Skip to content
This repository has been archived by the owner on Jan 18, 2023. It is now read-only.

[Snyk] Upgrade dompurify from 2.0.15 to 2.3.3 #2

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

[Snyk] Upgrade dompurify from 2.0.15 to 2.3.3 #2

wants to merge 1 commit into from

Conversation

snyk-bot
Copy link

Snyk has created this PR to upgrade dompurify from 2.0.15 to 2.3.3.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

  • The recommended version is 18 versions ahead of your current version.
  • The recommended version was released a month ago, on 2021-09-20.

The recommended version fixes:

Severity Issue PriorityScore (*) Exploit Maturity
Cross-site Scripting (XSS)
SNYK-JS-DOMPURIFY-1035544		 539/1000
Why? Has a fix available, CVSS 6.5		 No Known Exploit
Cross-site Scripting (XSS)
SNYK-JS-DOMPURIFY-1016634		 539/1000
Why? Has a fix available, CVSS 6.5		 Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Release notes
Package name: dompurify
  • 2.3.3 - 2021-09-20
    • Fixed a bug in the handing of PARSER_MEDIA_TYPE spotted by @ securitum-mb
    • Adjusted the tests for MSIE to make sure the results are as expected now
  • 2.3.2 - 2021-09-15
    • Added new config option PARSER_MEDIA_TYPE, thanks @ tosmolka
  • 2.3.1 - 2021-08-13
    • Added code to make FORBID_CONTENTS setting configurable
    • Added role to URI-safe attributes
    • Added more paranoid handling for template elements
  • 2.3.0 - 2021-07-06
    • Added better handling of document creation on Firefox
    • Added better handling of version numbers in license file
    • Added two new browser versions to test suite config
    • Fixed a bug with handling of custom data attributes
  • 2.2.9 - 2021-06-01
    • Fixed some minor issues related to the NAMESPACE config
    • Fixed some minor issues relating to empty input
    • Fixed some minor issues relating to handling of invalid XML
  • 2.2.8 - 2021-04-28
    • Added NAMESPACE config option, thanks @ NateScarlet
    • Added better fallback for older browsers & PhantomJS, thanks @ albanx
    • Extended allow-list for SVG attributes a bit
  • 2.2.7 - 2021-03-12
    • Fixed handling of unsupported browsers, i.e. Safari 9 and older
    • Fixed various minor bugs and typos in README and examples
    • Added better handling of potentially harmful "is" attributes
    • Added better handling of lookupGetter functionality
  • 2.2.6 - 2020-12-18
    • Added new mXSS prevention logic created by SecurityMB
  • 2.2.5 - 2020-12-18
  • 2.2.4 - 2020-12-15
    • Fixed a new MathML-based bypass submitted by PewGrand
    • Fixed a new SVG-related bypass submitted by SecurityMB
    • Updated NodeJS CI to Node 14.x and Node 15.x
    • Cleaned up _forceRemove logic for better reliability
  • 2.2.3 - 2020-12-07
    • Fixed an mXSS issue reported by PewGrand
    • Fixed a minor issue with the license header
    • Fixed a problem with overly-eager CSS stripping
    • Updated the README and removed an XSS warning
  • 2.2.2 - 2020-11-02
  • 2.2.1 - 2020-11-02
  • 2.2.0 - 2020-10-21
  • 2.1.1 - 2020-09-25
  • 2.1.0 - 2020-09-23
  • 2.0.17 - 2020-09-20
  • 2.0.16 - 2020-09-18
  • 2.0.15 - 2020-09-03
from dompurify GitHub release notes
Commit messages
Package name: dompurify

Compare

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@snyk-bot