[Snyk] Upgrade dompurify from 2.2.3 to 2.2.6 by anikethsaha · Pull Request #1482 · docsifyjs/docsify

anikethsaha · 2021-01-28T21:32:18Z

Snyk has created this PR to upgrade dompurify from 2.2.3 to 2.2.6.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

The recommended version is 3 versions ahead of your current version.
The recommended version was released a month ago, on 2020-12-18.

Release notes

Package name: dompurify

2.2.6 - 2020-12-18
- Added new mXSS prevention logic created by SecurityMB
2.2.5 - 2020-12-18
2.2.4 - 2020-12-15
- Fixed a new MathML-based bypass submitted by PewGrand
- Fixed a new SVG-related bypass submitted by SecurityMB
- Updated NodeJS CI to Node 14.x and Node 15.x
- Cleaned up _forceRemove logic for better reliability
2.2.3 - 2020-12-07
- Fixed an mXSS issue reported by PewGrand
- Fixed a minor issue with the license header
- Fixed a problem with overly-eager CSS stripping
- Updated the README and removed an XSS warning

from dompurify GitHub release notes

Commit messages

Package name: dompurify

b11cb72 chore: Preparing 2.2.6 release after failed 2.2.5 attempt /2
395cc83 chore: Preparing 2.2.6 release after failed 2.2.5 attempt
8a1c887 chore: Preparing 2.2.5 release
77e740e Merge pull request [DO NOT MERGE] [Issue #486] Local storage is now stored per hostname (for subdomains) #496 from securityMB/main
9dd47cb Create a polyfill for __lookupGetter__ to make IE10 happy
8e29990 fix: Made use of proper helper method to get parentNode
7e3a705 fix: Fixed an issue with parent node mapping in MSIE11
d1cf8c6 test: Fixed additional Edge 17 and MSIE11 tests
1446372 test: Fixed a bunch of Edge 17 and MSIE11 tests
7d9bc6a fix: Removed usage of has()
340ca09 fix: Remove use of new Set()
c477321 Revert "test: Fixed tests for MSIE11"
aae5766 Revert "test: Fixed additional tests for Edge 17 and MSIE 11"
b0398fd Revert "test: Customized additional tests for MSIE11"
bf62d7c test: Customized additional tests for MSIE11
abc92e5 test: Fixed additional tests for Edge 17 and MSIE 11
b242859 test: Fixed tests for MSIE11
9ee3d95 Merge pull request [Issue #494] New config option skipLink for accessibility #495 from securityMB/main
808cab3 Merge branch 'main' of https://github.com/cure53/DOMPurify
e8c8e89 Move anti-clobber to purify.js
21baa58 Another fix in anti-clobber: getChildNodes -> childNodes
6b2b871 Fix a terrible mistake in anti-clobber
0d42de0 Experiment with anticlobber approach
ccc2d31 Add a bunch of tests to check namespace enforcement

Compare

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs

Snyk has created this PR to upgrade dompurify from 2.2.3 to 2.2.6. See this package in npm: https://www.npmjs.com/package/dompurify See this project in Snyk: https://app.snyk.io/org/anikethsaha/project/6efe7e04-4e52-497e-8ad5-570733cc577a?utm_source=github&utm_medium=upgrade-pr

vercel · 2021-01-28T21:32:23Z

This pull request is being automatically deployed with Vercel (learn more).
To see the status of your deployment, click below or on the icon next to each commit.

🔍 Inspect: https://vercel.com/docsify-core/docsify-preview/3rfvpjwel
✅ Preview: https://docsify-previe-git-snyk-upgrade-2eb6523adfe81f2897994056-5ec887.docsify-core.vercel.app

codesandbox-ci · 2021-01-28T21:33:53Z

This pull request is automatically built and testable in CodeSandbox.

To see build info of the built libraries, click here or the icon next to each commit SHA.

Latest deployment of this branch, based on commit 7856bd9:

Sandbox	Source
docsify-template	Configuration

vercel bot deployed to Preview January 28, 2021 21:32 View deployment

sy-records approved these changes Jan 29, 2021

View reviewed changes

sy-records merged commit 7adad57 into develop Jan 29, 2021

sy-records deleted the snyk-upgrade-2eb6523adfe81f28979940563a15720f branch January 29, 2021 00:34

sy-records mentioned this pull request Feb 5, 2021

[Release]: v4.12.0 #1493

Merged

3 tasks

anikethsaha mentioned this pull request Feb 19, 2021

[Snyk] Security upgrade docsify from 4.11.6 to 4.12.0 #1518

Merged

This was referenced Jul 31, 2022

[Snyk] Security upgrade node-fetch from 2.6.7 to 3.2.10 #1848

Closed

[Snyk] Security upgrade node-fetch from 2.6.7 to 3.2.10 #1849

Closed

skmezanul mentioned this pull request Jul 31, 2022

[Snyk] Security upgrade node-fetch from 1.7.3 to 3.2.10 skmezanul/docsify#10

Open

Bhanditz mentioned this pull request Aug 1, 2022

[Snyk] Security upgrade node-fetch from 1.7.1 to 3.2.10 Bhanditz/docsify#10

Open

snyk-bot mentioned this pull request Aug 1, 2022

[Snyk] Security upgrade node-fetch from 2.6.1 to 3.2.10 easy-quest/docsify#8

Open

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

[Snyk] Upgrade dompurify from 2.2.3 to 2.2.6#1482

[Snyk] Upgrade dompurify from 2.2.3 to 2.2.6#1482
sy-records merged 1 commit intodevelopfrom
snyk-upgrade-2eb6523adfe81f28979940563a15720f

anikethsaha commented Jan 28, 2021

Uh oh!

vercel bot commented Jan 28, 2021 •

edited

Loading

Uh oh!

codesandbox-ci bot commented Jan 28, 2021

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

3 participants

Uh oh!

Conversation

anikethsaha commented Jan 28, 2021

Snyk has created this PR to upgrade dompurify from 2.2.3 to 2.2.6.

Uh oh!

vercel bot commented Jan 28, 2021 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

codesandbox-ci bot commented Jan 28, 2021

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

3 participants

vercel bot commented Jan 28, 2021 •

edited

Loading