) and migrate README/plugin docs + chat-related code blocks to use it.
• Update assets/lockfile to reflect dependency and icon subset changes.

Reviewed changes

Copilot reviewed 16 out of 19 changed files in this pull request and generated 2 comments.

Show a summary per file

File	Description
dashboard/src/views/WelcomePage.vue	Removes Highlight.js CSS import from a markdown-rendering view.
dashboard/src/utils/shiki.js	Adds shared Shiki singleton/highlighter + language loading + rendering helpers.
dashboard/src/scss/style.scss	Switches global SCSS import from HljsDark to CodeBlockDark.
dashboard/src/scss/components/_HljsDark.scss	Removes Highlight.js dark-mode overrides and markstream-vue dark variables override.
dashboard/src/scss/components/_CodeBlockDark.scss	Adds dark-theme overrides for Shiki dual-theme output + markstream-vue dark variables override.
dashboard/src/layouts/full/vertical-header/VerticalHeader.vue	Removes Highlight.js CSS import from release-notes markdown rendering.
dashboard/src/components/shared/ThemeAwareMarkdownCodeBlock.vue	Adds a wrapper to force code blocks to remount on theme changes.
dashboard/src/components/shared/ReadmeDialog.vue	Replaces Highlight.js-based fencing with Shiki; adds async rendering and theme-aware re-rendering.
dashboard/src/components/shared/ChangelogDialog.vue	Removes Highlight.js CSS import.
dashboard/src/components/chat/StandaloneChat.vue	Registers the theme-aware code block component for chat markdown rendering.
dashboard/src/components/chat/MessageListDEPRECATED.vue	Removes Highlight.js CSS import.
dashboard/src/components/chat/MessageList.vue	Registers the theme-aware code block component for chat markdown rendering.
dashboard/src/components/chat/message_list_comps/IPythonToolBlock.vue	Switches Python code highlighting to shared Shiki utilities and adds Shiki-specific styles.
dashboard/src/components/chat/Chat.vue	Registers the theme-aware code block component for chat markdown rendering.
dashboard/src/assets/mdi-subset/materialdesignicons-webfont-subset.woff2	Updates generated icon font subset asset.
dashboard/src/assets/mdi-subset/materialdesignicons-webfont-subset.woff	Updates generated icon font subset asset.
dashboard/src/assets/mdi-subset/materialdesignicons-subset.css	Updates generated subset metadata and removes one icon mapping.
dashboard/pnpm-lock.yaml	Removes highlight.js and reflects lockfile regeneration changes.
dashboard/package.json	Removes highlight.js dependency and keeps shiki as the highlighter dependency.

Files not reviewed (1)

• dashboard/pnpm-lock.yaml: Language not supported

Comments suppressed due to low confidence (1)

dashboard/src/components/chat/message_list_comps/IPythonToolBlock.vue:94

• The fallback HTML returned on highlight errors injects code.value unescaped into a string that is rendered with v-html. If toolCall.args.code contains </> it can become XSS. Escape the code content (or reuse the same escape helper used elsewhere) before embedding it in the fallback <pre><code> HTML.

    } catch (err) {
        console.error('Failed to highlight code:', err);
        return `<pre><code>${code.value}</code></pre>`;
    }