search

wmcadigital / wmn-refund

Step by step form for refunds of transport tickets
https://refund.wmnetwork.co.uk
0 stars 4 forks source link

[skip netlify]: Bump dompurify from 2.2.2 to 2.4.1 #661

Closed dependabot[bot] closed 1 year ago

dependabot[bot] commented 2 years ago

Bumps dompurify from 2.2.2 to 2.4.1.

Release notes

Sourced from dompurify's releases.

DOMPurify 2.4.1

DOMPurify 2.4.0

  • Removed bundled types again as they caused too much trouble

DOMPurify 2.3.12

DOMPurify 2.3.11

  • Added generated type definitions for better compatibility
  • Added SANITIZE_NAMED_PROPS config option, thanks @​SoheilKhodayari
  • Updated README and config documentation, thanks @​0xedward
  • Updated test suite with newer Node versions

DOMPurify 2.3.10

  • Added support for sanitization of attributes requiring Trusted Types, thanks @​tosmolka

DOMPurify 2.3.9

  • Made TAG and ATTR config options case-sensitive when parsing XHTML, thanks @​tosmolka
  • Bumped some dependencies, thanks @​is2ei
  • Included github-actions in the dependabot config, thanks @​nathannaveen

DOMPurify 2.3.8

  • Cleaned up a minor issue with the 2.3.7 release, thanks @​johnbirds

No other changes compared to 2.3.7 release, which entail:

DOMPurify 2.3.6

  • Added an option to allow HTML5 doctypes, thanks @​tosmolka
  • Bumped several dependencies, thanks @​is2ei
  • Updated documentation to cover recently added flags, thanks @​is2ei

DOMPurify 2.3.5

  • Performed several chores and cleanups, thanks @​is2ei
  • Fixed a bug when working with Trusted Types, thanks @​tosmolka
  • Fixed a bug with weird behavior on insecure nodes in IN_PLACE mode, thanks @​tosmolka
  • Added more SVG attributes to allow-list, thanks @​rzhade3

DOMPurify 2.3.4

... (truncated)

Commits
  • 67f784c chore: preparing 2.4.1 release
  • e50e814 Merge pull request #731 from cure53/dependabot/npm_and_yarn/minimatch-3.1.2
  • 4712fa3 test: attempted to fix ALLOWED_NAMESPACES tests for IE/Edge v2
  • 48d009c test: attempted to fix ALLOWED_NAMESPACES tests for IE/Edge
  • 36eb7c3 build(deps): bump minimatch from 3.0.4 to 3.1.2
  • 16232f0 Merge pull request #730 from cure53/dependabot/npm_and_yarn/socket.io-parser-...
  • 5f77429 Merge pull request #729 from kevin-deyoungster/kdeyoungster/xml
  • 7a77304 build(deps): bump socket.io-parser from 4.0.4 to 4.0.5
  • 36fc276 lint new changes
  • c2c1b11 Experiment with ALLOWED_NAMESPACES
  • Additional commits viewable in compare view


Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
dependabot[bot] commented 1 year ago

Superseded by #690.