-
Notifications
You must be signed in to change notification settings - Fork 1
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Update dependency dompurify to v2.5.6 #374
Open
renovate
wants to merge
1
commit into
develop
Choose a base branch
from
renovate/dompurify-2.x
base: develop
Could not load branches
Branch not found: {{ refName }}
Loading
Could not load tags
Nothing to show
Loading
Are you sure you want to change the base?
Some commits from the old base branch may be removed from the timeline,
and old review comments may become outdated.
Open
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
64553c8
to
10dfdcf
Compare
10dfdcf
to
6c277ae
Compare
6c277ae
to
49b370e
Compare
49b370e
to
2e0f5ef
Compare
2e0f5ef
to
728838d
Compare
728838d
to
f820ba2
Compare
f820ba2
to
dba474d
Compare
dba474d
to
e8fc77f
Compare
e8fc77f
to
0fff46d
Compare
0fff46d
to
de0f3bf
Compare
de0f3bf
to
c377477
Compare
c377477
to
df6040a
Compare
df6040a
to
efac174
Compare
efac174
to
3639b58
Compare
3639b58
to
1fa53b6
Compare
1fa53b6
to
6782687
Compare
6782687
to
5f9c25e
Compare
5f9c25e
to
892cb48
Compare
892cb48
to
f8e350a
Compare
f8e350a
to
864c9f2
Compare
864c9f2
to
218128a
Compare
218128a
to
04fc754
Compare
04fc754
to
3c22c28
Compare
3c22c28
to
4355b28
Compare
4355b28
to
a21c335
Compare
a21c335
to
3512dd1
Compare
3512dd1
to
6efbc6b
Compare
6efbc6b
to
1529025
Compare
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Labels
None yet
0 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR contains the following updates:
2.0.12
->2.5.6
Release Notes
cure53/DOMPurify (dompurify)
v2.5.6
: DOMPurify 2.5.6Compare Source
v2.5.5
: DOMPurify 2.5.5Compare Source
bower.js
, thanks @HakumenNCv2.5.4
: DOMPurify 2.5.4Compare Source
isNaN
checks affecting MSIE, thanks @tulachv2.5.3
: DOMPurify 2.5.3Compare Source
v2.5.2
: DOMPurify 2.5.2Compare Source
v2.5.1
: DOMPurify 2.5.1Compare Source
Note that this is a security release and should be upgraded to immediately. Please also note that further releases may follow as the underlying vulnerability is apparently new and further variations may be discovered.
v2.5.0
: DOMPurify 2.5.0Compare Source
SAFE_FOR_XML
to enable better control over comment scrubbingv2.4.9
: DOMPurify 2.4.9Compare Source
v2.4.8
: DOMPurify 2.4.8Compare Source
v2.4.7
: DOMPurify 2.4.7Compare Source
v2.4.6
: DOMPurify 2.4.6Compare Source
noframes
element is permitted, thanks @leeNv2.4.5
: DOMPurify 2.4.5Compare Source
v2.4.4
: DOMPurify 2.4.4Compare Source
ALLOW_SELF_CLOSE_IN_ATTR
flag, thanks @edg2s @AndreVirtimoshadowrootmode
, thanks @mfreed7v2.4.3
: DOMPurify 2.4.3Compare Source
v2.4.2
: DOMPurify 2.4.2Compare Source
v2.4.1
: DOMPurify 2.4.1Compare Source
ALLOWED_NAMESPACES
for better XML handling, thanks @kevin-deyoungster @tosmolkaSAFE_FOR_TEMPLATES
istrue
v2.4.0
: DOMPurify 2.4.0Compare Source
v2.3.12
: DOMPurify 2.3.12Compare Source
v2.3.11
: DOMPurify 2.3.11Compare Source
v2.3.10
: DOMPurify 2.3.10Compare Source
v2.3.9
: DOMPurify 2.3.9Compare Source
v2.3.8
: DOMPurify 2.3.8Compare Source
No other changes compared to 2.3.7 release, which entail:
v2.3.7
Compare Source
v2.3.6
: DOMPurify 2.3.6Compare Source
v2.3.5
: DOMPurify 2.3.5Compare Source
v2.3.4
: DOMPurify 2.3.4Compare Source
feImage
elements, thanks @ydanivv2.3.3
: DOMPurify 2.3.3Compare Source
PARSER_MEDIA_TYPE
spotted by @securitum-mbv2.3.2
: DOMPurify 2.3.2Compare Source
PARSER_MEDIA_TYPE
, thanks @tosmolkav2.3.1
: DOMPurify 2.3.1Compare Source
FORBID_CONTENTS
setting configurablerole
to URI-safe attributesv2.3.0
: DOMPurify 2.3.0Compare Source
v2.2.9
: DOMPurify 2.2.9Compare Source
NAMESPACE
configv2.2.8
: DOMPurify 2.2.8Compare Source
NAMESPACE
config option, thanks @NateScarletv2.2.7
: DOMPurify 2.2.7Compare Source
v2.2.6
: DOMPurify 2.2.6Compare Source
v2.2.5
Compare Source
v2.2.4
: DOMPurify 2.2.4Compare Source
_forceRemove
logic for better reliabilityv2.2.3
: DOMPurify 2.2.3Compare Source
v2.2.2
: DOMPurify 2.2.2Compare Source
v2.2.1
Compare Source
v2.2.0
: DOMPurify 2.2.0Compare Source
RETURN_DOM_IMPORT
default totrue
to address said possible XSSRETURN_DOM_IMPORT
back tofalse
v2.1.1
: DOMPurify 2.1.1Compare Source
v2.1.0
: DOMPurify 2.1.0Compare Source
SAFE_FOR_JQUERY
flag (we are safe by default now for jQuery)v2.0.17
: DOMPurify 2.0.17Compare Source
v2.0.16
: DOMPurify 2.0.16Compare Source
Credits for the bypass go to Michał Bentkowski (@securityMB) of Securitum who spotted the bug in Chrome, turned it into another DOMPurify bypass, reported and helped verifying the fix 🙇♂️ 🙇♀️
v2.0.15
: DOMPurify 2.0.15Compare Source
v2.0.14
: DOMPurify 2.0.14Compare Source
v2.0.13
Compare Source
Configuration
📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR has been generated by Mend Renovate. View repository job log here.