search

wmcadigital / wmn-refund

Step by step form for refunds of transport tickets
https://refund.wmnetwork.co.uk
0 stars 4 forks source link

[skip netlify]: Bump dompurify from 2.2.2 to 2.3.12 #637

Closed dependabot[bot] closed 2 years ago

dependabot[bot] commented 2 years ago

Bumps dompurify from 2.2.2 to 2.3.12.

Release notes

Sourced from dompurify's releases.

DOMPurify 2.3.12

DOMPurify 2.3.11

  • Added generated type definitions for better compatibility
  • Added SANITIZE_NAMED_PROPS config option, thanks @​SoheilKhodayari
  • Updated README and config documentation, thanks @​0xedward
  • Updated test suite with newer Node versions

DOMPurify 2.3.10

  • Added support for sanitization of attributes requiring Trusted Types, thanks @​tosmolka

DOMPurify 2.3.9

  • Made TAG and ATTR config options case-sensitive when parsing XHTML, thanks @​tosmolka
  • Bumped some dependencies, thanks @​is2ei
  • Included github-actions in the dependabot config, thanks @​nathannaveen

DOMPurify 2.3.8

  • Cleaned up a minor issue with the 2.3.7 release, thanks @​johnbirds

No other changes compared to 2.3.7 release, which entail:

DOMPurify 2.3.6

  • Added an option to allow HTML5 doctypes, thanks @​tosmolka
  • Bumped several dependencies, thanks @​is2ei
  • Updated documentation to cover recently added flags, thanks @​is2ei

DOMPurify 2.3.5

  • Performed several chores and cleanups, thanks @​is2ei
  • Fixed a bug when working with Trusted Types, thanks @​tosmolka
  • Fixed a bug with weird behavior on insecure nodes in IN_PLACE mode, thanks @​tosmolka
  • Added more SVG attributes to allow-list, thanks @​rzhade3

DOMPurify 2.3.4

  • Added support for Custom Elements, thanks @​franktopel
  • Added new config settings to control Custom Element sanitizing, thanks @​franktopel
  • Added faster clobber checks, thanks @​GrantGryczan
  • Allow-listed SVG feImage elements, thanks @​ydaniv
  • Updated test suite
  • Update supported Node versions
  • Updated README

DOMPurify 2.3.3

  • Fixed a bug in the handing of PARSER_MEDIA_TYPE spotted by @​securitum-mb
  • Adjusted the tests for MSIE to make sure the results are as expected now

... (truncated)

Commits
  • caaae5e chore: prepare 2.3.12 release
  • b4c57a8 See #712
  • 30af6c8 chore: prepare 2.3.11 release
  • 75b384f docs: Updated README and added new contributor
  • b49ee90 Merge pull request #710 from SoheilKhodayari/main
  • e242b43 Extra DOM Clobbering protection via SANITIZE_NAMED_PROPS config
  • fb58d2d docs: Added instructions for Angular, see #705
  • 4f62dcd chore: Added new npm script "types" to create type definitions
  • 9925140 Merge pull request #709 from 0xedward/docs-FORBID_CONTENTS
  • a4d33f3 Merge branch 'main' into docs-FORBID_CONTENTS
  • Additional commits viewable in compare view


Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
dependabot[bot] commented 2 years ago

Superseded by #638.