codecov[bot]
commented
4 weeks ago Codecov Report
All modified and coverable lines are covered by tests :white_check_mark:
Project coverage is 38.43%. Comparing base (
a5c73b7) to head (0663bd8).
Additional details and impacted files
```diff @@ Coverage Diff @@ ## master #4023 +/- ## ======================================= Coverage 38.43% 38.43% ======================================= Files 718 718 Lines 33051 33051 Branches 4670 4670 ======================================= Hits 12704 12704 Misses 19723 19723 Partials 624 624 ``` | [Flag](https://app.codecov.io/gh/quiltdata/quilt/pull/4023/flags?src=pr&el=flags&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=quiltdata) | Coverage Δ | | |---|---|---| | [api-python](https://app.codecov.io/gh/quiltdata/quilt/pull/4023/flags?src=pr&el=flag&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=quiltdata) | `90.75% <ø> (ø)` | | | [catalog](https://app.codecov.io/gh/quiltdata/quilt/pull/4023/flags?src=pr&el=flag&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=quiltdata) | `11.50% <ø> (ø)` | | | [lambda](https://app.codecov.io/gh/quiltdata/quilt/pull/4023/flags?src=pr&el=flag&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=quiltdata) | `87.96% <ø> (ø)` | | Flags with carried forward coverage won't be shown. [Click here](https://docs.codecov.io/docs/carryforward-flags?utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=quiltdata#carryforward-flags-in-the-pull-request-comment) to find out more.:umbrella: View full report in Codecov by Sentry.
:loudspeaker: Have feedback on the report? Share it here.
This PR contains the following updates:
^3.0.5->^3.1.5^3.0.2->^3.0.5Release Notes
cure53/DOMPurify (dompurify)
### [`v3.1.5`](https://togithub.com/cure53/DOMPurify/releases/tag/3.1.5): DOMPurify 3.1.5 [Compare Source](https://togithub.com/cure53/DOMPurify/compare/3.1.4...3.1.5) - Fixed a minor issue with the dist paths in `bower.js`, thanks [@HakumenNC](https://togithub.com/HakumenNC) - Fixed a minor issue with sanitizing HTML coming from copy\&paste Word content, thanks [@kakao-bishop-cho](https://togithub.com/kakao-bishop-cho) ### [`v3.1.4`](https://togithub.com/cure53/DOMPurify/releases/tag/3.1.4): DOMPurify 3.1.4 [Compare Source](https://togithub.com/cure53/DOMPurify/compare/3.1.3...3.1.4) - Fixed an issue with the recently implemented `isNaN` checks, thanks [@tulach](https://togithub.com/tulach) - Added several new popover attributes to allow-list, thanks [@Gigabyte5671](https://togithub.com/Gigabyte5671) - Fixed the tests and adjusted the test runner to cover all branches ### [`v3.1.3`](https://togithub.com/cure53/DOMPurify/releases/tag/3.1.3): DOMPurify 3.1.3 [Compare Source](https://togithub.com/cure53/DOMPurify/compare/3.1.2...3.1.3) - Fixed several mXSS variations found by and thanks to [@kevin-mizu](https://togithub.com/kevin-mizu) & [@Ry0taK](https://togithub.com/Ry0taK) - Added better configurability for comment scrubbing default behavior - Added better hardening against Prototype Pollution attacks, thanks [@kevin-mizu](https://togithub.com/kevin-mizu) - Added better handling and readability of the `nodeType` property, thanks [@ssi02014](https://togithub.com/ssi02014) - Fixed some smaller issues in README and other documentation ### [`v3.1.2`](https://togithub.com/cure53/DOMPurify/releases/tag/3.1.2): DOMPurify 3.1.2 [Compare Source](https://togithub.com/cure53/DOMPurify/compare/3.1.1...3.1.2) - Addressed and fixed a mXSS variation found by [@kevin-mizu](https://togithub.com/kevin-mizu) - Addressed and fixed a mXSS variation found by [Adam Kues](https://twitter.com/hash_kitten) of Assetnote - Updated tests for older Safari and Chrome versions ### [`v3.1.1`](https://togithub.com/cure53/DOMPurify/releases/tag/3.1.1): DOMPurify 3.1.1 [Compare Source](https://togithub.com/cure53/DOMPurify/compare/3.1.0...3.1.1) - Fixed an mXSS sanitiser bypass reported by [@icesfont](https://togithub.com/icesfont) - Added new code to track element nesting depth - Added new code to enforce a maximum nesting depth of 255 - Added coverage tests and necessary clobbering protections **Note that this is a security release and should be upgraded to immediately. Please also note that further releases may follow as the underlying vulnerability is apparently new and further variations may be discovered.** ### [`v3.1.0`](https://togithub.com/cure53/DOMPurify/releases/tag/3.1.0): DOMPurify 3.1.0 [Compare Source](https://togithub.com/cure53/DOMPurify/compare/3.0.11...3.1.0) - Added new setting `SAFE_FOR_XML` to enable better control over comment scrubbing - Updated README to warn about *happy-dom* not being safe for use with DOMPurify yet - Updated the LICENSE file to show the accurate year number - Updated several build and test dependencies ### [`v3.0.11`](https://togithub.com/cure53/DOMPurify/releases/tag/3.0.11): DOMPurify 3.0.11 [Compare Source](https://togithub.com/cure53/DOMPurify/compare/3.0.10...3.0.11) - Fixed another conditional bypass caused by Processing Instructions, thanks [@Ry0taK](https://togithub.com/Ry0taK) - Fixed the regex for HTML Custom Element detection, thanks [@AlekseySolovey3T](https://togithub.com/AlekseySolovey3T) ### [`v3.0.10`](https://togithub.com/cure53/DOMPurify/releases/tag/3.0.10): DOMPurify 3.0.10 [Compare Source](https://togithub.com/cure53/DOMPurify/compare/3.0.9...3.0.10) - Fixed two possible bypasses when sanitizing an XML document and later using it in HTML, thanks [@Slonser](https://togithub.com/Slonser) - Bumped up some build and test dependencies ### [`v3.0.9`](https://togithub.com/cure53/DOMPurify/releases/tag/3.0.9): DOMPurify 3.0.9 [Compare Source](https://togithub.com/cure53/DOMPurify/compare/3.0.8...3.0.9) - Fixed a problem with proper detection of Custom Elements, thanks [@kevin-mizu](https://togithub.com/kevin-mizu) - Refactored the `hasOwnProperty` logic, thanks [@ssi02014](https://togithub.com/ssi02014) - Removed a superfluous `console.warn` making HappyDom happier, thanks [@HugoPoi](https://togithub.com/HugoPoi) - Modernized some of the demo hooks for better looks, thanks [@Steb95](https://togithub.com/Steb95) ### [`v3.0.8`](https://togithub.com/cure53/DOMPurify/releases/tag/3.0.8): DOMPurify 3.0.8 [Compare Source](https://togithub.com/cure53/DOMPurify/compare/3.0.7...3.0.8) - Fixed errors caused by conditional exports, thanks [@ssi02014](https://togithub.com/ssi02014) - Fixed a type error when working with custom element config, thanks [@cpmotion](https://togithub.com/cpmotion) ### [`v3.0.7`](https://togithub.com/cure53/DOMPurify/releases/tag/3.0.7): DOMPurify 3.0.7 [Compare Source](https://togithub.com/cure53/DOMPurify/compare/3.0.6...3.0.7) - Added better protection against CSPP attacks, thanks [@kevin-mizu](https://togithub.com/kevin-mizu) - Updated browser versions for automated tests - Updated Node versions for automated tests ### [`v3.0.6`](https://togithub.com/cure53/DOMPurify/releases/tag/3.0.6): DOMPurify 3.0.6 [Compare Source](https://togithub.com/cure53/DOMPurify/compare/3.0.5...3.0.6) - Refactored the core code-base and several utilities, thanks [@ssi02014](https://togithub.com/ssi02014) - Updated and fixed several sections of the README, thanks [@ssi02014](https://togithub.com/ssi02014) - Updated several outdated build and test dependenciesConfiguration
📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about these updates again.
This PR has been generated by Mend Renovate. View repository job log here.