A sample app for the Retrieval-Augmented Generation pattern running in Azure, using Azure AI Search for retrieval and Azure OpenAI large language models to power ChatGPT-style and Q&A experiences.
Added better configurability for comment scrubbing default behavior
Added better hardening against Prototype Pollution attacks, thanks @kevin-mizu
Added better handling and readability of the nodeType property, thanks @ssi02014
Fixed some smaller issues in README and other documentation
DOMPurify 3.1.2
Addressed and fixed a mXSS variation found by @kevin-mizu
Addressed and fixed a mXSS variation found by Adam Kues of Assetnote
Updated tests for older Safari and Chrome versions
DOMPurify 3.1.1
Fixed an mXSS sanitiser bypass reported by @icesfont
Added new code to track element nesting depth
Added new code to enforce a maximum nesting depth of 255
Added coverage tests and necessary clobbering protections
Note that this is a security release and should be upgraded to immediately. Please also note that further releases may follow as the underlying vulnerability is apparently new and further variations may be discovered.
DOMPurify 3.1.0
Added new setting SAFE_FOR_XML to enable better control over comment scrubbing
Updated README to warn about happy-dom not being safe for use with DOMPurify yet
Updated the LICENSE file to show the accurate year number
Updated several build and test dependencies
DOMPurify 3.0.11
Fixed another conditional bypass caused by Processing Instructions, thanks @Ry0taK
Fixed the regex for HTML Custom Element detection, thanks @AlekseySolovey3T
DOMPurify 3.0.10
Fixed two possible bypasses when sanitizing an XML document and later using it in HTML, thanks @Slonser
Bumped up some build and test dependencies
DOMPurify 3.0.9
Fixed a problem with proper detection of Custom Elements, thanks @kevin-mizu
Refactored the hasOwnProperty logic, thanks @ssi02014
Removed a superfluous console.warn making HappyDom happier, thanks @HugoPoi
Modernized some of the demo hooks for better looks, thanks @Steb95
DOMPurify 3.0.8
Fixed errors caused by conditional exports, thanks @ssi02014
Fixed a type error when working with custom element config, thanks @cpmotion
Check for document existence when checking startViewTransition (#11544)
Change the react-router-dom/server import back to react-router-dom instead of index.ts (#11514)
Updated dependencies:
@remix-run/router@1.16.1
react-router@6.23.1
6.23.0
Minor Changes
Add a new unstable_dataStrategy configuration option (#11098)
This option allows Data Router applications to take control over the approach for executing route loaders and actions
The default implementation is today's behavior, to fetch all loaders in parallel, but this option allows users to implement more advanced data flows including Remix single-fetch, middleware/context APIs, automatic loader caching, and more
Bumps the node-packages group with 18 updates in the /app/frontend directory:
2.0.6
2.0.16
8.112.5
8.118.5
9.37.3
9.53.0
9.1.6
12.0.2
3.0.6
3.1.4
3.0.4
3.0.5
18.2.0
18.3.1
18.2.34
18.3.3
18.2.0
18.3.1
18.2.14
18.3.0
6.18.0
6.23.1
1.0.7
1.2.0
0.20.2
0.23.2
4.1.1
4.3.0
3.0.3
3.2.5
5.2.2
5.4.5
15.5.9
15.5.13
4.5.3
5.2.11
Updates
@azure/msal-react
from 2.0.6 to 2.0.16Release notes
Sourced from
@azure/msal-react
's releases.... (truncated)
Commits
8ba150d
Bump package versionse5fa16e
Fix uncaught exceptions in acquireTokenSilent (#7073)d556aed
Bump ejs from 3.1.9 to 3.1.10 (#7074)d918e4c
Do not register duplicate performance callbacks (#7069)d6a9dfe
Managed Identity: ManagedIdentityTokenResponse's expires_in is now calculated...e6d18c5
Client Assertion implementation now accepts an async callback as well as a st...37633b4
ClientCredential and OBO acquireToken requests with claims will now skip the ...1c72e3f
Removed Managed Identity Resource URI Validation (#7059)9d7cdec
Add additional logging for NAA initialization (#7064)23280a4
Export invoke and invokeAsync functions (#7065)Updates
@azure/msal-browser
from 3.10.0 to 3.14.0Release notes
Sourced from
@azure/msal-browser
's releases.... (truncated)
Commits
8ba150d
Bump package versionse5fa16e
Fix uncaught exceptions in acquireTokenSilent (#7073)d556aed
Bump ejs from 3.1.9 to 3.1.10 (#7074)d918e4c
Do not register duplicate performance callbacks (#7069)d6a9dfe
Managed Identity: ManagedIdentityTokenResponse's expires_in is now calculated...e6d18c5
Client Assertion implementation now accepts an async callback as well as a st...37633b4
ClientCredential and OBO acquireToken requests with claims will now skip the ...1c72e3f
Removed Managed Identity Resource URI Validation (#7059)9d7cdec
Add additional logging for NAA initialization (#7064)23280a4
Export invoke and invokeAsync functions (#7065)Updates
@fluentui/react
from 8.112.5 to 8.118.5Release notes
Sourced from
@fluentui/react
's releases.Commits
555e0a4
applying package updatese5b6146
applying package updatesbabf7b4
chore: revert globals changes (#31470)db8e9c5
(web-components) UseElementInternals
for TextInput elements (#31201)d8d3252
chore:(docs) Update and migrate component implementation guide (#31398)a9defa9
disallow all globals in Fluent v9 (#30967)22da879
chore:(react-nav-preview) Recomposing more components and some pixel pushing ...b45f592
fix(pr-deploy-site): explicitly set types to not include whole @types/* globa...66ce207
fix(recipes-react-components): explicitly set types to not include whole@typ
...0827e48
applying package updatesUpdates
@fluentui/react-components
from 9.37.3 to 9.53.0Release notes
Sourced from
@fluentui/react-components
's releases.... (truncated)
Commits
0827e48
applying package updates03599d6
applying package updates10e6758
applying package updatesf20861c
Update IconDirectionContextProvider import to import from specific path (#31006)410b743
fix: make type-check task run with --noEmit and return only void Promise on s...4833b3e
chore: migrate .shorthands() [teams-prg & xc-uxe] (#31458)7a2367b
chore(Dialog): migrate to new motion APIs (#31380)78e136d
chore: migrate .shorthands() [cxe-red] (#31449)b5071e6
fix: ExcludingFocusZones
inside ofContextualMenus
fromtabster
's focu...9232905
chore: migrate .shorthands() [cxe-prg] (#31448)Updates
@fluentui/react-icons
from 2.0.221 to 2.0.240Commits
Updates
marked
from 9.1.6 to 12.0.2Release notes
Sourced from marked's releases.
... (truncated)
Commits
c6a98ea
chore(release): 12.0.2 [skip ci]e9f0eed
fix: fix Setext continuation in blockquote (#3257)a90223b
chore(deps-dev): Bump@typescript-eslint/eslint-plugin
from 7.4.0 to 7.6.0 (#...7757f96
chore(deps-dev): Bump typescript from 5.4.4 to 5.4.5 (#3261)609b65c
chore(deps-dev): Bump@arethetypeswrong/cli
from 0.15.2 to 0.15.3 (#3258)dfa835e
chore(deps-dev): Bump rollup from 4.14.1 to 4.14.3 (#3259)f0fb744
chore(deps-dev): Bump semantic-release from 23.0.6 to 23.0.7 (#3255)924130d
chore(deps-dev): Bump@semantic-release/github
from 10.0.2 to 10.0.3 (#3254)8cdb7ca
chore(deps-dev): Bump rollup from 4.13.2 to 4.14.1 (#3253)1cc9eb2
chore(deps-dev): Bump typescript from 5.4.3 to 5.4.4 (#3252)Updates
dompurify
from 3.0.6 to 3.1.4Release notes
Sourced from dompurify's releases.
... (truncated)
Commits
7517e9c
Merge pull request #960 from cure53/main3ddb7f2
chore: Preparing 3.1.4 release4486f91
test: Experimentally changed TEST_PROBE_ONLY to not cover 2.x1223487
fix: Added MSIE number check fix to main as wella34860b
Merge pull request #957 from Gigabyte5671/popover-api96bf0d4
Merge pull request #956 from MortenHofft/patch-128c1828
Add popover attributes to allow list952f309
documentation3fe78d7
chore: Preparing 3.1.3 releaseb20ce99
fix: Added smaller-than-null check for __depth hardening codeUpdates
@types/dompurify
from 3.0.4 to 3.0.5Commits
Updates
react
from 18.2.0 to 18.3.1Release notes
Sourced from react's releases.
Changelog
Sourced from react's changelog.
Commits
f1338f8
ExportReact.act
from 18.3d6c42f7
Bump to 18.3.173bfaa1
Turn on key spread warning in jsx-runtime for everyone (#25697)c2a246e
Turn on string ref deprecation warning for everybody (not codemoddable) (#25383)2cfb474
Bump version from 18.2 to 18.3Maintainer changes
This version was pushed to npm by react-bot, a new releaser for react since your current version.
Updates
@types/react
from 18.2.34 to 18.3.3Commits
Updates
react-dom
from 18.2.0 to 18.3.1Release notes
Sourced from react-dom's releases.
Changelog
Sourced from react-dom's changelog.
Commits
d6c42f7
Bump to 18.3.18a015b6
Add deprecation warning for unmountComponentAtNodec3b2839
Add deprecation warning for findDOMNoded4ea75d
ReactDOMTestUtils deprecation warnings7548c01
DeprecaterenderToStaticNodeStream
(#28872) (#28874)5894232
Enable warning for defaultProps on function components for everyone (#25699)c2a246e
Turn on string ref deprecation warning for everybody (not codemoddable) (#25383)2cfb474
Bump version from 18.2 to 18.3Maintainer changes
This version was pushed to npm by react-bot, a new releaser for react-dom since your current version.
Updates
@types/react-dom
from 18.2.14 to 18.3.0Commits
Updates
react-router-dom
from 6.18.0 to 6.23.1Release notes
Sourced from react-router-dom's releases.
... (truncated)
Changelog
Sourced from react-router-dom's changelog.
... (truncated)
Commits
aef5c4a
chore: Update version for release (#11551)26bc8e2
chore: Update version for release (pre) (#11545)031478d
Add defensive window.document check when checking for startViewTransition (#1...9651465
chore: Update version for release (pre) (#11516)fdff9dd
Fix react-router-dom/server index.ts import from pnpm migration (#11514)82a3a77
chore: Update version for release (#11486)8a20f32
chore: Update version for release (pre) (#11387)88ec71a
chore: Update version for release (pre) (#11379)12afb2e
Migrate to pnpm (#11358)c7dd3d3
Data Strategy Configuration (#11098)Superseded by #1664.