search

stanleyowen / otlio

An open source project of Todo which is easy to use and easy to organize!
https://otlio.netlify.app
MIT License
23 stars 3 forks source link

[Snyk] Upgrade dompurify from 2.3.3 to 2.3.5 #341

Closed snyk-bot closed 2 years ago

snyk-bot commented 2 years ago

Snyk has created this PR to upgrade dompurify from 2.3.3 to 2.3.5.

merge advice :information_source: Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

Release notes
Package name: dompurify
  • 2.3.5 - 2022-01-26
    • Performed several chores and cleanups, thanks @ is2ei
    • Fixed a bug when working with Trusted Types, thanks @ tosmolka
    • Fixed a bug with weird behavior on insecure nodes in IN_PLACE mode, thanks @ tosmolka
    • Added more SVG attributes to allow-list, thanks @ rzhade3
  • 2.3.4 - 2021-12-07
    • Added support for Custom Elements, thanks @ franktopel
    • Added new config settings to control Custom Element sanitizing, thanks @ franktopel
    • Added faster clobber checks, thanks @ GrantGryczan
    • Allow-listed SVG feImage elements, thanks @ ydaniv
    • Updated test suite
    • Update supported Node versions
    • Updated README
  • 2.3.3 - 2021-09-20
    • Fixed a bug in the handing of PARSER_MEDIA_TYPE spotted by @ securitum-mb
    • Adjusted the tests for MSIE to make sure the results are as expected now
from dompurify GitHub release notes
Commit messages
Package name: dompurify
  • 8eab0ac chore: Preparing 2.3.5. release
  • 10d6dfc Merge pull request #632 from is2ei/fix-import-path
  • 39143ac chore: fix import path for testing
  • 4a51b35 Merge pull request #631 from is2ei/bump-karma-firefox-launcher
  • af01488 chore: bump karma-firefox-launcher
  • 4f84bca Merge pull request #630 from is2ei/bump-karma-chrome-launcher
  • 00944d3 chore: bump karma-chrome-launcher
  • 9e42e20 Merge pull request #629 from is2ei/run-format
  • 6fa4888 chore: run format
  • dad9227 Merge pull request #628 from is2ei/remove-babel
  • bcdffcd chore: remove deprecated package babel
  • 6d57f1c Merge pull request #627 from is2ei/build-latest-code
  • f5991b2 chore: update bundle
  • 6f6c0cb Merge pull request #626 from is2ei/remove-rollup-watch
  • 95a0e98 chore: remove deprecated rollup-watch package
  • 9172631 Merge pull request #624 from rzhade3/patch-1
  • b292d38 Merge pull request #623 from is2ei/remove-lodash.isarray
  • 54051f8 Update attrs.js
  • 64673cc chore: remove deprecated lodash.isarray
  • c5734c4 Merge pull request #622 from tosmolka/tosmolka/fix-emptyHTML
  • 6aac55d fix: node.outerHTML = emptyHTML causes TT Sink violation
  • 262a050 test: Added tests to cover new behavior for insecure IN_PLACE
  • 84f1d45 fix: replaced comment node substitution with throw for IN_PLACE
  • 3207638 fix: Fixed a potential problem with risky root nodes in IN_PLACE
Compare

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

šŸ§ View latest project report

šŸ›  Adjust upgrade PR settings

šŸ”• Ignore this dependency or unsubscribe from future upgrade PRs

netlify[bot] commented 2 years ago

āœ”ļø Deploy Preview for otlio ready!

šŸ”Ø Explore the source changes: 3c32558e9ea90dcb06068d2447d5fa3bd305ce8c

šŸ” Inspect the deploy log: https://app.netlify.com/sites/otlio/deploys/620d8d315fa7a70008d8892b

šŸ˜Ž Browse the preview: https://deploy-preview-341--otlio.netlify.app/