Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom

[Snyk] Upgrade dompurify from 3.0.5 to 3.1.7 #24

Open
wants to merge 1 commit into
base: develop
Choose a base branch
from
Open

[Snyk] Upgrade dompurify from 3.0.5 to 3.1.7 #24

wants to merge 1 commit into from

Conversation

X-oss-byte
Copy link
Owner

snyk-top-banner

Snyk has created this PR to upgrade dompurify from 3.0.5 to 3.1.7.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

  • The recommended version is 14 versions ahead of your current version.

  • The recommended version was released on 21 days ago.

Issues fixed by the recommended upgrade:

Issue Score Exploit Maturity
high severity Prototype Pollution
SNYK-JS-DOMPURIFY-7984421		 586 No Known Exploit
medium severity Template Injection
SNYK-JS-DOMPURIFY-6474511		 586 Proof of Concept
Release notes
Package name: dompurify
  • 3.1.7 - 2024-09-26
    • Fixed an issue with comment detection and possible bypasses with specific config settings, thanks @ masatokinugawa
    • Fixed several smaller typos in documentation and test & build files, thanks @ christianhg
    • Added better support for Angular compiler, thanks @ jeroen1602
    • Added several new attributes to HTML and SVG allow-list, thanks @ Gigabyte5671 and @ Rotzbua
    • Removed the foreignObject element from the list of HTML entry-points, thanks @ masatokinugawa
    • Bumped several dependencies to be more up to date
  • 3.1.6 - 2024-07-05
    • Fixed an issue with the execution logic of attribute hooks to prevent bypasses, thanks @ kevin-mizu
    • Fixed an issue with element removal leading to uncaught errors through DOM Clobbering, thanks @ realansgar
    • Fixed a minor problem with the bower file pointing to the wrong dist path
    • Fixed several minor typos in docs, comments and comment blocks, thanks @ Rotzbua
    • Updated several development dependencies
  • 3.1.5 - 2024-05-31
    • Fixed a minor issue with the dist paths in bower.js, thanks @ HakumenNC
    • Fixed a minor issue with sanitizing HTML coming from copy&paste Word content, thanks @ kakao-bishop-cho
  • 3.1.4 - 2024-05-20
    • Fixed an issue with the recently implemented isNaN checks, thanks @ tulach
    • Added several new popover attributes to allow-list, thanks @ Gigabyte5671
    • Fixed the tests and adjusted the test runner to cover all branches
  • 3.1.3 - 2024-05-11
    • Fixed several mXSS variations found by and thanks to @ kevin-mizu & @ Ry0taK
    • Added better configurability for comment scrubbing default behavior
    • Added better hardening against Prototype Pollution attacks, thanks @ kevin-mizu
    • Added better handling and readability of the nodeType property, thanks @ ssi02014
    • Fixed some smaller issues in README and other documentation
  • 3.1.2 - 2024-04-30
  • 3.1.1 - 2024-04-26
  • 3.1.0 - 2024-04-07
  • 3.0.11 - 2024-03-21
  • 3.0.10 - 2024-03-19
  • 3.0.9 - 2024-02-20
  • 3.0.8 - 2024-01-05
  • 3.0.7 - 2024-01-04
  • 3.0.6 - 2023-09-28
  • 3.0.5 - 2023-07-11
from dompurify GitHub release notes

Important

  • Check the changes in this PR to ensure they won't cause issues with your project.
  • This PR was automatically created by Snyk using the credentials of a real user.
  • Max score is 1000. Note that the real score may have changed since the PR was raised.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

@snyk-bot
fix: upgrade dompurify from 3.0.5 to 3.1.7
bab79d8 
Snyk has created this PR to upgrade dompurify from 3.0.5 to 3.1.7.

See this package in npm:
dompurify

See this project in Snyk:
https://app.snyk.io/org/sammytezzy/project/54d742ef-f52e-4145-a5b1-9d7e5208377f?utm_source=github&utm_medium=referral&page=upgrade-pr
@stackblitz StackBlitz
Copy link

stackblitz bot commented Oct 17, 2024

Review PR in StackBlitz Codeflow Run & review this pull request in StackBlitz Codeflow.

@changeset-bot changeset-bot
Copy link

changeset-bot bot commented Oct 17, 2024

⚠️ No Changeset found

Latest commit: bab79d8

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR

sourcery-ai[bot]
sourcery-ai bot reviewed Oct 17, 2024
View reviewed changes
Copy link

@sourcery-ai sourcery-ai bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We have skipped reviewing this pull request. Here's why:

  • It seems to have been created by a bot ('[Snyk]' found in title). We assume it knows what it's doing!
  • We don't review packaging changes - Let us know if you'd like us to change this.

# for free to join this conversation on GitHub. Already have an account? # to comment
Reviewers

@sourcery-ai sourcery-ai[bot] sourcery-ai[bot] left review comments

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@X-oss-byte @snyk-bot