Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

chore(deps): update dependency dompurify to v3.2.3 #383

Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

chore(deps): update dependency dompurify to v3.2.3 #383

wants to merge 1 commit into from
+6 −4

Conversation

mend-for-github-com[bot]
Copy link
Contributor

This PR contains the following updates:

Package Type Update Change
dompurify dependencies minor 3.1.5 -> 3.2.3

By merging this PR, the issue #382 will be automatically resolved and closed:

Severity CVSS Score CVE
Medium Medium 6.1 WS-2024-0017

Release Notes

cure53/DOMPurify (dompurify)

v3.2.3: DOMPurify 3.2.3

Compare Source

v3.2.2: DOMPurify 3.2.2

Compare Source

  • Fixed a possible bypass in case a rather specific config for custom elements is set, thanks @​yaniv-git
  • Fixed several minor issues with the type definitions, thanks again @​reduckted
  • Fixed a minor issue with the types reference for trusted types, thanks @​reduckted
  • Fixed a minor problem with the template detection regex on some systems, thanks @​svdb99

v3.2.1: DOMPurify 3.2.1

Compare Source

v3.2.0: DOMPurify 3.2.0

Compare Source

v3.1.7: DOMPurify 3.1.7

Compare Source

  • Fixed an issue with comment detection and possible bypasses with specific config settings, thanks @​masatokinugawa
  • Fixed several smaller typos in documentation and test & build files, thanks @​christianhg
  • Added better support for Angular compiler, thanks @​jeroen1602
  • Added several new attributes to HTML and SVG allow-list, thanks @​Gigabyte5671 and @​Rotzbua
  • Removed the foreignObject element from the list of HTML entry-points, thanks @​masatokinugawa
  • Bumped several dependencies to be more up to date

v3.1.6: DOMPurify 3.1.6

Compare Source

  • Fixed an issue with the execution logic of attribute hooks to prevent bypasses, thanks @​kevin-mizu
  • Fixed an issue with element removal leading to uncaught errors through DOM Clobbering, thanks @​realansgar
  • Fixed a minor problem with the bower file pointing to the wrong dist path
  • Fixed several minor typos in docs, comments and comment blocks, thanks @​Rotzbua
  • Updated several development dependencies
  • If you want to rebase/retry this PR, check this box

@mend-for-github-com mend-for-github-com bot added the security fix Security fix generated by Mend label Dec 27, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@lezzago lezzago Awaiting requested review from lezzago lezzago is a code owner

@joshuali925 joshuali925 Awaiting requested review from joshuali925 joshuali925 is a code owner

@anirudha anirudha Awaiting requested review from anirudha anirudha is a code owner

@ruanyl ruanyl Awaiting requested review from ruanyl ruanyl is a code owner

@SuZhou-Joe SuZhou-Joe Awaiting requested review from SuZhou-Joe SuZhou-Joe is a code owner

@xluo-aws xluo-aws Awaiting requested review from xluo-aws xluo-aws is a code owner

@gaobinlong gaobinlong Awaiting requested review from gaobinlong gaobinlong is a code owner

@Hailong-am Hailong-am Awaiting requested review from Hailong-am Hailong-am is a code owner

@wanglam wanglam Awaiting requested review from wanglam wanglam is a code owner

@raintygao raintygao Awaiting requested review from raintygao raintygao is a code owner

At least 1 approving review is required to merge this pull request.

Assignees
No one assigned
Labels
security fix Security fix generated by Mend
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
0 participants