Upgrade DOMPurify to latest (2.5.4)

Redocly / redoc

📘 OpenAPI/Swagger-generated API Reference Documentation

https://redocly.github.io/redoc/

MIT License

23.63k stars 2.3k forks source link

Upgrade DOMPurify to latest (2.5.4) #2595

Closed stefan-gheorghe-leica closed 1 month ago

stefan-gheorghe-leica commented 2 months ago

Describe the problem to be solved We're using redoc-cli and via the redoc npm package it brings up the dompurify 2.2.2. This package contains a vulnerability which got fixed in version >= 2.5.4

Describe the solution you'd like Update used dompurify in redoc to at least 2.5.4

stefan-gheorghe-leica commented 2 months ago

AlexVarchuk commented 1 month ago

closed via https://github.com/Redocly/redoc/pull/2602

gheorghe-stefan commented 1 month ago

Hi @AlexVarchuk , any news about https://github.com/Redocly/redoc/issues/2581 ? Also when we could have a release of redocly including these 2 upgraded packages? Thanks in advance.

AlexVarchuk commented 1 month ago

Hi @gheorghe-stefan, dompurify already released but webpack have not merged yet. I believe webpack author of PR will merge it soon and we have it before the next release.