[Snyk] Upgrade dompurify from 2.0.17 to 2.5.0 #50

NOUIY · 2024-04-29T03:26:30Z

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to upgrade dompurify from 2.0.17 to 2.5.0.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

The recommended version is 36 versions ahead of your current version.
The recommended version was released 22 days ago, on 2024-04-07.

The recommended version fixes:

Issue	PriorityScore (*)	Exploit Maturity
Cross-site Scripting (XSS) SNYK-JS-DOMPURIFY-1035544	539/1000 Why? Has a fix available, CVSS 6.5	No Known Exploit
Cross-site Scripting (XSS) SNYK-JS-DOMPURIFY-2863266	539/1000 Why? Has a fix available, CVSS 6.5	Proof of Concept
Template Injection SNYK-JS-DOMPURIFY-6474511	539/1000 Why? Has a fix available, CVSS 6.5	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Release notes

Package name: dompurify

2.5.0 - 2024-04-07
- Added new setting SAFE_FOR_XML to enable better control over comment scrubbing
- Updated the LICENSE file to show the accurate year number
- Updated several build and test dependencies
2.4.9 - 2024-03-21
- Fixed another conditional bypass caused by Processing Instructions, thanks @ Ry0taK
- Fixed the regex for HTML Custom Element detection, thanks @ AlekseySolovey3T
2.4.8 - 2024-03-19
- Fixed two possible bypasses when sanitizing an XML document and later using it in HTML, thanks @ Slonser
2.4.7 - 2023-07-11
2.4.6 - 2023-07-10
2.4.5 - 2023-03-01
2.4.4 - 2023-02-13
2.4.3 - 2023-01-06
2.4.2 - 2023-01-05
2.4.1 - 2022-11-10
2.4.0 - 2022-08-24
2.3.12 - 2022-08-23
2.3.11 - 2022-08-23
2.3.10 - 2022-07-18
2.3.9 - 2022-07-11
2.3.8 - 2022-05-13
2.3.7 - 2022-05-11
2.3.6 - 2022-02-16
2.3.5 - 2022-01-26
2.3.4 - 2021-12-07
2.3.3 - 2021-09-20
2.3.2 - 2021-09-15
2.3.1 - 2021-08-13
2.3.0 - 2021-07-06
2.2.9 - 2021-06-01
2.2.8 - 2021-04-28
2.2.7 - 2021-03-12
2.2.6 - 2020-12-18
2.2.5 - 2020-12-18
2.2.4 - 2020-12-15
2.2.3 - 2020-12-07
2.2.2 - 2020-11-02
2.2.1 - 2020-11-02
2.2.0 - 2020-10-21
2.1.1 - 2020-09-25
2.1.0 - 2020-09-23
2.0.17 - 2020-09-20

from dompurify GitHub release notes

Commit messages

Package name: dompurify

7f6cf8a chore: Updated some packages
6f9902d docs: Updated year in LICENSE file for 2.x as well
2dcadf0 chore: Preparing 2.5.0 release
28381af feature: Added SAFE_FOR_XML flag and code to 2.x branch
79cfb37 chore: Preparing 2.4.9 release
0940755 fix: Merged relevant changes from main for 2.4.9
416ba67 chore: Preparing 2.4.8 release
4035e3a chore: Preparing 2.4.8. release
f0e75b0 fix: cherry-picked fixes for XML & CE bypass
ef731c0 chore: Preparing 2.4.7. release
5b7dff9 chore: Preparing 2.4.6 release
a01c083 Fix: addressed a bypass on jsdom 22 when noframes tag is allowed
f464d95 chore: preparing 2.4.5 release
fa4e8ee chore: preparing 2.4.4 release
f5c25ac see Pressing the space bar while inside any TextEditor scrolls the window down atom/settings-view#767
08e9fab test: Added 2.x tag to 2.x branch actions
5f766bc See Sort packages search atom/settings-view#761
90326ef Merge pull request Another require fix for remote atom/settings-view#750 from cure53/dependabot/npm_and_yarn/json5-1.0.2
fade506 chore: Prepare 2.4.3, final feature release compatible w. MSIE10/11
3afe389 build(deps): bump json5 from 1.0.1 to 1.0.2
f1e180f fix: merged from latest main
7707778 Update README.md
5267b04 chore: Preparing 2.4.2 release
d1dd037 fix: Fixed a prototype pollution bug reported by @ kevin_mizu