Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

chore(deps): update dependency dompurify to v2.5.4 #696

Open
wants to merge 1 commit into
base: next
Choose a base branch
from
Open

chore(deps): update dependency dompurify to v2.5.4 #696

wants to merge 1 commit into from

Conversation

renovate[bot]
Copy link
Contributor

@renovate renovate bot commented Nov 21, 2022
edited

Mend Renovate

This PR contains the following updates:

Package Change Age Adoption Passing Confidence
dompurify 2.4.0 -> 2.5.4 age adoption passing confidence
@types/dompurify (source) 2.3.4 -> 2.4.0 age adoption passing confidence

Release Notes

cure53/DOMPurify (dompurify)

v2.5.4: DOMPurify 2.5.4

Compare Source

  • Fixed a bug with latest isNaN checks affecting MSIE, thanks @​tulach
  • Fixed the tests for MSIE and fixed related test-runner

v2.5.3: DOMPurify 2.5.3

Compare Source

  • Fixed several mXSS variations found by and thanks to @​kevin-mizu & @​Ry0taK
  • Added better configurability for comment scrubbing default behavior
  • Added better hardening against Prototype Pollution attacks, thanks @​kevin-mizu
  • Fixed some smaller issues in README and other documentation

v2.5.2: DOMPurify 2.5.2

Compare Source

  • Addressed and fixed a mXSS variation found by @​kevin-mizu
  • Addressed and fixed a mXSS variation found by Adam Kues of Assetnote
  • Updated tests for older Safari and Chrome versions

v2.5.1: DOMPurify 2.5.1

Compare Source

  • Fixed an mXSS sanitizer bypass reported by @​icesfont
  • Added new code to track element nesting depth
  • Added new code to enforce a maximum nesting depth of 255
  • Added coverage tests and necessary clobbering protections

Note that this is a security release and should be upgraded to immediately. Please also note that further releases may follow as the underlying vulnerability is apparently new and further variations may be discovered.

v2.5.0: DOMPurify 2.5.0

Compare Source

  • Added new setting SAFE_FOR_XML to enable better control over comment scrubbing
  • Updated the LICENSE file to show the accurate year number
  • Updated several build and test dependencies

v2.4.9: DOMPurify 2.4.9

Compare Source

  • Fixed another conditional bypass caused by Processing Instructions, thanks @​Ry0taK
  • Fixed the regex for HTML Custom Element detection, thanks @​AlekseySolovey3T

v2.4.8: DOMPurify 2.4.8

Compare Source

  • Fixed two possible bypasses when sanitizing an XML document and later using it in HTML, thanks @​Slonser

v2.4.7: DOMPurify 2.4.7

Compare Source

v2.4.6: DOMPurify 2.4.6

Compare Source

  • Fixed a bypass in jsdom 22 in case the noframes element is permitted, thanks @​leeN

v2.4.5: DOMPurify 2.4.5

Compare Source

  • Fixed a problem with improper reset of custom HTML options, thanks @​ammaraskar

v2.4.4: DOMPurify 2.4.4

Compare Source

v2.4.3: DOMPurify 2.4.3

Compare Source

  • Final release that is compatible with MSIE10 & MSIE 11

v2.4.2: DOMPurify 2.4.2

Compare Source

  • Fixed a Trusted Types sink violation with empty input and NAMESPACE , thanks @​tosmolka
  • Fixed a Prototype Pollution issue discovered and reported by @​kevin-mizu

v2.4.1: DOMPurify 2.4.1

Compare Source

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Enabled.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about these updates again.

  • If you want to rebase/retry this PR, check this box

This PR has been generated by Mend Renovate. View repository job log here.

@vercel
Copy link

vercel bot commented Nov 21, 2022
edited

The latest updates on your projects. Learn more about Vercel for Git ↗︎

Name Status Preview Comments Updated (UTC)
adoption ❌ Failed (Inspect) May 20, 2024 6:01pm
adoption-iusk ❌ Failed (Inspect) May 20, 2024 6:01pm

@codecov
Copy link

codecov bot commented Nov 21, 2022
edited

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 79.45%. Comparing base (b827249) to head (de45613).

Current head de45613 differs from pull request most recent head 2fee414

Please upload reports for the commit 2fee414 to get more accurate results.

Additional details and impacted files 
@@           Coverage Diff           @@
##             next     #696   +/-   ##
=======================================
  Coverage   79.45%   79.45%           
=======================================
  Files          42       42           
  Lines        1022     1022           
  Branches      218      218           
=======================================
  Hits          812      812           
  Misses         98       98           
  Partials      112      112

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

@renovate renovate bot changed the title chore(deps): update dependency dompurify to v2.4.1 Update dependency dompurify to v2.4.1 Dec 17, 2022
@renovate renovate bot changed the title Update dependency dompurify to v2.4.1 chore(deps): update dependency dompurify to v2.4.1 Dec 17, 2022
@renovate renovate bot changed the title chore(deps): update dependency dompurify to v2.4.1 chore(deps): update dependency dompurify to v2.4.5 Mar 18, 2023
@renovate renovate bot changed the title chore(deps): update dependency dompurify to v2.4.5 chore(deps): update dependency dompurify to v2.4.6 Jul 10, 2023
@renovate renovate bot changed the title chore(deps): update dependency dompurify to v2.4.6 chore(deps): update dependency dompurify to v2.4.7 Jul 11, 2023
@renovate renovate bot changed the title chore(deps): update dependency dompurify to v2.4.7 chore(deps): update dependency dompurify to v2.4.8 Mar 19, 2024
@renovate renovate bot changed the title chore(deps): update dependency dompurify to v2.4.8 chore(deps): update dependency dompurify to v2.4.9 Mar 21, 2024
@renovate renovate bot changed the title chore(deps): update dependency dompurify to v2.4.9 chore(deps): update dependency dompurify to v2.5.0 Apr 7, 2024
@renovate renovate bot changed the title chore(deps): update dependency dompurify to v2.5.0 chore(deps): update dependency dompurify to v2.5.1 Apr 26, 2024
@renovate renovate bot changed the title chore(deps): update dependency dompurify to v2.5.1 chore(deps): update dependency dompurify to v2.5.2 Apr 30, 2024
@renovate renovate bot force-pushed the renovate/dompurify-2.x branch from a739151 to de45613 Compare May 2, 2024 02:04
@renovate renovate bot force-pushed the renovate/dompurify-2.x branch from de45613 to 84853fe Compare May 11, 2024 13:00
@renovate renovate bot changed the title chore(deps): update dependency dompurify to v2.5.2 chore(deps): update dependency dompurify to v2.5.3 May 11, 2024
@renovate renovate bot force-pushed the renovate/dompurify-2.x branch from 84853fe to 2fee414 Compare May 20, 2024 18:00
@renovate renovate bot changed the title chore(deps): update dependency dompurify to v2.5.3 chore(deps): update dependency dompurify to v2.5.4 May 20, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
0 participants