search

wmcadigital / wmn-refund

Step by step form for refunds of transport tickets
https://refund.wmnetwork.co.uk
0 stars 4 forks source link

[skip netlify]: Bump dompurify from 2.2.2 to 2.3.9 #619

Closed dependabot[bot] closed 2 years ago

dependabot[bot] commented 2 years ago

Bumps dompurify from 2.2.2 to 2.3.9.

Release notes

Sourced from dompurify's releases.

DOMPurify 2.3.9

  • Made TAG and ATTR config options case-sensitive when parsing XHTML, thanks @​tosmolka
  • Bumped some dependencies, thanks @​is2ei
  • Included github-actions in the dependabot config, thanks @​nathannaveen

DOMPurify 2.3.8

  • Cleaned up a minor issue with the 2.3.7 release, thanks @​johnbirds

No other changes compared to 2.3.7 release, which entail:

DOMPurify 2.3.6

  • Added an option to allow HTML5 doctypes, thanks @​tosmolka
  • Bumped several dependencies, thanks @​is2ei
  • Updated documentation to cover recently added flags, thanks @​is2ei

DOMPurify 2.3.5

  • Performed several chores and cleanups, thanks @​is2ei
  • Fixed a bug when working with Trusted Types, thanks @​tosmolka
  • Fixed a bug with weird behavior on insecure nodes in IN_PLACE mode, thanks @​tosmolka
  • Added more SVG attributes to allow-list, thanks @​rzhade3

DOMPurify 2.3.4

  • Added support for Custom Elements, thanks @​franktopel
  • Added new config settings to control Custom Element sanitizing, thanks @​franktopel
  • Added faster clobber checks, thanks @​GrantGryczan
  • Allow-listed SVG feImage elements, thanks @​ydaniv
  • Updated test suite
  • Update supported Node versions
  • Updated README

DOMPurify 2.3.3

  • Fixed a bug in the handing of PARSER_MEDIA_TYPE spotted by @​securitum-mb
  • Adjusted the tests for MSIE to make sure the results are as expected now

DOMPurify 2.3.2

  • Added new config option PARSER_MEDIA_TYPE, thanks @​tosmolka

DOMPurify 2.3.1

  • Added code to make FORBID_CONTENTS setting configurable
  • Added role to URI-safe attributes
  • Added more paranoid handling for template elements

DOMPurify 2.3.0

  • Added better handling of document creation on Firefox
  • Added better handling of version numbers in license file
  • Added two new browser versions to test suite config

... (truncated)

Commits
  • 52c8eb1 chore: Updated website
  • 6ec9e42 chore: Preparing 2.3.9 release
  • 912245b Merge pull request #695 from cure53/dependabot/npm_and_yarn/shell-quote-1.7.3
  • 2686662 build(deps): bump shell-quote from 1.7.2 to 1.7.3
  • abf6295 Merge pull request #693 from is2ei/run-format
  • a49f13d format code
  • 2ac0802 See #692
  • e1e04f3 See #692
  • 79e622c Merge pull request #692 from tosmolka/tosmolka/xhtml-lowercase
  • 3ad7750 Make TAG and ATTR cfg options case-sensitive when parsing XHTML
  • Additional commits viewable in compare view


Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
dependabot[bot] commented 2 years ago

Superseded by #624.