search

stanleyowen / otlio

An open source project of Todo which is easy to use and easy to organize!
https://otlio.netlify.app
MIT License
23 stars 4 forks source link

[Snyk] Upgrade dompurify from 2.4.0 to 2.4.4 #405

Closed snyk-bot closed 1 year ago

snyk-bot commented 1 year ago

Snyk has created this PR to upgrade dompurify from 2.4.0 to 2.4.4.

:information_source: Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

Release notes
Package name: dompurify
  • 2.4.4 - 2023-02-13
  • 2.4.3 - 2023-01-06
    • Final release that is compatible with MSIE10 & MSIE 11
  • 2.4.2 - 2023-01-05
    • Fixed a Trusted Types sink violation with empty input and NAMESPACE , thanks @ tosmolka
    • Fixed a Prototype Pollution issue discovered and reported by @ kevin-mizu
  • 2.4.1 - 2022-11-10
    • Added new config option ALLOWED_NAMESPACES for better XML handling, thanks @ kevin-deyoungster @ tosmolka
    • Added better detection of template literals when SAFE_FOR_TEMPLATES is true
    • Fixed an exception caused by DOM clobbering, thanks @ masatokinugawa
    • Bumped some dependencies, thanks @ marcpenya-tf
  • 2.4.0 - 2022-08-24
    • Removed bundled types again as they caused too much trouble
from dompurify GitHub release notes
Commit messages
Package name: dompurify
  • fa4e8ee chore: preparing 2.4.4 release
  • f5c25ac see #767
  • 08e9fab test: Added 2.x tag to 2.x branch actions
  • 5f766bc See #761
  • 90326ef Merge pull request #750 from cure53/dependabot/npm_and_yarn/json5-1.0.2
  • fade506 chore: Prepare 2.4.3, final feature release compatible w. MSIE10/11
  • 3afe389 build(deps): bump json5 from 1.0.1 to 1.0.2
  • f1e180f fix: merged from latest main
  • 7707778 Update README.md
  • 5267b04 chore: Preparing 2.4.2 release
  • d1dd037 fix: Fixed a prototype pollution bug reported by @ kevin_mizu
  • 24d2a7f Merge pull request #748 from tosmolka/tosmolka/747
  • 7de86a0 Fix formatting
  • 191cc00 Fix Trusted Types Sink violation with empty input and NAMESPACE
  • 4945074 Merge pull request #745 from cure53/dependabot/npm_and_yarn/qs-and-body-parser-6.11.0
  • 7e9fcd9 build(deps): bump qs and body-parser
  • 2734b2d Merge pull request #737 from cure53/dependabot/npm_and_yarn/engine.io-and-socket.io-6.2.1
  • f3b68d9 build(deps): bump engine.io and socket.io
  • 9a751e4 Merge pull request #732 from Pomierski/patch-1
  • 2c03b6c fix
  • 7477926 chore: fix allowCustomizedBuiltInElements comment in readme
  • 67f784c chore: preparing 2.4.1 release
  • e50e814 Merge pull request #731 from cure53/dependabot/npm_and_yarn/minimatch-3.1.2
  • 4712fa3 test: attempted to fix ALLOWED_NAMESPACES tests for IE/Edge v2
Compare

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs

netlify[bot] commented 1 year ago

Deploy Preview for otlio ready!

Name Link
Latest commit 7fe1d594919c98ea6e6d3bbf888dec86e46bf8ba
Latest deploy log https://app.netlify.com/sites/otlio/deploys/640639b5e2af1900078e4a82
Deploy Preview https://deploy-preview-405--otlio.netlify.app/
Preview on mobile
Toggle QR Code...

QR Code

Use your smartphone camera to open QR code link.

To edit notification comments on pull requests, go to your Netlify site settings.