cure53/DOMPurify (dompurify)
### [`v3.1.1`](https://togithub.com/cure53/DOMPurify/releases/tag/3.1.1): DOMPurify 3.1.1
[Compare Source](https://togithub.com/cure53/DOMPurify/compare/3.1.0...3.1.1)
- Fixed an mXSS sanitiser bypass reported by [@icesfont](https://togithub.com/icesfont)
- Added new code to track element nesting depth
- Added new code to enforce a maximum nesting depth of 255
- Added coverage tests and necessary clobbering protections
**Note that this is a security release and should be upgraded to immediately. Please also note that further releases may follow as the underlying vulnerability is apparently new and further variations may be discovered.**
Configuration
π Schedule: Branch creation - "after 2pm on Saturday" in timezone Europe/Zurich, Automerge - At any time (no schedule defined).
π¦ Automerge: Enabled.
β» Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
π Ignore: Close this PR and you won't be reminded about this update again.
[ ] If you want to rebase/retry this PR, check this box
This PR has been generated by Mend Renovate. View repository job log here.
This PR contains the following updates:
3.1.0
->3.1.1
Release Notes
cure53/DOMPurify (dompurify)
### [`v3.1.1`](https://togithub.com/cure53/DOMPurify/releases/tag/3.1.1): DOMPurify 3.1.1 [Compare Source](https://togithub.com/cure53/DOMPurify/compare/3.1.0...3.1.1) - Fixed an mXSS sanitiser bypass reported by [@icesfont](https://togithub.com/icesfont) - Added new code to track element nesting depth - Added new code to enforce a maximum nesting depth of 255 - Added coverage tests and necessary clobbering protections **Note that this is a security release and should be upgraded to immediately. Please also note that further releases may follow as the underlying vulnerability is apparently new and further variations may be discovered.**Configuration
π Schedule: Branch creation - "after 2pm on Saturday" in timezone Europe/Zurich, Automerge - At any time (no schedule defined).
π¦ Automerge: Enabled.
β» Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
π Ignore: Close this PR and you won't be reminded about this update again.
This PR has been generated by Mend Renovate. View repository job log here.