Added better configurability for comment scrubbing default behavior
Added better hardening against Prototype Pollution attacks, thanks @kevin-mizu
Added better handling and readability of the nodeType property, thanks @ssi02014
Fixed some smaller issues in README and other documentation
DOMPurify 3.1.2
Addressed and fixed a mXSS variation found by @kevin-mizu
Addressed and fixed a mXSS variation found by Adam Kues of Assetnote
Updated tests for older Safari and Chrome versions
DOMPurify 3.1.1
Fixed an mXSS sanitiser bypass reported by @icesfont
Added new code to track element nesting depth
Added new code to enforce a maximum nesting depth of 255
Added coverage tests and necessary clobbering protections
Note that this is a security release and should be upgraded to immediately. Please also note that further releases may follow as the underlying vulnerability is apparently new and further variations may be discovered.
DOMPurify 3.1.0
Added new setting SAFE_FOR_XML to enable better control over comment scrubbing
Updated README to warn about happy-dom not being safe for use with DOMPurify yet
Updated the LICENSE file to show the accurate year number
Updated several build and test dependencies
DOMPurify 3.0.11
Fixed another conditional bypass caused by Processing Instructions, thanks @Ry0taK
Fixed the regex for HTML Custom Element detection, thanks @AlekseySolovey3T
DOMPurify 3.0.10
Fixed two possible bypasses when sanitizing an XML document and later using it in HTML, thanks @Slonser
When using a custom runtimeModule, the plugin will not try to pre-optimize react/compiler-runtime dependency.
Reminder: Vite expect code outside of node_modules to be ESM, so you will need to update the gist with import React from 'react'.
v4.3.0
Fix support for React compiler
Don't set retainLines: true when the React compiler is used. This creates whitespace issues and the compiler is modifying the JSX too much to get correct line numbers after that. If you want to use the React compiler and get back correct line numbers for tools like vite-plugin-react-click-to-component to work, you should update your config to something like:
This is a long overdue and should fix some issues people had with HMR when migrating from CRA.
v4.2.1
Remove generic parameter on Plugin to avoid type error with Rollup 4/Vite 5 and skipLibCheck: false.
I expect very few people to currently use this feature, but if you are extending the React plugin via api object, you can get back the typing of the hook by importing ViteReactPluginApi:
import type { Plugin } from 'vite'
import type { ViteReactPluginApi } from '@vitejs/plugin-react'
When using a custom runtimeModule, the plugin will not try to pre-optimize react/compiler-runtime dependency.
Reminder: Vite expect code outside of node_modules to be ESM, so you will need to update the gist with import React from 'react'.
4.3.0 (2024-05-22)
Fix support for React compiler
Don't set retainLines: true when the React compiler is used. This creates whitespace issues and the compiler is modifying the JSX too much to get correct line numbers after that. If you want to use the React compiler and get back correct line numbers for tools like vite-plugin-react-click-to-component to work, you should update your config to something like:
This is a long overdue and should fix some issues people had with HMR when migrating from CRA.
4.2.1 (2023-12-04)
Remove generic parameter on Plugin to avoid type error with Rollup 4/Vite 5 and skipLibCheck: false.
I expect very few people to currently use this feature, but if you are extending the React plugin via api object, you can get back the typing of the hook by importing ViteReactPluginApi:
import type { Plugin } from 'vite'
import type { ViteReactPluginApi } from '@vitejs/plugin-react'
Bumps the node-requirements group with 14 updates in the /frontend directory:
8.112.5
8.119.0
9.37.3
9.54.4
3.0.6
3.1.6
3.0.4
3.0.5
6.23.1
6.24.1
0.20.2
0.23.2
9.5.0
9.6.0
4.1.1
4.3.1
8.57.0
9.6.0
15.6.0
15.8.0
3.0.3
3.3.2
5.4.5
5.5.3
7.13.1
7.15.0
4.5.3
5.3.3
Updates
@fluentui/react
from 8.112.5 to 8.119.0Release notes
Sourced from
@fluentui/react
's releases.Commits
c543aba
release: applying package updates - react v8a1da85c
release: applying package updates - web-components9de8ede
Add 'allowParentArrowNavigation' prop toComboBox
. (#31805)660d5fe
Add drawer web component (#31521)3fe95fd
fix: MenuButton is styled correctly when aria-expanded is a string (#31809)1e1398c
chore: Updating version of@fluentui/react-icons
to^2.0.245
(#31802)e53f719
chore:(docs) Migrate e2e Cypress testing doc (#31796)9f8fa4c
chore:(docs) Update API Extractor file (#31651)5226974
chore: migrate to nx 18 (#31746)2384048
release: applying package updates - react v8Updates
@fluentui/react-components
from 9.37.3 to 9.54.4Release notes
Sourced from
@fluentui/react-components
's releases.... (truncated)
Commits
400cd5a
release: applying package updates - react-components674cdee
chore: normalize project names in whole repo (#31893)f5aad26
fix(Tree): Roving tabindexes should be refreshed if current element is unmoun...99b5b84
chore(vr-tests-v9): Convert Combobox VR tests to CSF (#31922)0db8092
chore(vr-tests-v9): Convert Checkbox VR tests to CSF (#31916)6f482a9
chore(vr-tests-v9): Convert DatePickerCompat VR tests to CSF (#31923)bcc482a
chore(vr-tests-v9): Convert AvatarGroup to CSF (#31914)338cd90
chore(vr-tests-v9): Convert Calendar VR tests to CSF (#31915)8393f61
chore: implement release pipeline for tools scope (#31844)65769d8
feat: vertically align inline inputs (#31812)Updates
@fluentui/react-icons
from 2.0.221 to 2.0.247Commits
Updates
dompurify
from 3.0.6 to 3.1.6Release notes
Sourced from dompurify's releases.
... (truncated)
Commits
4083a90
Merge pull request #978 from cure53/main90a10a1
fix: Fixed a typo on the README65df042
chore: Preparing 3.1.6 release6e03334
fix: Made sure that remove() is not called directly from node00fc06c
fix: Fixed a DOM clobbering issue leading to an error being thrownf8c2ef5
Merge pull request #977 from cure53/dependabot/npm_and_yarn/multi-99ca4f73d8e5112ec
build(deps): bump ws and socket.io-adapter9978cec
docs: Added better security warning about SAFE_FOR_XML to READMEfa542df
fix: Changed the order for attribute checks slightly for safer hooksb8b552c
Merge pull request #975 from cure53/dependabot/npm_and_yarn/multi-2d3aef8690Updates
@types/dompurify
from 3.0.4 to 3.0.5Commits
Updates
react-router-dom
from 6.23.1 to 6.24.1Release notes
Sourced from react-router-dom's releases.
... (truncated)
Changelog
Sourced from react-router-dom's changelog.
Commits
0a87644
chore: Update version for release (#11767)453e5f3
chore: Update version for release (pre) (#11760)dd607e0
Remove polyfil.io reference from warning message (#11741)fa25691
Merge branch 'release-next' into deva569d76
chore: Update version for release (#11717)d73c1f6
feat: export type NavLinkRenderProps (#11553)a2f718b
chore: Update version for release (pre) (#11661)4e85e98
Support lazy route discovery (fog of war) (#11626)be8a259
Fix fetcher.submit types (#11631)58dcfbb
Merge branch 'release-next' into devUpdates
scheduler
from 0.20.2 to 0.23.2Commits
Maintainer changes
This version was pushed to npm by react-bot, a new releaser for scheduler since your current version.
Updates
@eslint/js
from 9.5.0 to 9.6.0Release notes
Sourced from
@eslint/js
's releases.Changelog
Sourced from
@eslint/js
's changelog.Commits
d655503
chore: package.json update for@eslint/js
releaseUpdates
@types/dompurify
from 3.0.4 to 3.0.5Commits
Updates
@vitejs/plugin-react
from 4.1.1 to 4.3.1Release notes
Sourced from
@vitejs/plugin-react
's releases.... (truncated)
Changelog
Sourced from
@vitejs/plugin-react
's changelog.... (truncated)
Commits
1609186
release: plugin-react@4.3.1ea647d1
fix: handle using compiler with React 18 (#330)7e7322a
release: plugin-react@4.3.04b4a95c
fix: don't use retainLines with react compiler (#319)2b7f2ae
fix: support HMR for class components (#320)302a323
docs: add minimum react version (#321)9ebfe68
chore: bump deps (#318)8b53547
release: plugin-react@4.2.1ec63066
chore(deps): update dependency vite to v5 (#263)8512995
fix(deps): update all non-major dependencies (#259)Updates
eslint
from 8.57.0 to 9.6.0Release notes
Sourced from eslint's releases.
... (truncated)
Changelog
Sourced from eslint's changelog.