netlify[bot]
commented
2 months ago Deploy Preview for otlio ready!
| Name | Link |
|---|---|
| Latest commit | 0b197e74f93af447739d9d55522e81dec57fba1b |
| Latest deploy log | https://app.netlify.com/sites/otlio/deploys/664dbfb502840900088a9f84 |
| Deploy Preview | https://deploy-preview-441--otlio.netlify.app |
| Preview on mobile | Toggle QR Code...Use your smartphone camera to open QR code link. |
Lighthouse |
1 paths audited Performance: 66 (🔴 down 1 from production) Accessibility: 97 (🟢 up 3 from production) Best Practices: 92 (🟢 up 9 from production) SEO: 97 (no change from production) PWA: 70 (no change from production) View the detailed breakdown and full score reports |
To edit notification comments on pull requests, go to your Netlify site configuration.
This PR was automatically created by Snyk using the credentials of a real user.
Snyk has created this PR to upgrade dompurify from 2.4.5 to 2.5.2.
:information_source: Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.- The recommended version is **7 versions** ahead of your current version. - The recommended version was released **22 days ago**, on 2024-04-30. The recommended version fixes: Severity | Issue | PriorityScore (\*) | Exploit Maturity | :-------------------------:|:-------------------------|-------------------------|:-------------------------
[SNYK-JS-MICROMATCH-6838728](/SNYK-JS-MICROMATCH-6838728) | **432/1000**
**Why?** Proof of Concept exploit, CVSS 6.5 | No Known Exploit
[SNYK-JS-ADOBECSSTOOLS-6096077](/SNYK-JS-ADOBECSSTOOLS-6096077) | **432/1000**
**Why?** Proof of Concept exploit, CVSS 6.5 | No Known Exploit
[SNYK-JS-SEMVER-3247795](/SNYK-JS-SEMVER-3247795) | **432/1000**
**Why?** Proof of Concept exploit, CVSS 6.5 | Proof of Concept
[SNYK-JS-BRACES-6838727](/SNYK-JS-BRACES-6838727) | **432/1000**
**Why?** Proof of Concept exploit, CVSS 6.5 | Proof of Concept
[SNYK-JS-SEMVER-3247795](/SNYK-JS-SEMVER-3247795) | **432/1000**
**Why?** Proof of Concept exploit, CVSS 6.5 | Proof of Concept
[SNYK-JS-FOLLOWREDIRECTS-6141137](/SNYK-JS-FOLLOWREDIRECTS-6141137) | **432/1000**
**Why?** Proof of Concept exploit, CVSS 6.5 | Proof of Concept
[SNYK-JS-WEBPACKDEVMIDDLEWARE-6476555](/SNYK-JS-WEBPACKDEVMIDDLEWARE-6476555) | **432/1000**
**Why?** Proof of Concept exploit, CVSS 6.5 | Proof of Concept
[SNYK-JS-FOLLOWREDIRECTS-6444610](/SNYK-JS-FOLLOWREDIRECTS-6444610) | **432/1000**
**Why?** Proof of Concept exploit, CVSS 6.5 | Proof of Concept
[SNYK-JS-ADOBECSSTOOLS-5871286](/SNYK-JS-ADOBECSSTOOLS-5871286) | **432/1000**
**Why?** Proof of Concept exploit, CVSS 6.5 | No Known Exploit
[SNYK-JS-TOUGHCOOKIE-5672873](/SNYK-JS-TOUGHCOOKIE-5672873) | **432/1000**
**Why?** Proof of Concept exploit, CVSS 6.5 | Proof of Concept
[SNYK-JS-BABELTRAVERSE-5962462](/SNYK-JS-BABELTRAVERSE-5962462) | **432/1000**
**Why?** Proof of Concept exploit, CVSS 6.5 | Proof of Concept
[SNYK-JS-DOMPURIFY-6474511](/SNYK-JS-DOMPURIFY-6474511) | **432/1000**
**Why?** Proof of Concept exploit, CVSS 6.5 | Proof of Concept
[SNYK-JS-EJS-6689533](/SNYK-JS-EJS-6689533) | **432/1000**
**Why?** Proof of Concept exploit, CVSS 6.5 | No Known Exploit
[SNYK-JS-EXPRESS-6474509](/SNYK-JS-EXPRESS-6474509) | **432/1000**
**Why?** Proof of Concept exploit, CVSS 6.5 | No Known Exploit
[SNYK-JS-WORDWRAP-3149973](/SNYK-JS-WORDWRAP-3149973) | **432/1000**
**Why?** Proof of Concept exploit, CVSS 6.5 | Proof of Concept (\*) Note that the real score may have changed since the PR was raised.
Release notes
Package name: dompurify
-
2.5.2 - 2024-04-30
- Addressed and fixed a mXSS variation found by @ kevin-mizu
- Addressed and fixed a mXSS variation found by Adam Kues of Assetnote
- Updated tests for older Safari and Chrome versions
-
2.5.1 - 2024-04-26
- Fixed an mXSS sanitizer bypass reported by @ icesfont
- Added new code to track element nesting depth
- Added new code to enforce a maximum nesting depth of 255
- Added coverage tests and necessary clobbering protections
-
2.5.0 - 2024-04-07
- Added new setting
- Updated the LICENSE file to show the accurate year number
- Updated several build and test dependencies
-
2.4.9 - 2024-03-21
-
2.4.8 - 2024-03-19
-
2.4.7 - 2023-07-11
-
2.4.6 - 2023-07-10
-
2.4.5 - 2023-03-01
from dompurify GitHub release notesNote that this is a security release and should be upgraded to immediately. Please also note that further releases may follow as the underlying vulnerability is apparently new and further variations may be discovered.
SAFE_FOR_XMLto enable better control over comment scrubbingCommit messages
Package name: dompurify
- d299fcc chore: Preparing 2.5.2 release
- fc9f702 chore: Migrated relevant changes from main over to 2.x
- f275c0b chore: Preparing 2.5.1 release
- 381bc61 test: Fixed the tests for new MAX_NESTING_DEPTH limit
- 8589191 fix: Started to set new MAX_NESTING_DEPTH limits as well
- 2076d1b test: Fixed a linter issue breaking the tests
- 0ef5e53 chore: Updated 2.x branch with relevant fixes for nesting-based mXSS
- 7f6cf8a chore: Updated some packages
- 6f9902d docs: Updated year in LICENSE file for 2.x as well
- 2dcadf0 chore: Preparing 2.5.0 release
- 28381af feature: Added SAFE_FOR_XML flag and code to 2.x branch
- 79cfb37 chore: Preparing 2.4.9 release
- 0940755 fix: Merged relevant changes from main for 2.4.9
- 416ba67 chore: Preparing 2.4.8 release
- 4035e3a chore: Preparing 2.4.8. release
- f0e75b0 fix: cherry-picked fixes for XML & CE bypass
- ef731c0 chore: Preparing 2.4.7. release
- 5b7dff9 chore: Preparing 2.4.6 release
- a01c083 Fix: addressed a bypass on jsdom 22 when noframes tag is allowed
Compare**Note:** _You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs._ For more information: