search

wmcadigital / wmn-refund

Step by step form for refunds of transport tickets
https://refund.wmnetwork.co.uk
0 stars 4 forks source link

[skip netlify]: Bump dompurify from 2.2.2 to 2.4.3 #691

Open dependabot[bot] opened 1 year ago

dependabot[bot] commented 1 year ago

Bumps dompurify from 2.2.2 to 2.4.3.

Release notes

Sourced from dompurify's releases.

DOMPurify 2.4.3

  • Final release that is compatible with MSIE10 & MSIE 11

DOMPurify 2.4.2

  • Fixed a Trusted Types sink violation with empty input and NAMESPACE , thanks @​tosmolka
  • Fixed a Prototype Pollution issue discovered and reported by @​kevin-mizu

DOMPurify 2.4.1

DOMPurify 2.4.0

  • Removed bundled types again as they caused too much trouble

DOMPurify 2.3.12

DOMPurify 2.3.11

  • Added generated type definitions for better compatibility
  • Added SANITIZE_NAMED_PROPS config option, thanks @​SoheilKhodayari
  • Updated README and config documentation, thanks @​0xedward
  • Updated test suite with newer Node versions

DOMPurify 2.3.10

  • Added support for sanitization of attributes requiring Trusted Types, thanks @​tosmolka

DOMPurify 2.3.9

  • Made TAG and ATTR config options case-sensitive when parsing XHTML, thanks @​tosmolka
  • Bumped some dependencies, thanks @​is2ei
  • Included github-actions in the dependabot config, thanks @​nathannaveen

DOMPurify 2.3.8

  • Cleaned up a minor issue with the 2.3.7 release, thanks @​johnbirds

No other changes compared to 2.3.7 release, which entail:

DOMPurify 2.3.6

  • Added an option to allow HTML5 doctypes, thanks @​tosmolka
  • Bumped several dependencies, thanks @​is2ei
  • Updated documentation to cover recently added flags, thanks @​is2ei

DOMPurify 2.3.5

  • Performed several chores and cleanups, thanks @​is2ei
  • Fixed a bug when working with Trusted Types, thanks @​tosmolka

... (truncated)

Commits
  • 90326ef Merge pull request #750 from cure53/dependabot/npm_and_yarn/json5-1.0.2
  • fade506 chore: Prepare 2.4.3, final feature release compatible w. MSIE10/11
  • 3afe389 build(deps): bump json5 from 1.0.1 to 1.0.2
  • f1e180f fix: merged from latest main
  • 7707778 Update README.md
  • 5267b04 chore: Preparing 2.4.2 release
  • d1dd037 fix: Fixed a prototype pollution bug reported by @​kevin_mizu
  • 24d2a7f Merge pull request #748 from tosmolka/tosmolka/747
  • 7de86a0 Fix formatting
  • 191cc00 Fix Trusted Types Sink violation with empty input and NAMESPACE
  • Additional commits viewable in compare view


Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)