[Snyk] Upgrade dompurify from 2.2.2 to 2.2.8

[snyk-bot]

Snyk has created this PR to upgrade dompurify from 2.2.2 to 2.2.8.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

---

• The recommended version is 6 versions ahead of your current version.
• The recommended version was released 2 months ago, on 2021-04-28.

Release notes

Package name: dompurify

• 2.2.8 - 2021-04-28
  
  • Added NAMESPACE config option, thanks @ NateScarlet
  • Added better fallback for older browsers & PhantomJS, thanks @ albanx
  • Extended allow-list for SVG attributes a bit
• 2.2.7 - 2021-03-12
  
  • Fixed handling of unsupported browsers, i.e. Safari 9 and older
  • Fixed various minor bugs and typos in README and examples
  • Added better handling of potentially harmful "is" attributes
  • Added better handling of lookupGetter functionality
• 2.2.6 - 2020-12-18
  
  • Added new mXSS prevention logic created by SecurityMB
• 2.2.5 - 2020-12-18
• 2.2.4 - 2020-12-15
  
  • Fixed a new MathML-based bypass submitted by PewGrand
  • Fixed a new SVG-related bypass submitted by SecurityMB
  • Updated NodeJS CI to Node 14.x and Node 15.x
  • Cleaned up _forceRemove logic for better reliability
• 2.2.3 - 2020-12-07
  
  • Fixed an mXSS issue reported by PewGrand
  • Fixed a minor issue with the license header
  • Fixed a problem with overly-eager CSS stripping
  • Updated the README and removed an XSS warning
• 2.2.2 - 2020-11-02
  
  • Fixed an mXSS bypass dropped on us publicly via #482
  • Fixed an mXSS variation that was reported privately short after
  • Added dialog to permitted elements list
  • Fixed a small typo in the README

from dompurify GitHub release notes

Commit messages

Package name: dompurify

• 1bf9e2a chore: Preparing 2.2.8 release
• 2fd1381 test: Fixed a dumb typo
• 9ca9ea8 test: Adjusted tests for MSIE10, sigh
• 07cb459 test: Adjusted tests for old Chrome
• 9c2a08f test: Fixed tests for Edge 18
• a10131b Adjusted tests for newer FF
• 0a9cc32 See Sync issues with BlackBerry Z30 nextcloud/server#532
• a42cf3e Merge pull request Check if an app provide two-factor-auth providers before we try to use them nextcloud/server#534 from NateScarlet/config-namespace
• 0bc9786 feat: add NAMESPACE config
• e1c19cf Merge pull request Change oc to nc nextcloud/server#527 from moefinley/patch-1
• 172c896 Added trailing `,`
• b69057c Adding missing `slot` attribute
• a9ad5be chore: added correct version tags for 2.2.7
• aedf30c chore: preparing 2.2.7 release
• 5b3225e Merge pull request OCS correctly handle login exception nextcloud/server#522 from cure53/dependabot/npm_and_yarn/elliptic-6.5.4
• aeacb6d chore(deps): bump elliptic from 6.5.3 to 6.5.4
• a16346c Added better isSupported handling for Safari 9, see [stable9] Run the license script nextcloud/server#516
• 9efbbcc Merge pull request [stable9] license and mailmap backports nextcloud/server#514 from IT-premium-team/bugfix/lookup-getter-fallback
• 6fed510 clear code
• 76c87d5 lookupGetter: notify about fallback value
• 736b8e6 add fallback for lookup-getter util
• 62e7d48 Merge pull request AppFramework add default values (ApiController) as parameters nextcloud/server#509 from virajkulkarni14/patch-1
• b7ea6a1 Updated README as discussed in issue Update emails and license headers with latest changes nextcloud/server#507
• 36bf02f Merge pull request Users can upload, though memory is full (trick) nextcloud/server#504 from cure53/dependabot/npm_and_yarn/socket.io-2.4.1

Compare

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs