A sample app for the Retrieval-Augmented Generation pattern running in Azure, using Azure AI Search for retrieval and Azure OpenAI large language models to power ChatGPT-style and Q&A experiences.
Added better configurability for comment scrubbing default behavior
Added better hardening against Prototype Pollution attacks, thanks @kevin-mizu
Added better handling and readability of the nodeType property, thanks @ssi02014
Fixed some smaller issues in README and other documentation
DOMPurify 3.1.2
Addressed and fixed a mXSS variation found by @kevin-mizu
Addressed and fixed a mXSS variation found by Adam Kues of Assetnote
Updated tests for older Safari and Chrome versions
DOMPurify 3.1.1
Fixed an mXSS sanitiser bypass reported by @icesfont
Added new code to track element nesting depth
Added new code to enforce a maximum nesting depth of 255
Added coverage tests and necessary clobbering protections
Note that this is a security release and should be upgraded to immediately. Please also note that further releases may follow as the underlying vulnerability is apparently new and further variations may be discovered.
DOMPurify 3.1.0
Added new setting SAFE_FOR_XML to enable better control over comment scrubbing
Updated README to warn about happy-dom not being safe for use with DOMPurify yet
Updated the LICENSE file to show the accurate year number
Updated several build and test dependencies
DOMPurify 3.0.11
Fixed another conditional bypass caused by Processing Instructions, thanks @Ry0taK
Fixed the regex for HTML Custom Element detection, thanks @AlekseySolovey3T
DOMPurify 3.0.10
Fixed two possible bypasses when sanitizing an XML document and later using it in HTML, thanks @Slonser
Bumped up some build and test dependencies
DOMPurify 3.0.9
Fixed a problem with proper detection of Custom Elements, thanks @kevin-mizu
Refactored the hasOwnProperty logic, thanks @ssi02014
Removed a superfluous console.warn making HappyDom happier, thanks @HugoPoi
Modernized some of the demo hooks for better looks, thanks @Steb95
Check for document existence when checking startViewTransition (#11544)
Change the react-router-dom/server import back to react-router-dom instead of index.ts (#11514)
Updated dependencies:
@remix-run/router@1.16.1
react-router@6.23.1
6.23.0
Minor Changes
Add a new unstable_dataStrategy configuration option (#11098)
This option allows Data Router applications to take control over the approach for executing route loaders and actions
The default implementation is today's behavior, to fetch all loaders in parallel, but this option allows users to implement more advanced data flows including Remix single-fetch, middleware/context APIs, automatic loader caching, and more
Due to the bugs we get from updating all packages at once, I'm changing the dependabot file to do individual updates. Hoping that it will be easier to reason about any bugs from version updates.
Bumps the node-packages group with 18 updates in the /app/frontend directory:
2.0.6
2.0.18
8.112.5
8.118.7
9.37.3
9.54.0
9.1.6
12.0.2
3.0.6
3.1.5
3.0.4
3.0.5
18.2.0
18.3.1
18.2.34
18.3.3
18.2.0
18.3.1
18.2.14
18.3.0
6.18.0
6.23.1
1.0.7
1.2.0
0.20.2
0.23.2
4.1.1
4.3.1
3.0.3
3.3.1
5.2.2
5.4.5
15.5.9
15.5.13
4.5.3
5.2.13
Updates
@azure/msal-react
from 2.0.6 to 2.0.18Release notes
Sourced from
@azure/msal-react
's releases.... (truncated)
Commits
46f6e8a
Bump package versions8e4b664
Fix MSAL Angular MsalInterceptor bug matching to query string (#7137)69e58c3
Update regional-authorities.md (#7078)4d3c84b
Instrument pre-redirect flow (#7134)159d9da
Add debug variables parameter to 1p-e2e pipeline (#7131)9b14226
Update api reports post-release (#7129)28a0441
Bump package versions86619c7
Update E2E Test Templates (#7103)3256445
Bump axios from 0.21.4 to 1.7.2 (#7125)1ad0936
Angular 18 support changes (#7124)Updates
@azure/msal-browser
from 3.10.0 to 3.16.0Release notes
Sourced from
@azure/msal-browser
's releases.... (truncated)
Commits
46f6e8a
Bump package versions8e4b664
Fix MSAL Angular MsalInterceptor bug matching to query string (#7137)69e58c3
Update regional-authorities.md (#7078)4d3c84b
Instrument pre-redirect flow (#7134)159d9da
Add debug variables parameter to 1p-e2e pipeline (#7131)9b14226
Update api reports post-release (#7129)28a0441
Bump package versions86619c7
Update E2E Test Templates (#7103)3256445
Bump axios from 0.21.4 to 1.7.2 (#7125)1ad0936
Angular 18 support changes (#7124)Updates
@fluentui/react
from 8.112.5 to 8.118.7Release notes
Sourced from
@fluentui/react
's releases.Commits
058a094
applying package updatese5e806f
applying package updates8f6259c
build: add@floating-ui/dom
as a dependency (#31590)5987b68
fix(web-components): fix disabled button styles (#31585)84bf9cc
Improve contrast ratio of y value in ChartHoverCard (#31562)48ff23e
chore: migrate to@typescript-eslint
v5 (#31517)f49888c
feature(react-tree): preventScroll on navigation (#31577)f0fd89b
docs(react-list-preview): update the up/down arrow key behavior docs (#31573)fe58949
applying package updates6c603f4
applying package updatesUpdates
@fluentui/react-components
from 9.37.3 to 9.54.0Release notes
Sourced from
@fluentui/react-components
's releases.Commits
2cbbe3a
applying package updatesdf493e7
chore(react-components): split react libraries in two (/library and /stories)...4662072
ci: remove codesandbox ci (#31599)fcdd01e
chore: move@fluentui/react-motions-preview
to stable (#31574)02f620c
chore: update repo LICENSE (#31560)e76aee1
chore(react-components): split react libraries in two (/library and /stories)...becc7cd
bugfix(react-tree): ensure roving tab index when children changes (#31595)058a094
applying package updatese5e806f
applying package updates8f6259c
build: add@floating-ui/dom
as a dependency (#31590)Updates
@fluentui/react-icons
from 2.0.221 to 2.0.242Commits
Updates
marked
from 9.1.6 to 12.0.2Release notes
Sourced from marked's releases.
... (truncated)
Commits
c6a98ea
chore(release): 12.0.2 [skip ci]e9f0eed
fix: fix Setext continuation in blockquote (#3257)a90223b
chore(deps-dev): Bump@typescript-eslint/eslint-plugin
from 7.4.0 to 7.6.0 (#...7757f96
chore(deps-dev): Bump typescript from 5.4.4 to 5.4.5 (#3261)609b65c
chore(deps-dev): Bump@arethetypeswrong/cli
from 0.15.2 to 0.15.3 (#3258)dfa835e
chore(deps-dev): Bump rollup from 4.14.1 to 4.14.3 (#3259)f0fb744
chore(deps-dev): Bump semantic-release from 23.0.6 to 23.0.7 (#3255)924130d
chore(deps-dev): Bump@semantic-release/github
from 10.0.2 to 10.0.3 (#3254)8cdb7ca
chore(deps-dev): Bump rollup from 4.13.2 to 4.14.1 (#3253)1cc9eb2
chore(deps-dev): Bump typescript from 5.4.3 to 5.4.4 (#3252)Updates
dompurify
from 3.0.6 to 3.1.5Release notes
Sourced from dompurify's releases.
... (truncated)
Commits
6676133
Merge pull request #964 from cure53/main16a46de
chore: Preparing 3.1.5 release7cf4890
chore: Experimentally removing the depth counter logic as we have better defe...bfeb9a9
see #9617517e9c
Merge pull request #960 from cure53/main3ddb7f2
chore: Preparing 3.1.4 release4486f91
test: Experimentally changed TEST_PROBE_ONLY to not cover 2.x1223487
fix: Added MSIE number check fix to main as wella34860b
Merge pull request #957 from Gigabyte5671/popover-api96bf0d4
Merge pull request #956 from MortenHofft/patch-1Updates
@types/dompurify
from 3.0.4 to 3.0.5Commits
Updates
react
from 18.2.0 to 18.3.1Release notes
Sourced from react's releases.
Changelog
Sourced from react's changelog.
Commits
f1338f8
ExportReact.act
from 18.3d6c42f7
Bump to 18.3.173bfaa1
Turn on key spread warning in jsx-runtime for everyone (#25697)c2a246e
Turn on string ref deprecation warning for everybody (not codemoddable) (#25383)2cfb474
Bump version from 18.2 to 18.3Maintainer changes
This version was pushed to npm by react-bot, a new releaser for react since your current version.
Updates
@types/react
from 18.2.34 to 18.3.3Commits
Updates
react-dom
from 18.2.0 to 18.3.1Release notes
Sourced from react-dom's releases.
Changelog
Sourced from react-dom's changelog.
Commits
d6c42f7
Bump to 18.3.18a015b6
Add deprecation warning for unmountComponentAtNodec3b2839
Add deprecation warning for findDOMNoded4ea75d
ReactDOMTestUtils deprecation warnings7548c01
DeprecaterenderToStaticNodeStream
(#28872) (#28874)5894232
Enable warning for defaultProps on function components for everyone (#25699)c2a246e
Turn on string ref deprecation warning for everybody (not codemoddable) (#25383)2cfb474
Bump version from 18.2 to 18.3Maintainer changes
This version was pushed to npm by react-bot, a new releaser for react-dom since your current version.
Updates
@types/react-dom
from 18.2.14 to 18.3.0Commits
Updates
react-router-dom
from 6.18.0 to 6.23.1Release notes
Sourced from react-router-dom's releases.
... (truncated)
Changelog
Sourced from react-router-dom's changelog.
... (truncated)
Commits
aef5c4a
chore: Update version for release (#11551)26bc8e2
chore: Update version for release (pre) (#11545)031478d
Add defensive window.document check when checking for startViewTransition (#1...9651465
chore: Update version for release (pre) (#11516)fdff9dd
Fix react-router-dom/server index.ts import from pnpm migration (#11514)82a3a77
chore: Update version for release (#11486)8a20f32
chore: Update version for release (pre) (#11387)88ec71a
chore: Update version for release (pre) (#11379)12afb2e
Migrate to pnpm (#11358)c7dd3d3
Data Strategy Configuration (#11098)Updates
ndjson-readablestream
from 1.0.7 to 1.2.0Changelog
Sourced from ndjson-readablestream's changelog.
Commits
Updates
scheduler
from 0.20.2 to 0.23.2Commits
Maintainer changes
This version was pushed to npm by react-bot, a new releaser for scheduler since your current version.
Updates
@types/dompurify
from 3.0.4 to 3.0.5Commits
Updates
@types/react
from 18.2.34 to 18.3.3Commits
Updates
@types/react-dom
from 18.2.14 to 18.3.0Commits
Updates
@vitejs/plugin-react
from 4.1.1 to 4.3.1Release notes
Sourced from
@vitejs/plugin-react
's releases.Due to the bugs we get from updating all packages at once, I'm changing the dependabot file to do individual updates. Hoping that it will be easier to reason about any bugs from version updates.