Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix(deps): update dependency dompurify to v2.4.7 - autoclosed #386

Closed
wants to merge 1 commit into from
Closed

fix(deps): update dependency dompurify to v2.4.7 - autoclosed #386

wants to merge 1 commit into from

Conversation

renovate[bot]
Copy link
Contributor

@renovate renovate bot commented Feb 20, 2024

Mend Renovate

This PR contains the following updates:

Package Change Age Adoption Passing Confidence
dompurify 2.2.7 -> 2.4.7 age adoption passing confidence

Release Notes

cure53/DOMPurify (dompurify)

v2.4.7: DOMPurify 2.4.7

Compare Source

v2.4.6: DOMPurify 2.4.6

Compare Source

  • Fixed a bypass in jsdom 22 in case the noframes element is permitted, thanks @​leeN

v2.4.5: DOMPurify 2.4.5

Compare Source

  • Fixed a problem with improper reset of custom HTML options, thanks @​ammaraskar

v2.4.4: DOMPurify 2.4.4

Compare Source

v2.4.3: DOMPurify 2.4.3

Compare Source

  • Final release that is compatible with MSIE10 & MSIE 11

v2.4.2: DOMPurify 2.4.2

Compare Source

  • Fixed a Trusted Types sink violation with empty input and NAMESPACE , thanks @​tosmolka
  • Fixed a Prototype Pollution issue discovered and reported by @​kevin-mizu

v2.4.1: DOMPurify 2.4.1

Compare Source

v2.4.0: DOMPurify 2.4.0

Compare Source

  • Removed bundled types again as they caused too much trouble

v2.3.12: DOMPurify 2.3.12

Compare Source

v2.3.11: DOMPurify 2.3.11

Compare Source

  • Added generated type definitions for better compatibility
  • Added SANITIZE_NAMED_PROPS config option, thanks @​SoheilKhodayari
  • Updated README and config documentation, thanks @​0xedward
  • Updated test suite with newer Node versions

v2.3.10: DOMPurify 2.3.10

Compare Source

  • Added support for sanitization of attributes requiring Trusted Types, thanks @​tosmolka

v2.3.9: DOMPurify 2.3.9

Compare Source

  • Made TAG and ATTR config options case-sensitive when parsing XHTML, thanks @​tosmolka
  • Bumped some dependencies, thanks @​is2ei
  • Included github-actions in the dependabot config, thanks @​nathannaveen

v2.3.8: DOMPurify 2.3.8

Compare Source

  • Cleaned up a minor issue with the 2.3.7 release, thanks @​johnbirds

No other changes compared to 2.3.7 release, which entail:

v2.3.7

Compare Source

v2.3.6: DOMPurify 2.3.6

Compare Source

  • Added an option to allow HTML5 doctypes, thanks @​tosmolka
  • Bumped several dependencies, thanks @​is2ei
  • Updated documentation to cover recently added flags, thanks @​is2ei

v2.3.5: DOMPurify 2.3.5

Compare Source

  • Performed several chores and cleanups, thanks @​is2ei
  • Fixed a bug when working with Trusted Types, thanks @​tosmolka
  • Fixed a bug with weird behavior on insecure nodes in IN_PLACE mode, thanks @​tosmolka
  • Added more SVG attributes to allow-list, thanks @​rzhade3

v2.3.4: DOMPurify 2.3.4

Compare Source

  • Added support for Custom Elements, thanks @​franktopel
  • Added new config settings to control Custom Element sanitizing, thanks @​franktopel
  • Added faster clobber checks, thanks @​GrantGryczan
  • Allow-listed SVG feImage elements, thanks @​ydaniv
  • Updated test suite
  • Update supported Node versions
  • Updated README

v2.3.3: DOMPurify 2.3.3

Compare Source

  • Fixed a bug in the handing of PARSER_MEDIA_TYPE spotted by @​securitum-mb
  • Adjusted the tests for MSIE to make sure the results are as expected now

v2.3.2: DOMPurify 2.3.2

Compare Source

  • Added new config option PARSER_MEDIA_TYPE, thanks @​tosmolka

v2.3.1: DOMPurify 2.3.1

Compare Source

  • Added code to make FORBID_CONTENTS setting configurable
  • Added role to URI-safe attributes
  • Added more paranoid handling for template elements

v2.3.0: DOMPurify 2.3.0

Compare Source

  • Added better handling of document creation on Firefox
  • Added better handling of version numbers in license file
  • Added two new browser versions to test suite config
  • Fixed a bug with handling of custom data attributes

v2.2.9: DOMPurify 2.2.9

Compare Source

  • Fixed some minor issues related to the NAMESPACE config
  • Fixed some minor issues relating to empty input
  • Fixed some minor issues relating to handling of invalid XML

v2.2.8: DOMPurify 2.2.8

Compare Source

  • Added NAMESPACE config option, thanks @​NateScarlet
  • Added better fallback for older browsers & PhantomJS, thanks @​albanx
  • Extended allow-list for SVG attributes a bit

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Never, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

  • If you want to rebase/retry this PR, check this box

This PR has been generated by Mend Renovate. View repository job log here.

@renovate renovate bot added the dependencies Pull requests that update a dependency file label Feb 20, 2024
@renovate renovate bot changed the title fix(deps): update dependency dompurify to v2.4.7 fix(deps): update dependency dompurify to v2.4.7 - autoclosed Feb 20, 2024
@renovate renovate bot closed this Feb 20, 2024
@renovate renovate bot deleted the renovate/dompurify-2.x-lockfile branch February 20, 2024 19:22
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
dependencies Pull requests that update a dependency file
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
0 participants