Skip to content

[Snyk] Upgrade dompurify from 2.3.1 to 2.3.10 #166

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
snyk-bot wants to merge 1 commit into
base: master
Choose a base branch
from
Open

[Snyk] Upgrade dompurify from 2.3.1 to 2.3.10 #166

snyk-bot wants to merge 1 commit into from

Conversation

@snyk-bot
Copy link

@snyk-bot snyk-bot commented Aug 29, 2022

Snyk has created this PR to upgrade dompurify from 2.3.1 to 2.3.10.

merge advice
ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

  • The recommended version is 9 versions ahead of your current version.
  • The recommended version was released a month ago, on 2022-07-18.
Release notes
Package name: dompurify
  • 2.3.10 - 2022-07-18
    • Added support for sanitization of attributes requiring Trusted Types, thanks @ tosmolka
  • 2.3.9 - 2022-07-11
    • Made TAG and ATTR config options case-sensitive when parsing XHTML, thanks @ tosmolka
    • Bumped some dependencies, thanks @ is2ei
    • Included github-actions in the dependabot config, thanks @ nathannaveen
  • 2.3.8 - 2022-05-13
    • Cleaned up a minor issue with the 2.3.7 release, thanks @ johnbirds

    No other changes compared to 2.3.7 release, which entail:

  • 2.3.7 - 2022-05-11
  • 2.3.6 - 2022-02-16
    • Added an option to allow HTML5 doctypes, thanks @ tosmolka
    • Bumped several dependencies, thanks @ is2ei
    • Updated documentation to cover recently added flags, thanks @ is2ei
  • 2.3.5 - 2022-01-26
    • Performed several chores and cleanups, thanks @ is2ei
    • Fixed a bug when working with Trusted Types, thanks @ tosmolka
    • Fixed a bug with weird behavior on insecure nodes in IN_PLACE mode, thanks @ tosmolka
    • Added more SVG attributes to allow-list, thanks @ rzhade3
  • 2.3.4 - 2021-12-07
    • Added support for Custom Elements, thanks @ franktopel
    • Added new config settings to control Custom Element sanitizing, thanks @ franktopel
    • Added faster clobber checks, thanks @ GrantGryczan
    • Allow-listed SVG feImage elements, thanks @ ydaniv
    • Updated test suite
    • Update supported Node versions
    • Updated README
  • 2.3.3 - 2021-09-20
    • Fixed a bug in the handing of PARSER_MEDIA_TYPE spotted by @ securitum-mb
    • Adjusted the tests for MSIE to make sure the results are as expected now
  • 2.3.2 - 2021-09-15
  • 2.3.1 - 2021-08-13
from dompurify GitHub release notes
Commit messages
Package name: dompurify
  • aedec31 chore: preparing 2.3.10 release
  • 2fe2a34 Merge pull request #699 from tosmolka/tosmolka/660
  • 4ec6d6f Support sanitization of attributes that require Trusted Types
  • 52c8eb1 chore: Updated website
  • 6ec9e42 chore: Preparing 2.3.9 release
  • 912245b Merge pull request #695 from cure53/dependabot/npm_and_yarn/shell-quote-1.7.3
  • 2686662 build(deps): bump shell-quote from 1.7.2 to 1.7.3
  • abf6295 Merge pull request #693 from is2ei/run-format
  • a49f13d format code
  • 2ac0802 See #692
  • e1e04f3 See #692
  • 79e622c Merge pull request #692 from tosmolka/tosmolka/xhtml-lowercase
  • 3ad7750 Make TAG and ATTR cfg options case-sensitive when parsing XHTML
  • 87b29de Merge pull request #690 from cure53/dependabot/github_actions/github/codeql-action-2
  • 065db40 Merge pull request #689 from cure53/dependabot/github_actions/actions/checkout-3
  • 74eb853 Merge pull request #688 from cure53/dependabot/github_actions/actions/setup-node-3
  • ac447e3 Merge pull request #687 from cure53/dependabot/github_actions/GabrielBB/xvfb-action-1.6
  • 2e23e03 build(deps): bump github/codeql-action from 1 to 2
  • e957332 build(deps): bump actions/checkout from 2 to 3
  • ba82523 build(deps): bump actions/setup-node from 2 to 3
  • 74d3e47 build(deps): bump GabrielBB/xvfb-action from 1.0 to 1.6
  • 64b3c36 Merge pull request #685 from turrisxyz/Dependabot-GitHub-Actions
  • b337807 chore: Included githubactions in the dependabot config
  • dc6db2c chore: Prepared 2.3.8. release

Compare

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs

@violethaze74 violethaze74 self-assigned this Jun 14, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

@violethaze74 violethaze74

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@snyk-bot @violethaze74