Added better configurability for comment scrubbing default behavior
Added better hardening against Prototype Pollution attacks, thanks @kevin-mizu
Added better handling and readability of the nodeType property, thanks @ssi02014
Fixed some smaller issues in README and other documentation
DOMPurify 3.1.2
Addressed and fixed a mXSS variation found by @kevin-mizu
Addressed and fixed a mXSS variation found by Adam Kues of Assetnote
Updated tests for older Safari and Chrome versions
DOMPurify 3.1.1
Fixed an mXSS sanitiser bypass reported by @icesfont
Added new code to track element nesting depth
Added new code to enforce a maximum nesting depth of 255
Added coverage tests and necessary clobbering protections
Note that this is a security release and should be upgraded to immediately. Please also note that further releases may follow as the underlying vulnerability is apparently new and further variations may be discovered.
DOMPurify 3.1.0
Added new setting SAFE_FOR_XML to enable better control over comment scrubbing
Updated README to warn about happy-dom not being safe for use with DOMPurify yet
Updated the LICENSE file to show the accurate year number
Updated several build and test dependencies
DOMPurify 3.0.11
Fixed another conditional bypass caused by Processing Instructions, thanks @Ry0taK
Fixed the regex for HTML Custom Element detection, thanks @AlekseySolovey3T
DOMPurify 3.0.10
Fixed two possible bypasses when sanitizing an XML document and later using it in HTML, thanks @Slonser
Bumps the node-requirements group with 16 updates in the /frontend directory:
8.112.5
8.119.2
9.37.3
9.54.5
9.7.3
9.7.4
3.0.6
3.1.6
3.0.4
3.0.5
6.23.1
6.25.1
0.20.2
0.23.2
9.5.0
9.7.0
4.1.1
4.3.1
8.57.0
9.7.0
7.34.3
7.35.0
15.6.0
15.8.0
3.0.3
3.3.3
5.4.5
5.5.3
7.13.1
7.16.1
4.5.3
5.3.4
Updates
@fluentui/react
from 8.112.5 to 8.119.2Release notes
Sourced from
@fluentui/react
's releases.Commits
88adb31
release: applying package updates - react v83c9750e
release: applying package updates - web-componentsfc2ee09
fix(ContextualMenu): item.onClick is called when SplitMenuItem checkmark is c...be10f2c
Fix: Removes padding fromfluent-field
host element (#32002)dd5120e
Fix for WindowProvider utilities always returning window/document/undefined (...8f32934
patch(motion): CollapseCustomization storybook small tweak (#32032)38eff0b
ci(.github): introduce check-tooling CI pipeline (#31995)fd0552b
feat(motion): add Scale motion component (#32021)1678c8e
feat(motion): add Fade motion component (#32020)cbbca16
chore(vr-tests): Convert stories to CSF (#31941)Updates
@fluentui/react-components
from 9.37.3 to 9.54.5Release notes
Sourced from
@fluentui/react-components
's releases.... (truncated)
Commits
b3187cd
release: applying package updates - react-components55bc89d
feat(motion): Publish react-motion-components-preview (#31998)8082468
feat(motion): add Collapse motion component (#31982)8070f26
ci(v0-release): use new service connection which uses compliant Workload Iden...385baed
chore:(docs) Adds doc explaining _unstable suffix (#31969)20fcadf
docs: update convergence github issue template (#31964)d1d25ad
chore(deps): bump fast-loops from 1.1.2 to 1.1.4 (#31965)c399059
chore: update tools release pipeline (#31978)891b1f3
fix(react-tabster): bump tabster to 8.0.1 to fix memorized elements focusing ...410e072
bugfix(react-utilities): fix useMergedRefs signature to include null (#31951)Updates
@fluentui/react-icons
from 2.0.221 to 2.0.249Commits
Updates
@react-spring/web
from 9.7.3 to 9.7.4Release notes
Sourced from
@react-spring/web
's releases.... (truncated)
Commits
fd65b60
v9.7.4d64fc47
fix(shared): add rafz as a packagea755bd8
fix: adduseReducedMotion
compatibility for Safari 13 and older (#2300)f96db5e
Revert "chore(deps): update dependency remark-mdx-frontmatter to v5 (#2298)"28a172d
chore(deps): update dependency remark-mdx-frontmatter to v5 (#2298)1e4406e
chore(deps): update dependency tsx to v4 (#2260)58d06b8
chore: make deps absolute (#2283)f6047e4
chore(deps): update github artifact actions to v4 (major) (#2262)84ed1db
chore(deps): update testing deps (#2282)da2c12e
chore: update tooling depsUpdates
dompurify
from 3.0.6 to 3.1.6Release notes
Sourced from dompurify's releases.
... (truncated)
Commits
4083a90
Merge pull request #978 from cure53/main90a10a1
fix: Fixed a typo on the README65df042
chore: Preparing 3.1.6 release6e03334
fix: Made sure that remove() is not called directly from node00fc06c
fix: Fixed a DOM clobbering issue leading to an error being thrownf8c2ef5
Merge pull request #977 from cure53/dependabot/npm_and_yarn/multi-99ca4f73d8e5112ec
build(deps): bump ws and socket.io-adapter9978cec
docs: Added better security warning about SAFE_FOR_XML to READMEfa542df
fix: Changed the order for attribute checks slightly for safer hooksb8b552c
Merge pull request #975 from cure53/dependabot/npm_and_yarn/multi-2d3aef8690Updates
@types/dompurify
from 3.0.4 to 3.0.5Commits
Updates
react-router-dom
from 6.23.1 to 6.25.1Release notes
Sourced from react-router-dom's releases.
... (truncated)
Changelog
Sourced from react-router-dom's changelog.
... (truncated)
Commits
98941f8
chore: Update version for release (#11815)db24ec9
chore: Update version for release (pre) (#11814)a252428
Reduce RouterProvider re-renders when using View Transitions (#11803)6b8daf9
Revert "Temporary change to test release process off v6 branch"b8a4cdb
Temporary change to test release process off v6 branch13dfa13
chore: Update version for release (#11807)21b61c0
chore: Update version for release (pre) (#11800)7b22365
Stabilize future.unstable_skipActionErrorRevalidation (#11769)da65120
Fix useMatch undecoded params (#11789)0a87644
chore: Update version for release (#11767)Updates
scheduler
from 0.20.2 to 0.23.2Commits
Maintainer changes
This version was pushed to npm by react-bot, a new releaser for scheduler since your current version.
Updates
@eslint/js
from 9.5.0 to 9.7.0Release notes
Sourced from
@eslint/js
's releases.Changelog
Sourced from
@eslint/js
's changelog.Superseded by #61.