[Snyk] Upgrade dompurify from 2.2.9 to 2.3.6 #5

snyk-bot · 2022-05-10T05:23:30Z

Snyk has created this PR to upgrade dompurify from 2.2.9 to 2.3.6.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

The recommended version is 7 versions ahead of your current version.
The recommended version was released 3 months ago, on 2022-02-16.

Release notes

Package name: dompurify

2.3.6 - 2022-02-16
- Added an option to allow HTML5 doctypes, thanks @ tosmolka
- Bumped several dependencies, thanks @ is2ei
- Updated documentation to cover recently added flags, thanks @ is2ei
2.3.5 - 2022-01-26
- Performed several chores and cleanups, thanks @ is2ei
- Fixed a bug when working with Trusted Types, thanks @ tosmolka
- Fixed a bug with weird behavior on insecure nodes in IN_PLACE mode, thanks @ tosmolka
- Added more SVG attributes to allow-list, thanks @ rzhade3
2.3.4 - 2021-12-07
- Added support for Custom Elements, thanks @ franktopel
- Added new config settings to control Custom Element sanitizing, thanks @ franktopel
- Added faster clobber checks, thanks @ GrantGryczan
- Allow-listed SVG feImage elements, thanks @ ydaniv
- Updated test suite
- Update supported Node versions
- Updated README
2.3.3 - 2021-09-20
- Fixed a bug in the handing of PARSER_MEDIA_TYPE spotted by @ securitum-mb
- Adjusted the tests for MSIE to make sure the results are as expected now
2.3.2 - 2021-09-15
- Added new config option PARSER_MEDIA_TYPE, thanks @ tosmolka
2.3.1 - 2021-08-13
- Added code to make FORBID_CONTENTS setting configurable
- Added role to URI-safe attributes
- Added more paranoid handling for template elements
2.3.0 - 2021-07-06
- Added better handling of document creation on Firefox
- Added better handling of version numbers in license file
- Added two new browser versions to test suite config
- Fixed a bug with handling of custom data attributes
2.2.9 - 2021-06-01
- Fixed some minor issues related to the NAMESPACE config
- Fixed some minor issues relating to empty input
- Fixed some minor issues relating to handling of invalid XML

from dompurify GitHub release notes

Commit messages

Package name: dompurify

c84f6e4 chore: preparing 2.3.6 release
82e3c38 chore: added missing eslint exception
a0c2d08 Merge pull request [ReDoc@1.x] crash on array of files Redocly/redoc#651 from tosmolka/tosmolka/fix-doctype
1237e91 Merge pull request Chrome menu clicking issue with scrollYOffset set Redocly/redoc#650 from is2ei/fix-unused-variable
0194e87 chore: use unused variable
9821fd2 Revert formatting in test/fixtures/expect.js
f8f7e0c Build new version
8d57807 Fix lint error
eae08f5 Merge branch 'main' of https://github.com/cure53/DOMPurify into tosmolka/fix-doctype
94ba86d Allow only html doctype
dd59cdc Merge pull request When using scroll the last item is not selected in the menu Redocly/redoc#648 from is2ei/fix-test-on-IE11
e16993b chore: fix test on IE11
953b7be Merge pull request ReDoc IE compatibility? Redocly/redoc#647 from is2ei/bump-qunit
eb11b8f chore: bump qunit and upgrade tests
d0483bb Merge pull request Fix #424: Add onlyRequiredInSamples option Redocly/redoc#646 from cure53/dependabot/npm_and_yarn/follow-redirects-1.14.8
a7314fe build(deps): bump follow-redirects from 1.13.1 to 1.14.8
00b6578 chore: added a missing eslint-disable-next-line comment
c46d05f Merge branch 'main' of github.com:cure53/DOMPurify into main
333883f See Fix #627: Add feature to specify href for logo explicitly Redocly/redoc#645
685b258 Merge pull request ToC menu icon in low resolution devices Redocly/redoc#644 from is2ei/bump-xo
f54547e chore: bump xo
f7553b7 Serialize !doctype name only
1006f78 Merge branch 'main' of https://github.com/cure53/DOMPurify into tosmolka/fix-doctype
5fe9c67 Fix attempt without XMLSerializer