search

Vero-Ventures / insurance-calculator

https://insurance-calculator-frontend.vercel.app
0 stars 0 forks source link

[Snyk] Upgrade dompurify from 3.0.6 to 3.1.2 #117

Open WilsonSue opened 4 months ago

WilsonSue commented 4 months ago

This PR was automatically created by Snyk using the credentials of a real user.


![snyk-top-banner](https://github.com/andygongea/OWASP-Benchmark/assets/818805/c518c423-16fe-447e-b67f-ad5a49b5d123)

Snyk has created this PR to upgrade dompurify from 3.0.6 to 3.1.2.

:information_source: Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.
- The recommended version is **8 versions** ahead of your current version. - The recommended version was released on **24 days ago**. #### Issues fixed by the recommended upgrade: | | Issue | Score | Exploit Maturity | :-------------------------:|:-------------------------|:-------------------------|:------------------------- ![medium severity](https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/m.png 'medium severity') | Template Injection
[SNYK-JS-DOMPURIFY-6474511](https://snyk.io/vuln/SNYK-JS-DOMPURIFY-6474511) | **586** | Proof of Concept
Release notes
Package name: dompurify
  • 3.1.2 - 2024-04-30
    • Addressed and fixed a mXSS variation found by @ kevin-mizu
    • Addressed and fixed a mXSS variation found by Adam Kues of Assetnote
    • Updated tests for older Safari and Chrome versions
  • 3.1.1 - 2024-04-26
    • Fixed an mXSS sanitiser bypass reported by @ icesfont
    • Added new code to track element nesting depth
    • Added new code to enforce a maximum nesting depth of 255
    • Added coverage tests and necessary clobbering protections

    Note that this is a security release and should be upgraded to immediately. Please also note that further releases may follow as the underlying vulnerability is apparently new and further variations may be discovered.

  • 3.1.0 - 2024-04-07
    • Added new setting SAFE_FOR_XML to enable better control over comment scrubbing
    • Updated README to warn about happy-dom not being safe for use with DOMPurify yet
    • Updated the LICENSE file to show the accurate year number
    • Updated several build and test dependencies
  • 3.0.11 - 2024-03-21
  • 3.0.10 - 2024-03-19
  • 3.0.9 - 2024-02-20
  • 3.0.8 - 2024-01-05
  • 3.0.7 - 2024-01-04
  • 3.0.6 - 2023-09-28
from dompurify GitHub release notes
--- > [!IMPORTANT] > > - Check the changes in this PR to ensure they won't cause issues with your project. > - This PR was automatically created by Snyk using the credentials of a real user. > - Max score is 1000. Note that the real score may have changed since the PR was raised. --- **Note:** _You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs._ **For more information:** > - šŸ§ [View latest project report](https://app.snyk.io/org/wilsonsue/project/3018e2e9-7c9f-4796-ab33-d68ed54af5e1?utm_source=github&utm_medium=referral&page=upgrade-pr) > - šŸ“œ [Customise PR templates](https://docs.snyk.io/scan-using-snyk/pull-requests/snyk-fix-pull-or-merge-requests/customize-pr-templates) > - šŸ›  [Adjust upgrade PR settings](https://app.snyk.io/org/wilsonsue/project/3018e2e9-7c9f-4796-ab33-d68ed54af5e1/settings/integration?utm_source=github&utm_medium=referral&page=upgrade-pr) > - šŸ”• [Ignore this dependency or unsubscribe from future upgrade PRs](https://app.snyk.io/org/wilsonsue/project/3018e2e9-7c9f-4796-ab33-d68ed54af5e1/settings/integration?pkg=dompurify&utm_source=github&utm_medium=referral&page=upgrade-pr#auto-dep-upgrades)
vercel[bot] commented 4 months ago

The latest updates on your projects. Learn more about Vercel for Git ā†—ļøŽ

Name Status Preview Comments Updated (UTC)
insurance-calculator-frontend āœ… Ready (Inspect) Visit Preview šŸ’¬ Add feedback May 24, 2024 6:26pm