Bump @braintree/sanitize-url, braintree-web-drop-in and braintree-web in /frontend

[dependabot]

Bumps @braintree/sanitize-url, braintree-web-drop-in and braintree-web. These dependencies needed to be updated together.
Updates @braintree/sanitize-url from 5.0.2 to 6.0.0

Changelog

Sourced from @​braintree/sanitize-url's changelog.

6.0.0

Breaking Changes

• Decode HTML characters automatically that would result in an XSS vulnerability when rendering links via a server rendered HTML file

// decodes to javacript:alert('XSS')
const vulnerableUrl =
  "&[#0000106](https://github.com/braintree/sanitize-url/issues/0000106)&[#0000097](https://github.com/braintree/sanitize-url/issues/0000097)&[#0000118](https://github.com/braintree/sanitize-url/issues/0000118)&[#0000097](https://github.com/braintree/sanitize-url/issues/0000097)&[#0000115](https://github.com/braintree/sanitize-url/issues/0000115)&[#0000099](https://github.com/braintree/sanitize-url/issues/0000099)&[#0000114](https://github.com/braintree/sanitize-url/issues/0000114)&[#0000105](https://github.com/braintree/sanitize-url/issues/0000105)&[#0000112](https://github.com/braintree/sanitize-url/issues/0000112)&[#0000116](https://github.com/braintree/sanitize-url/issues/0000116)&[#0000058](https://github.com/braintree/sanitize-url/issues/0000058)&[#0000097](https://github.com/braintree/sanitize-url/issues/0000097)&[#0000108](https://github.com/braintree/sanitize-url/issues/0000108)&[#0000101](https://github.com/braintree/sanitize-url/issues/0000101)&[#0000114](https://github.com/braintree/sanitize-url/issues/0000114)&[#0000116](https://github.com/braintree/sanitize-url/issues/0000116)&[#0000040](https://github.com/braintree/sanitize-url/issues/0000040)&[#0000039](https://github.com/braintree/sanitize-url/issues/0000039)&[#0000088](https://github.com/braintree/sanitize-url/issues/0000088)&[#0000083](https://github.com/braintree/sanitize-url/issues/0000083)&[#0000083](https://github.com/braintree/sanitize-url/issues/0000083)&[#0000039](https://github.com/braintree/sanitize-url/issues/0000039)&[#0000041](https://github.com/braintree/sanitize-url/issues/0000041)";
sanitizeUrl(vulnerableUrl); // 'about:blank'
const okUrl = "https://example.com/" + vulnerableUrl;
// since the javascript bit is in the path instead of the protocol
// this is successfully sanitized
sanitizeUrl(okUrl); // 'https://example.com/javascript:alert('XSS');

Commits

• 34fc643 6.0.0
• 5c0b288 chore: update version in changelog
• 8f7371c feat: decode html entities before sanitizing (#40)
• abff5b1 chore: update dev dependencies
• 89df59e chore: update eslint-config
• 348c8a9 chore: update node to v16
• ceb62bf chore: update dev dependencies
• 1b58265 chore: update packages
• e4b04d8 chore: update dev dependencies
• 7eb358e chore: update dev dependencies
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by braintree, a new releaser for @​braintree/sanitize-url since your current version.

Updates braintree-web-drop-in from 1.32.0 to 1.33.4

Release notes

Sourced from braintree-web-drop-in's releases.

v1.33.3

• Update braintree-web to v3.85.5
• Fix test app accessibility errors

Changelog

Sourced from braintree-web-drop-in's changelog.

1.33.4

• Update braintree-web to v3.86.0

1.33.3

• Update braintree-web to v3.85.5
• Fix test app accessibility errors

1.33.2

• Update VISA icon (SVG)

1.33.1

• Fix issue where Drop-In fields escape Drop-In container when errors are present on multiple inputs
• Fix issue where Hipercard icon was not hidden (#812, thanks @​tamtamchik)
• Update braintree-web to v3.85.3
• Update promise-polyfill to v8.2.3

1.33.0

• Update braintree-web to v3.85.2
• Add support for Elo, Hiper, and Hipercard
• Add support for UnionPay

1.32.1

• Fix issue where passing true to card results in an error (#775)
• Fix SVG inline styles causing CSP errors (#770)
• Update promise-polyfill to v8.2.1
• Update braintree-web to v3.83.0

Commits

• See full diff in compare view

Updates braintree-web from 3.82.0 to 3.86.0

Release notes

Sourced from braintree-web's releases.

3.85.5

• Fix internal build issue
• Update @​braintree/browser-detection to v1.14.0

Changelog

Sourced from braintree-web's changelog.

3.86.0

• Add support for Desktop Web Login flow
• Add support for Mobile Web Fallback

3.85.5

• Fix internal build issue

3.85.4

• Update @​braintree/browser-detection to v1.14.0

3.85.3

• Update @​braintree/sanitize-url to v6.0.0
• Update promise-polyfill to v8.2.3
• Update restricted-input to v3.0.5
• Venmo
  • Fix issue where Samsung Browser was reporting as a supported browser
• Local Payments
  • Fix issue where query strings from URLs with a hash fragment before the query string could not be parsed correctly
• Clarify Vault Manager options.defaultFirst functionality in JSDoc

3.85.2

• Venmo
  • Fix issue where iOS Chrome was reporting as a supported browser when Venmo was configured for desktop
  • Improve Venmo modal UX in desktop flow
• UnionPay
  • Fix typo in our GraphQL Tokenization CREDIT_CARD_BRAND_MAP

3.85.1

• Venmo
  • Fix issue where iOS Chrome was reporting as a supported browser

3.85.0

• Client
  • Add Elo, Hiper, and Hipercard graphQL adapters to card tokenization responses
• Hosted Fields
  • Add support for Elo, Hiper, and Hipercard in tokenization payload
  • Fix issue where Hosted Fields won't lose focus if scrolled out of view on iOS
• Payment Request
  • Add support for Elo, Hiper, and Hipercard in tokenization payload

... (truncated)

Commits

• 5f858c0 Release braintree-web 3.86.0 source
• ce16a56 Release braintree-web 3.85.5
• e6cdc78 chore: release braintree-web@3.85.3
• df38a9b Release braintree-web 3.85.2 source
• 9831fac Release braintree-web 3.85.1 source
• 75c1c24 Release braintree-web 3.85.0 source
• d253629 chore: release braintree-web@3.84.0
• 1a8c397 chore: release braintree-web@3.83.0
• ce1fc39 Fix README.md markdown syntax (#592)
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  You can disable automated security fix PRs for this repo from the Security Alerts page.