Skip to content

[Snyk] Upgrade dompurify from 2.2.2 to 2.2.6 #1484

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
wants to merge 1 commit into from
Closed

[Snyk] Upgrade dompurify from 2.2.2 to 2.2.6 #1484

wants to merge 1 commit into from

Conversation

anikethsaha
Copy link
Member

Snyk has created this PR to upgrade dompurify from 2.2.2 to 2.2.6.

merge advice
ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

  • The recommended version is 4 versions ahead of your current version.
  • The recommended version was released a month ago, on 2020-12-18.
Release notes
Package name: dompurify
  • 2.2.6 - 2020-12-18
    • Added new mXSS prevention logic created by SecurityMB
  • 2.2.5 - 2020-12-18
  • 2.2.4 - 2020-12-15
    • Fixed a new MathML-based bypass submitted by PewGrand
    • Fixed a new SVG-related bypass submitted by SecurityMB
    • Updated NodeJS CI to Node 14.x and Node 15.x
    • Cleaned up _forceRemove logic for better reliability
  • 2.2.3 - 2020-12-07
    • Fixed an mXSS issue reported by PewGrand
    • Fixed a minor issue with the license header
    • Fixed a problem with overly-eager CSS stripping
    • Updated the README and removed an XSS warning
  • 2.2.2 - 2020-11-02
    • Fixed an mXSS bypass dropped on us publicly via #482
    • Fixed an mXSS variation that was reported privately short after
    • Added dialog to permitted elements list
    • Fixed a small typo in the README
from dompurify GitHub release notes
Commit messages
Package name: dompurify

Compare

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs

@vercel
Copy link

vercel bot commented Jan 29, 2021
edited
Loading

This pull request is being automatically deployed with Vercel (learn more).
To see the status of your deployment, click below or on the icon next to each commit.

🔍 Inspect: https://vercel.com/docsify-core/docsify-preview/j87k9n0hn
✅ Preview: https://docsify-previe-git-snyk-upgrade-69df63edf6478b170ee5dfb5-474e7c.docsify-core.vercel.app

@Koooooo-7
Copy link
Member

ooops, the codesandbox seems needs change the npm ci.

+ npm ci (in /tmp/18669184)
npm ERR! cipm can only install packages when your package.json and package-lock.json or npm-shrinkwrap.json are in sync. Please update your lock file with `npm install` before continuing.
npm ERR! 
npm ERR! 
npm ERR! Missing: vue2@npm:vue@^2.6.12
npm ERR! Missing: vue3@npm:vue@^3.0.0
npm ERR!

@sy-records sy-records closed this Feb 4, 2021
@sy-records sy-records deleted the snyk-upgrade-69df63edf6478b170ee5dfb5432dc012 branch February 4, 2021 00:30
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@anikethsaha @Koooooo-7 @sy-records @snyk-bot