[Snyk] Upgrade dompurify from 2.3.8 to 2.4.0

[stanleyowen]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to upgrade dompurify from 2.3.8 to 2.4.0.

 :information_source: Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

---

- The recommended version is **5 versions** ahead of your current version. - The recommended version was released **2 months ago**, on 2022-08-24. The recommended version fixes: Severity | Issue | PriorityScore (*) | Exploit Maturity | :-------------------------:|:-------------------------|-------------------------|:------------------------- | Improper Input Validation
[SNYK-JS-URLPARSE-2407770](https://snyk.io/vuln/SNYK-JS-URLPARSE-2407770) | **512/1000**
**Why?** Proof of Concept exploit, CVSS 8.1 | Proof of Concept | Prototype Pollution
[SNYK-JS-UNSETVALUE-2400660](https://snyk.io/vuln/SNYK-JS-UNSETVALUE-2400660) | **512/1000**
**Why?** Proof of Concept exploit, CVSS 8.1 | No Known Exploit | Regular Expression Denial of Service (ReDoS)
[SNYK-JS-TMPL-1583443](https://snyk.io/vuln/SNYK-JS-TMPL-1583443) | **512/1000**
**Why?** Proof of Concept exploit, CVSS 8.1 | Proof of Concept | Arbitrary File Write
[SNYK-JS-TAR-1579155](https://snyk.io/vuln/SNYK-JS-TAR-1579155) | **512/1000**
**Why?** Proof of Concept exploit, CVSS 8.1 | No Known Exploit | Arbitrary File Write
[SNYK-JS-TAR-1579152](https://snyk.io/vuln/SNYK-JS-TAR-1579152) | **512/1000**
**Why?** Proof of Concept exploit, CVSS 8.1 | No Known Exploit | Arbitrary File Write
[SNYK-JS-TAR-1579147](https://snyk.io/vuln/SNYK-JS-TAR-1579147) | **512/1000**
**Why?** Proof of Concept exploit, CVSS 8.1 | No Known Exploit | Remote Code Execution (RCE)
[SNYK-JS-SHELLQUOTE-1766506](https://snyk.io/vuln/SNYK-JS-SHELLQUOTE-1766506) | **512/1000**
**Why?** Proof of Concept exploit, CVSS 8.1 | No Known Exploit | Improper Verification of Cryptographic Signature
[SNYK-JS-NODEFORGE-2430339](https://snyk.io/vuln/SNYK-JS-NODEFORGE-2430339) | **512/1000**
**Why?** Proof of Concept exploit, CVSS 8.1 | No Known Exploit | Command Injection
[SNYK-JS-LODASHTEMPLATE-1088054](https://snyk.io/vuln/SNYK-JS-LODASHTEMPLATE-1088054) | **512/1000**
**Why?** Proof of Concept exploit, CVSS 8.1 | Proof of Concept | Remote Code Execution (RCE)
[SNYK-JS-EJS-2803307](https://snyk.io/vuln/SNYK-JS-EJS-2803307) | **512/1000**
**Why?** Proof of Concept exploit, CVSS 8.1 | Proof of Concept | Prototype Pollution
[SNYK-JS-ASYNC-2441827](https://snyk.io/vuln/SNYK-JS-ASYNC-2441827) | **512/1000**
**Why?** Proof of Concept exploit, CVSS 8.1 | Proof of Concept | Regular Expression Denial of Service (ReDoS)
[SNYK-JS-ANSIHTML-1296849](https://snyk.io/vuln/SNYK-JS-ANSIHTML-1296849) | **512/1000**
**Why?** Proof of Concept exploit, CVSS 8.1 | Proof of Concept | Authorization Bypass Through User-Controlled Key
[SNYK-JS-URLPARSE-2412697](https://snyk.io/vuln/SNYK-JS-URLPARSE-2412697) | **512/1000**
**Why?** Proof of Concept exploit, CVSS 8.1 | Proof of Concept | Authorization Bypass
[SNYK-JS-URLPARSE-2407759](https://snyk.io/vuln/SNYK-JS-URLPARSE-2407759) | **512/1000**
**Why?** Proof of Concept exploit, CVSS 8.1 | Proof of Concept | Access Restriction Bypass
[SNYK-JS-URLPARSE-2401205](https://snyk.io/vuln/SNYK-JS-URLPARSE-2401205) | **512/1000**
**Why?** Proof of Concept exploit, CVSS 8.1 | Proof of Concept | Regular Expression Denial of Service (ReDoS)
[SNYK-JS-TERSER-2806366](https://snyk.io/vuln/SNYK-JS-TERSER-2806366) | **512/1000**
**Why?** Proof of Concept exploit, CVSS 8.1 | No Known Exploit | Regular Expression Denial of Service (ReDoS)
[SNYK-JS-TERSER-2806366](https://snyk.io/vuln/SNYK-JS-TERSER-2806366) | **512/1000**
**Why?** Proof of Concept exploit, CVSS 8.1 | No Known Exploit | Regular Expression Denial of Service (ReDoS)
[SNYK-JS-PROMPTS-1729737](https://snyk.io/vuln/SNYK-JS-PROMPTS-1729737) | **512/1000**
**Why?** Proof of Concept exploit, CVSS 8.1 | Proof of Concept | Denial of Service (DoS)
[SNYK-JS-NWSAPI-2841516](https://snyk.io/vuln/SNYK-JS-NWSAPI-2841516) | **512/1000**
**Why?** Proof of Concept exploit, CVSS 8.1 | No Known Exploit | Improper Verification of Cryptographic Signature
[SNYK-JS-NODEFORGE-2430341](https://snyk.io/vuln/SNYK-JS-NODEFORGE-2430341) | **512/1000**
**Why?** Proof of Concept exploit, CVSS 8.1 | No Known Exploit | Improper Verification of Cryptographic Signature
[SNYK-JS-NODEFORGE-2430337](https://snyk.io/vuln/SNYK-JS-NODEFORGE-2430337) | **512/1000**
**Why?** Proof of Concept exploit, CVSS 8.1 | No Known Exploit | Prototype Pollution
[SNYK-JS-NODEFORGE-2331908](https://snyk.io/vuln/SNYK-JS-NODEFORGE-2331908) | **512/1000**
**Why?** Proof of Concept exploit, CVSS 8.1 | No Known Exploit | Open Redirect
[SNYK-JS-NODEFORGE-2330875](https://snyk.io/vuln/SNYK-JS-NODEFORGE-2330875) | **512/1000**
**Why?** Proof of Concept exploit, CVSS 8.1 | Proof of Concept | Information Exposure
[SNYK-JS-NANOID-2332193](https://snyk.io/vuln/SNYK-JS-NANOID-2332193) | **512/1000**
**Why?** Proof of Concept exploit, CVSS 8.1 | Proof of Concept | Reverse Tabnabbing
[SNYK-JS-ISTANBULREPORTS-2328088](https://snyk.io/vuln/SNYK-JS-ISTANBULREPORTS-2328088) | **512/1000**
**Why?** Proof of Concept exploit, CVSS 8.1 | No Known Exploit | Prototype Pollution
[SNYK-JS-IMMER-1540542](https://snyk.io/vuln/SNYK-JS-IMMER-1540542) | **512/1000**
**Why?** Proof of Concept exploit, CVSS 8.1 | Proof of Concept | Regular Expression Denial of Service (ReDoS)
[SNYK-JS-GLOBPARENT-1016905](https://snyk.io/vuln/SNYK-JS-GLOBPARENT-1016905) | **512/1000**
**Why?** Proof of Concept exploit, CVSS 8.1 | Proof of Concept | Arbitrary Code Injection
[SNYK-JS-EJS-1049328](https://snyk.io/vuln/SNYK-JS-EJS-1049328) | **512/1000**
**Why?** Proof of Concept exploit, CVSS 8.1 | Proof of Concept | Regular Expression Denial of Service (ReDoS)
[SNYK-JS-BROWSERSLIST-1090194](https://snyk.io/vuln/SNYK-JS-BROWSERSLIST-1090194) | **512/1000**
**Why?** Proof of Concept exploit, CVSS 8.1 | Proof of Concept | Prototype Pollution
[SNYK-JS-MINIMIST-2429795](https://snyk.io/vuln/SNYK-JS-MINIMIST-2429795) | **512/1000**
**Why?** Proof of Concept exploit, CVSS 8.1 | Proof of Concept (*) Note that the real score may have changed since the PR was raised.

Release notes

Package name: dompurify

• 2.4.0 - 2022-08-24
  
  • Removed bundled types again as they caused too much trouble
• 2.3.12 - 2022-08-23
  
  • Fixed an issue in 2.3.11 causing errors w. TypeScript, see #712, thanks @ Mirco469, @ brentkeller, @ aryanisml
• 2.3.11 - 2022-08-23
  
  • Added generated type definitions for better compatibility
  • Added SANITIZE_NAMED_PROPS config option, thanks @ SoheilKhodayari
  • Updated README and config documentation, thanks @ 0xedward
  • Updated test suite with newer Node versions
• 2.3.10 - 2022-07-18
  
  • Added support for sanitization of attributes requiring Trusted Types, thanks @ tosmolka
• 2.3.9 - 2022-07-11
  
  • Made TAG and ATTR config options case-sensitive when parsing XHTML, thanks @ tosmolka
  • Bumped some dependencies, thanks @ is2ei
  • Included github-actions in the dependabot config, thanks @ nathannaveen
• 2.3.8 - 2022-05-13
  
  • Cleaned up a minor issue with the 2.3.7 release, thanks @ johnbirds

  No other changes compared to 2.3.7 release, which entail:

  • Fixes around a bug in Safari, thanks @ sybrew
  • Slightly improved performance, thanks @ tiny-ben-tran
  • Lots of chores, bumps and typo fixes, thanks @ is2ei
  • Removed unnecessary string trimming, thanks @ christopherehlen

from dompurify GitHub release notes

Commit messages

Package name: dompurify

• 5f8e875 chore: prepare 2.4.0 release
• 652d200 fix: Removed bundled types entirely due to 3rd party build errors
• caaae5e chore: prepare 2.3.12 release
• b4c57a8 See #712
• 30af6c8 chore: prepare 2.3.11 release
• 75b384f docs: Updated README and added new contributor
• b49ee90 Merge pull request #710 from SoheilKhodayari/main
• e242b43 Extra DOM Clobbering protection via SANITIZE_NAMED_PROPS config
• fb58d2d docs: Added instructions for Angular, see #705
• 4f62dcd chore: Added new npm script "types" to create type definitions
• 9925140 Merge pull request #709 from 0xedward/docs-FORBID_CONTENTS
• a4d33f3 Merge branch 'main' into docs-FORBID_CONTENTS
• 176993e docs: did some minor updates to README
• c4a4446 test: Made sure BS tests use Node 18
• f1f5380 docs: Did some finetuning to README, removed some overhead
• c6ae8e3 test: added current Node version numbers
• 08aef88 test: Added newer Node versions to test workflow
• d9f0682 docs: Updated readme for better Node usage instructions
• cce00ac Merge pull request #701 from cure53/dependabot/npm_and_yarn/terser-5.14.2
• ca723ff build(deps): bump terser from 5.5.1 to 5.14.2
• 68a53aa docs: added new sponsors to README
• aedec31 chore: preparing 2.3.10 release
• 2fe2a34 Merge pull request #699 from tosmolka/tosmolka/660
• 4ec6d6f Support sanitization of attributes that require Trusted Types

Compare

---

**Note:** *You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.* For more information: 🧐 [View latest project report](https://app.snyk.io/org/stanleyowen06/project/6c4f0783-1007-4aa3-8da0-92885788a6c2?utm_source=github&utm_medium=referral&page=upgrade-pr) 🛠 [Adjust upgrade PR settings](https://app.snyk.io/org/stanleyowen06/project/6c4f0783-1007-4aa3-8da0-92885788a6c2/settings/integration?utm_source=github&utm_medium=referral&page=upgrade-pr) 🔕 [Ignore this dependency or unsubscribe from future upgrade PRs](https://app.snyk.io/org/stanleyowen06/project/6c4f0783-1007-4aa3-8da0-92885788a6c2/settings/integration?pkg=dompurify&utm_source=github&utm_medium=referral&page=upgrade-pr#auto-dep-upgrades)

[netlify[bot]]

✅ Deploy Preview for otlio ready!

Name	Link
🔨 Latest commit	e69ffc8256e9636f3a1d306bce1ba8f6a9dcdbc8
🔍 Latest deploy log	https://app.netlify.com/sites/otlio/deploys/635884874cdc4b000932b95c
😎 Deploy Preview	https://deploy-preview-392--otlio.netlify.app
📱 Preview on mobile	Toggle QR Code... Use your smartphone camera to open QR code link.

---

To edit notification comments on pull requests, go to your Netlify site settings.