Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

bump dompurify version because of nasty xss bypass. #8498

Merged
merged 1 commit into from
Nov 4, 2019
Merged

bump dompurify version because of nasty xss bypass. #8498

merged 1 commit into from
Nov 4, 2019

Conversation

MarcusSorealheis
Copy link
Contributor

@MarcusSorealheis MarcusSorealheis commented Nov 4, 2019
edited
Loading

CATEGORY

Choose one

  • Bug Fix
  • Enhancement (new features, refinement)
  • Refactor
  • Add tests
  • Build / Development Environment
  • Documentation

SUMMARY

Bumped the dompurify version because of a nasty bypass reported in September.

BEFORE/AFTER SCREENSHOTS OR ANIMATED GIF

TEST PLAN

Run the app. Everything should work. Tests should pass.

ADDITIONAL INFORMATION

  • Has associated issue:
  • Changes UI
  • Requires DB Migration.
  • Confirm DB Migration upgrade and downgrade tested.
  • Introduces new feature or API
  • Removes existing feature or API

REVIEWERS

@codecov-io
Copy link

codecov-io commented Nov 4, 2019
edited
Loading

Codecov Report

Merging #8498 into master will not change coverage.
The diff coverage is n/a.

Impacted file tree graph

@@          Coverage Diff           @@
##           master   #8498   +/-   ##
======================================
  Coverage    66.6%   66.6%           
======================================
  Files         449     449           
  Lines       22608   22608           
  Branches     2366    2366           
======================================
  Hits        15059   15059           
  Misses       7411    7411           
  Partials      138     138

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update a305b1a...bd71e0a. Read the comment docs.

@kristw kristw merged commit 4c35de1 into apache:master Nov 4, 2019
graceguo-supercat pushed a commit that referenced this pull request Nov 13, 2019
@MarcusSorealheis
build: bump dompurify version because of nasty xss bypass. (#8498)
6fdd5b4
dpgaspar pushed a commit that referenced this pull request Nov 15, 2019
@MarcusSorealheis @dpgaspar
build: bump dompurify version because of nasty xss bypass. (#8498)
4c2a653
@mistercrunch mistercrunch added 🍒 0.35.1 🍒 0.35.2 🏷️ bot A label used by `supersetbot` to keep track of which PR where auto-tagged with release labels 🚢 0.36.0 labels Feb 28, 2024
cccs-rc pushed a commit to CybercentreCanada/superset that referenced this pull request Mar 6, 2024
@MarcusSorealheis @dpgaspar
build: bump dompurify version because of nasty xss bypass. (apache#8498)
432b8f5
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@mistercrunch mistercrunch mistercrunch approved these changes

Assignees
No one assigned
Labels
🏷️ bot A label used by `supersetbot` to keep track of which PR where auto-tagged with release labels size/XS 🍒 0.35.1 🍒 0.35.2 🚢 0.36.0
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@MarcusSorealheis @codecov-io @mistercrunch @kristw