Update dependency dompurify to v2.4.7
This MR contains the following updates:
| Package | Type | Update | Change |
|---|---|---|---|
| dompurify | dependencies | minor | 2.3.3 -> 2.4.7 |
Release Notes
cure53/DOMPurify (dompurify)
v2.4.7: DOMPurify 2.4.7
- Fixed a licensing issue spotted and reported by @george-thomas-hill
v2.4.6: DOMPurify 2.4.6
- Fixed a bypass in jsdom 22 in case the
noframeselement is permitted, thanks @leeN
v2.4.5: DOMPurify 2.4.5
- Fixed a problem with improper reset of custom HTML options, thanks @ammaraskar
v2.4.4: DOMPurify 2.4.4
- Added support for
ALLOW_SELF_CLOSE_IN_ATTRflag, thanks @edg2s @AndreVirtimo - Added better support for
shadowrootmode, thanks @mfreed7
v2.4.3: DOMPurify 2.4.3
- Final release that is compatible with MSIE10 & MSIE 11
v2.4.2: DOMPurify 2.4.2
- Fixed a Trusted Types sink violation with empty input and NAMESPACE , thanks @tosmolka
- Fixed a Prototype Pollution issue discovered and reported by @kevin-mizu
v2.4.1: DOMPurify 2.4.1
- Added new config option
ALLOWED_NAMESPACESfor better XML handling, thanks @kevin-deyoungster @tosmolka - Added better detection of template literals when
SAFE_FOR_TEMPLATESistrue - Fixed an exception caused by DOM clobbering, thanks @masatokinugawa
- Bumped some dependencies, thanks @marcpenya-tf
v2.4.0: DOMPurify 2.4.0
- Removed bundled types again as they caused too much trouble
v2.3.12: DOMPurify 2.3.12
- Fixed an issue in 2.3.11 causing errors w. TypeScript, see #712, thanks @Mirco469, @brentkeller, @aryanisml
v2.3.11: DOMPurify 2.3.11
- Added generated type definitions for better compatibility
- Added SANITIZE_NAMED_PROPS config option, thanks @SoheilKhodayari
- Updated README and config documentation, thanks @0xedward
- Updated test suite with newer Node versions
v2.3.10: DOMPurify 2.3.10
- Added support for sanitization of attributes requiring Trusted Types, thanks @tosmolka
v2.3.9: DOMPurify 2.3.9
- Made TAG and ATTR config options case-sensitive when parsing XHTML, thanks @tosmolka
- Bumped some dependencies, thanks @is2ei
- Included github-actions in the dependabot config, thanks @nathannaveen
v2.3.8: DOMPurify 2.3.8
- Cleaned up a minor issue with the 2.3.7 release, thanks @johnbirds
No other changes compared to 2.3.7 release, which entail:
- Fixes around a bug in Safari, thanks @sybrew
- Slightly improved performance, thanks @tiny-ben-tran
- Lots of chores, bumps and typo fixes, thanks @is2ei
- Removed unnecessary string trimming, thanks @christopherehlen
v2.3.7
v2.3.6: DOMPurify 2.3.6
- Added an option to allow HTML5 doctypes, thanks @tosmolka
- Bumped several dependencies, thanks @is2ei
- Updated documentation to cover recently added flags, thanks @is2ei
v2.3.5: DOMPurify 2.3.5
- Performed several chores and cleanups, thanks @is2ei
- Fixed a bug when working with Trusted Types, thanks @tosmolka
- Fixed a bug with weird behavior on insecure nodes in IN_PLACE mode, thanks @tosmolka
- Added more SVG attributes to allow-list, thanks @rzhade3
v2.3.4: DOMPurify 2.3.4
- Added support for Custom Elements, thanks @franktopel
- Added new config settings to control Custom Element sanitizing, thanks @franktopel
- Added faster clobber checks, thanks @GrantGryczan
- Allow-listed SVG
feImageelements, thanks @ydaniv - Updated test suite
- Update supported Node versions
- Updated README
Configuration
-
If you want to rebase/retry this MR, check this box
This MR has been generated by Renovate Bot.