Bump @braintree/sanitize-url and mermaid

dependabot[bot] commented 2 years ago

Bumps @braintree/sanitize-url and mermaid. These dependencies needed to be updated together. Updates @braintree/sanitize-url from 3.1.0 to 6.0.0

Changelog

Sourced from @braintree/sanitize-url's changelog.

6.0.0

Breaking Changes

Decode HTML characters automatically that would result in an XSS vulnerability when rendering links via a server rendered HTML file

// decodes to javacript:alert('XSS')
const vulnerableUrl =
  "&[#0000106](https://github.com/braintree/sanitize-url/issues/0000106)&[#0000097](https://github.com/braintree/sanitize-url/issues/0000097)&[#0000118](https://github.com/braintree/sanitize-url/issues/0000118)&[#0000097](https://github.com/braintree/sanitize-url/issues/0000097)&[#0000115](https://github.com/braintree/sanitize-url/issues/0000115)&[#0000099](https://github.com/braintree/sanitize-url/issues/0000099)&[#0000114](https://github.com/braintree/sanitize-url/issues/0000114)&[#0000105](https://github.com/braintree/sanitize-url/issues/0000105)&[#0000112](https://github.com/braintree/sanitize-url/issues/0000112)&[#0000116](https://github.com/braintree/sanitize-url/issues/0000116)&[#0000058](https://github.com/braintree/sanitize-url/issues/0000058)&[#0000097](https://github.com/braintree/sanitize-url/issues/0000097)&[#0000108](https://github.com/braintree/sanitize-url/issues/0000108)&[#0000101](https://github.com/braintree/sanitize-url/issues/0000101)&[#0000114](https://github.com/braintree/sanitize-url/issues/0000114)&[#0000116](https://github.com/braintree/sanitize-url/issues/0000116)&[#0000040](https://github.com/braintree/sanitize-url/issues/0000040)&[#0000039](https://github.com/braintree/sanitize-url/issues/0000039)&[#0000088](https://github.com/braintree/sanitize-url/issues/0000088)&[#0000083](https://github.com/braintree/sanitize-url/issues/0000083)&[#0000083](https://github.com/braintree/sanitize-url/issues/0000083)&[#0000039](https://github.com/braintree/sanitize-url/issues/0000039)&[#0000041](https://github.com/braintree/sanitize-url/issues/0000041)";
sanitizeUrl(vulnerableUrl); // 'about:blank'
const okUrl = "https://example.com/" + vulnerableUrl;
// since the javascript bit is in the path instead of the protocol
// this is successfully sanitized
sanitizeUrl(okUrl); // 'https://example.com/javascript:alert('XSS');

5.0.2

Fix issue where certain invisible white space characters were not being sanitized (#35)

5.0.1

Fix issue where certain safe characters were being filtered out (#31 thanks @akirchmyer)

5.0.0

Breaking Changes

Sanitize vbscript urls (thanks @vicnicius)

4.1.1

Fixup path to type declaration (closes #25)

4.1.0

Add typescript types

4.0.1

Fix issue where urls with accented characters were incorrectly sanitized

4.0.0

Breaking Changes

... (truncated)

Commits

34fc643 6.0.0
5c0b288 chore: update version in changelog
8f7371c feat: decode html entities before sanitizing (#40)
abff5b1 chore: update dev dependencies
89df59e chore: update eslint-config
348c8a9 chore: update node to v16
ceb62bf chore: update dev dependencies
1b58265 chore: update packages
e4b04d8 chore: update dev dependencies
7eb358e chore: update dev dependencies
Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by braintree, a new releaser for @braintree/sanitize-url since your current version.

Updates mermaid from 8.14.0 to 9.1.7

Release notes

Sourced from mermaid's releases.

9.1.7

Release Notes

Features & Bug Fixes

3238 gitgraph merge commits (#3379) @ashishjain0512

feat(git): allow custom merge commit ids (#3361) @aloisklink

3056 chrome compatibility (#3380) @ashishjain0512

Fix gitGraph findLane function error (#3383) @hughli-git

Fix error handling in Mermaid bootstrap(#3395) @knsv

Load configured diagrams even when initialized has not been called (#3428) @knsv

Dependencies Updates

chore(deps-dev): bump webpack-dev-server from 4.10.0 to 4.10.1 (#3387) @dependabot

chore(deps-dev): bump terser-webpack-plugin from 5.3.4 to 5.3.5 (#3343) @dependabot

chore(deps-dev): bump terser-webpack-plugin from 5.3.5 to 5.3.6 (#3389) @dependabot

chore(deps-dev): bump @commitlint/cli from 17.0.3 to 17.1.1 (#3376) @dependabot

chore(deps-dev): bump @commitlint/cli from 17.1.1 to 17.1.2 (#3390) @dependabot

🎉 Thanks to all contributors helping with this release! 🎉

9.1.6

Release Notes

Bug fixes

#3308 Allowing br tags in tooltips (#3331) @knsv

Fix for GitGraphs not working for Mermaid Live Editor (#3330) @ashishjain0512

code syntax improvment (initialize func) (#3277) @alguerocode

Docs

docs: Remove 404 links (#3328) @jayvdb

Chores

Remove two ~HEAD docs (#3327) @jayvdb

chore(deps-dev): bump eslint from 8.21.0 to 8.22.0 (#3320) @dependabot

chore(deps-dev): bump eslint-plugin-jest from 26.8.0 to 26.8.2 (#3319) @dependabot

chore(deps-dev): bump eslint-plugin-jsdoc from 39.3.4 to 39.3.6 (#3322) @dependabot

chore(deps-dev): bump terser-webpack-plugin from 5.3.3 to 5.3.4 (#3318) @dependabot

chore(deps-dev): bump webpack-dev-server from 4.9.3 to 4.10.0 (#3321) @dependabot

🎉 Thanks to all contributors helping with this release! 🎉

9.0.1

Release Notes

🐛 Bug Fixes

Removal of vulnerability (#2958) @knsv

Fix broken re-rendering of gitGraph in Mermaid Live Editor

🎉 Thanks to all contributors helping with this release! 🎉

... (truncated)

Commits

0c04681 Release 9.1.7
50da58a Fix for broken rendering test
0f56c9a Fix for issue #3428, load the configured diagrams even when initialize has no...
e5212c2 Merge pull request #3398 from mermaid-js/3395_fix_error_handling
5584fef #3395 Renabling the error graph which is rendered on error
98f37d6 #3395 Fix for lopp stopping at first failure
f4a99fc Merge pull request #3390 from mermaid-js/dependabot/npm_and_yarn/develop/comm...
b00d569 Merge pull request #3389 from mermaid-js/dependabot/npm_and_yarn/develop/ters...
1921623 Merge pull request #3387 from mermaid-js/dependabot/npm_and_yarn/develop/webp...
3502fb4 Merge pull request #3383 from hughli-git/fix_git_stack_exceeded
Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) - `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language - `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language - `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language - `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/tremor-rs/tremor-www/network/alerts).

netlify[bot] commented 2 years ago

Deploy Preview for tremor-www ready!

Name	Link
Latest commit	db9649a45057d4e68fe9821e436e3bbf5817b8f0
Latest deploy log	https://app.netlify.com/sites/tremor-www/deploys/633bf9faccd41d0008e01e24
Deploy Preview	https://deploy-preview-242--tremor-www.netlify.app
Preview on mobile	Toggle QR Code... Use your smartphone camera to open QR code link.

To edit notification comments on pull requests, go to your Netlify site settings.

Licenser commented 2 years ago

@dependabot rebase

tremor-rs / tremor-www