Upgrade DOMPurify to 2.0.2 #24681

dreamofabear · 2019-09-23T11:25:53Z

Upgrade past 2.0.1 for this:

Fixed a bypass affecting latest Chrome, caused by a newly discovered Chrome mXSS vulnerability

Not sure why renovate-bot didn't generate the PRs for 2.x.x.

dreamofabear · 2019-09-23T13:57:48Z

rsimha

Not sure why renovate-bot didn't generate the PRs for 2.x.x.

We currently disable automatic upgrades for all core runtime dependencies. See #23008. Easy to change this if necessary.

Lines 12 to 14 in 397052d

    
           "dependencies": { 
        
             "enabled": false 
        
           },

Upgrade DOMPurify to 2.0.2.

a204e83

googlebot added the cla: yes label Sep 23, 2019

dreamofabear requested a review from rsimha September 23, 2019 13:57

rsimha approved these changes Sep 23, 2019

View reviewed changes

dreamofabear merged commit c6f588b into ampproject:master Sep 23, 2019

dreamofabear deleted the dompurify-2.0.2 branch September 23, 2019 14:07

Provide feedback