netlify[bot]
commented
2 months ago Deploy Preview for otlio ready!
| Name | Link |
|---|---|
| Latest commit | fe1fdb960e722e787e0d6f4510200e0f3adaf4b8 |
| Latest deploy log | https://app.netlify.com/sites/otlio/deploys/6647d8709673660008ed2e1a |
| Deploy Preview | https://deploy-preview-440--otlio.netlify.app |
| Preview on mobile | Toggle QR Code...Use your smartphone camera to open QR code link. |
Lighthouse |
1 paths audited Performance: 68 (🟢 up 1 from production) Accessibility: 94 (no change from production) Best Practices: 92 (🟢 up 9 from production) SEO: 97 (no change from production) PWA: 70 (no change from production) View the detailed breakdown and full score reports |
To edit notification comments on pull requests, go to your Netlify site configuration.
This PR was automatically created by Snyk using the credentials of a real user.
Snyk has created this PR to upgrade dompurify from 2.4.5 to 2.5.1.
:information_source: Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.- The recommended version is **6 versions** ahead of your current version. - The recommended version was released **21 days ago**, on 2024-04-26. The recommended version fixes: Severity | Issue | PriorityScore (*) | Exploit Maturity | :-------------------------:|:-------------------------|-------------------------|:-------------------------
[SNYK-JS-WEBPACKDEVMIDDLEWARE-6476555](https://snyk.io/vuln/SNYK-JS-WEBPACKDEVMIDDLEWARE-6476555) | **477/1000**
**Why?** Proof of Concept exploit, CVSS 7.4 | Proof of Concept
[SNYK-JS-ADOBECSSTOOLS-6096077](https://snyk.io/vuln/SNYK-JS-ADOBECSSTOOLS-6096077) | **477/1000**
**Why?** Proof of Concept exploit, CVSS 7.4 | No Known Exploit
[SNYK-JS-FOLLOWREDIRECTS-6141137](https://snyk.io/vuln/SNYK-JS-FOLLOWREDIRECTS-6141137) | **477/1000**
**Why?** Proof of Concept exploit, CVSS 7.4 | Proof of Concept
[SNYK-JS-SEMVER-3247795](https://snyk.io/vuln/SNYK-JS-SEMVER-3247795) | **477/1000**
**Why?** Proof of Concept exploit, CVSS 7.4 | Proof of Concept
[SNYK-JS-SEMVER-3247795](https://snyk.io/vuln/SNYK-JS-SEMVER-3247795) | **477/1000**
**Why?** Proof of Concept exploit, CVSS 7.4 | Proof of Concept
[SNYK-JS-TOUGHCOOKIE-5672873](https://snyk.io/vuln/SNYK-JS-TOUGHCOOKIE-5672873) | **477/1000**
**Why?** Proof of Concept exploit, CVSS 7.4 | Proof of Concept
[SNYK-JS-ADOBECSSTOOLS-5871286](https://snyk.io/vuln/SNYK-JS-ADOBECSSTOOLS-5871286) | **477/1000**
**Why?** Proof of Concept exploit, CVSS 7.4 | No Known Exploit
[SNYK-JS-EXPRESS-6474509](https://snyk.io/vuln/SNYK-JS-EXPRESS-6474509) | **477/1000**
**Why?** Proof of Concept exploit, CVSS 7.4 | No Known Exploit
[SNYK-JS-WORDWRAP-3149973](https://snyk.io/vuln/SNYK-JS-WORDWRAP-3149973) | **477/1000**
**Why?** Proof of Concept exploit, CVSS 7.4 | Proof of Concept
[SNYK-JS-BABELTRAVERSE-5962462](https://snyk.io/vuln/SNYK-JS-BABELTRAVERSE-5962462) | **477/1000**
**Why?** Proof of Concept exploit, CVSS 7.4 | Proof of Concept
[SNYK-JS-DOMPURIFY-6474511](https://snyk.io/vuln/SNYK-JS-DOMPURIFY-6474511) | **477/1000**
**Why?** Proof of Concept exploit, CVSS 7.4 | Proof of Concept
[SNYK-JS-EJS-6689533](https://snyk.io/vuln/SNYK-JS-EJS-6689533) | **477/1000**
**Why?** Proof of Concept exploit, CVSS 7.4 | No Known Exploit
[SNYK-JS-FOLLOWREDIRECTS-6444610](https://snyk.io/vuln/SNYK-JS-FOLLOWREDIRECTS-6444610) | **477/1000**
**Why?** Proof of Concept exploit, CVSS 7.4 | Proof of Concept (*) Note that the real score may have changed since the PR was raised.
Release notes
Package name: dompurify
-
2.5.1 - 2024-04-26
- Fixed an mXSS sanitizer bypass reported by @ icesfont
- Added new code to track element nesting depth
- Added new code to enforce a maximum nesting depth of 255
- Added coverage tests and necessary clobbering protections
-
2.5.0 - 2024-04-07
- Added new setting
- Updated the LICENSE file to show the accurate year number
- Updated several build and test dependencies
-
2.4.9 - 2024-03-21
- Fixed another conditional bypass caused by Processing Instructions, thanks @ Ry0taK
- Fixed the regex for HTML Custom Element detection, thanks @ AlekseySolovey3T
-
2.4.8 - 2024-03-19
-
2.4.7 - 2023-07-11
-
2.4.6 - 2023-07-10
-
2.4.5 - 2023-03-01
from dompurify GitHub release notesNote that this is a security release and should be upgraded to immediately. Please also note that further releases may follow as the underlying vulnerability is apparently new and further variations may be discovered.
SAFE_FOR_XMLto enable better control over comment scrubbingCommit messages
Package name: dompurify
- f275c0b chore: Preparing 2.5.1 release
- 381bc61 test: Fixed the tests for new MAX_NESTING_DEPTH limit
- 8589191 fix: Started to set new MAX_NESTING_DEPTH limits as well
- 2076d1b test: Fixed a linter issue breaking the tests
- 0ef5e53 chore: Updated 2.x branch with relevant fixes for nesting-based mXSS
- 7f6cf8a chore: Updated some packages
- 6f9902d docs: Updated year in LICENSE file for 2.x as well
- 2dcadf0 chore: Preparing 2.5.0 release
- 28381af feature: Added SAFE_FOR_XML flag and code to 2.x branch
- 79cfb37 chore: Preparing 2.4.9 release
- 0940755 fix: Merged relevant changes from main for 2.4.9
- 416ba67 chore: Preparing 2.4.8 release
- 4035e3a chore: Preparing 2.4.8. release
- f0e75b0 fix: cherry-picked fixes for XML & CE bypass
- ef731c0 chore: Preparing 2.4.7. release
- 5b7dff9 chore: Preparing 2.4.6 release
- a01c083 Fix: addressed a bypass on jsdom 22 when noframes tag is allowed
Compare**Note:** *You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.* For more information: