search

fairdataihub / FAIRshare

Simplifying the curation and sharing of biomedical research data and software according to applicable FAIR guidelines
https://fairdataihub.org/fairshare
MIT License
75 stars 6 forks source link

fix(deps): update dependency dompurify to v3.1.5 #840

Closed renovate[bot] closed 5 months ago

renovate[bot] commented 5 months ago

Mend Renovate

This PR contains the following updates:

Package Change Age Adoption Passing Confidence
dompurify 3.0.9 -> 3.1.5 age adoption passing confidence

Release Notes

cure53/DOMPurify (dompurify) ### [`v3.1.5`](https://togithub.com/cure53/DOMPurify/releases/tag/3.1.5): DOMPurify 3.1.5 [Compare Source](https://togithub.com/cure53/DOMPurify/compare/3.1.4...3.1.5) - Fixed a minor issue with the dist paths in `bower.js`, thanks [@​HakumenNC](https://togithub.com/HakumenNC) - Fixed a minor issue with sanitizing HTML coming from copy\&paste Word content, thanks [@​kakao-bishop-cho](https://togithub.com/kakao-bishop-cho) ### [`v3.1.4`](https://togithub.com/cure53/DOMPurify/releases/tag/3.1.4): DOMPurify 3.1.4 [Compare Source](https://togithub.com/cure53/DOMPurify/compare/3.1.3...3.1.4) - Fixed an issue with the recently implemented `isNaN` checks, thanks [@​tulach](https://togithub.com/tulach) - Added several new popover attributes to allow-list, thanks [@​Gigabyte5671](https://togithub.com/Gigabyte5671) - Fixed the tests and adjusted the test runner to cover all branches ### [`v3.1.3`](https://togithub.com/cure53/DOMPurify/releases/tag/3.1.3): DOMPurify 3.1.3 [Compare Source](https://togithub.com/cure53/DOMPurify/compare/3.1.2...3.1.3) - Fixed several mXSS variations found by and thanks to [@​kevin-mizu](https://togithub.com/kevin-mizu) & [@​Ry0taK](https://togithub.com/Ry0taK) - Added better configurability for comment scrubbing default behavior - Added better hardening against Prototype Pollution attacks, thanks [@​kevin-mizu](https://togithub.com/kevin-mizu) - Added better handling and readability of the `nodeType` property, thanks [@​ssi02014](https://togithub.com/ssi02014) - Fixed some smaller issues in README and other documentation ### [`v3.1.2`](https://togithub.com/cure53/DOMPurify/releases/tag/3.1.2): DOMPurify 3.1.2 [Compare Source](https://togithub.com/cure53/DOMPurify/compare/3.1.1...3.1.2) - Addressed and fixed a mXSS variation found by [@​kevin-mizu](https://togithub.com/kevin-mizu) - Addressed and fixed a mXSS variation found by [Adam Kues](https://twitter.com/hash_kitten) of Assetnote - Updated tests for older Safari and Chrome versions ### [`v3.1.1`](https://togithub.com/cure53/DOMPurify/releases/tag/3.1.1): DOMPurify 3.1.1 [Compare Source](https://togithub.com/cure53/DOMPurify/compare/3.1.0...3.1.1) - Fixed an mXSS sanitiser bypass reported by [@​icesfont](https://togithub.com/icesfont) - Added new code to track element nesting depth - Added new code to enforce a maximum nesting depth of 255 - Added coverage tests and necessary clobbering protections **Note that this is a security release and should be upgraded to immediately. Please also note that further releases may follow as the underlying vulnerability is apparently new and further variations may be discovered.** ### [`v3.1.0`](https://togithub.com/cure53/DOMPurify/releases/tag/3.1.0): DOMPurify 3.1.0 [Compare Source](https://togithub.com/cure53/DOMPurify/compare/3.0.11...3.1.0) - Added new setting `SAFE_FOR_XML` to enable better control over comment scrubbing - Updated README to warn about *happy-dom* not being safe for use with DOMPurify yet - Updated the LICENSE file to show the accurate year number - Updated several build and test dependencies ### [`v3.0.11`](https://togithub.com/cure53/DOMPurify/releases/tag/3.0.11): DOMPurify 3.0.11 [Compare Source](https://togithub.com/cure53/DOMPurify/compare/3.0.10...3.0.11) - Fixed another conditional bypass caused by Processing Instructions, thanks [@​Ry0taK](https://togithub.com/Ry0taK) - Fixed the regex for HTML Custom Element detection, thanks [@​AlekseySolovey3T](https://togithub.com/AlekseySolovey3T) ### [`v3.0.10`](https://togithub.com/cure53/DOMPurify/releases/tag/3.0.10): DOMPurify 3.0.10 [Compare Source](https://togithub.com/cure53/DOMPurify/compare/3.0.9...3.0.10) - Fixed two possible bypasses when sanitizing an XML document and later using it in HTML, thanks [@​Slonser](https://togithub.com/Slonser) - Bumped up some build and test dependencies

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

This PR has been generated by Mend Renovate. View repository job log here.

sonarcloud[bot] commented 5 months ago

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarCloud