Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Snyk] Upgrade dompurify from 2.0.17 to 2.1.0 #1397

Merged
merged 3 commits into from
Oct 15, 2020

Conversation

snyk-bot
Copy link
Contributor

Snyk has created this PR to upgrade dompurify from 2.0.17 to 2.1.0.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.


  • The recommended version is 1 version ahead of your current version.
  • The recommended version was released 22 days ago, on 2020-09-23.
Release notes
Package name: dompurify
  • 2.1.0 - 2020-09-23
    • Fixed several possible mXSS patterns, thanks @hackvertor
    • Removed the SAFE_FOR_JQUERY flag (we are safe by default now for jQuery)
    • Removed several now useless mXSS checks
    • Updated the mXSS check for elements
    • Updated test cases to cover new sanitization strategy
    • Updated test website to use newer jQuery
    • Updated array of tested browsers and removed legacy browsers
    • Added "auto convert" checkbox to test website, thanks @hackvertor
  • 2.0.17 - 2020-09-20
    • Fixed another bypass causing mXSS by using MathML
from dompurify GitHub release notes
Commit messages
Package name: dompurify
  • 1f1c119 test: updated test website and added a cool name
  • 8ff0ee1 chore: preparing 2.1.0 release
  • cbac6f6 test: updated jQuery to 3.2.0 on test website
  • 8177881 chore: removed the mention of the SAFE_FOR_JQUERY flag
  • 0e3a8b3 Merge branch 'main' of [email protected]:cure53/DOMPurify.git into main
  • 5daf669 fix: added code to fix attribtes for old jQuery
  • 7eaa331 Merge pull request add plugin for codefund #471 from hackvertor/patch-1
  • 1bdfb7c Added auto convert checkbox
  • 6615718 chofre: expreimentally removed SAFE_FOR_JQUERY
  • a64d675 fix: re-added a noembed mXSS check
  • aed1768 test: changed browser version flags slightly for MaxOS
  • 59d93d7 test: updated array of tested browsers
  • f3aea7a test: added a test for a bypass spotted by Gareth
  • e08af77 fix: rolled back the simplified check
  • 3f46d92 fix: simplified the mXSS check a bit
  • 8d93c99 fix: fixed a missing call
  • 265cb44 fix: rolled back some of the changes for mXSS check
  • 78b8fc9 fix: changed the mXSS check to be more accurate
  • 54c6d8e fix: added a new experimental mXSS check
  • ce7f554 fix: Reverting back to textContent checks
  • 89de4b5 test: Fixed some tests to match new scrubbing strategy
  • abe4d11 chore: cleaned some unused code
  • 0cf19ac fix: changed mXSS regex ever so slightly
  • 7ba1ea3 fix: Made the regex check for mXSS less accurate (a.k.a. match more)

Compare


Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs

@vercel
Copy link

vercel bot commented Oct 14, 2020

This pull request is being automatically deployed with Vercel (learn more).
To see the status of your deployment, click below or on the icon next to each commit.

🔍 Inspect: https://vercel.com/docsify-core/docsify-preview/r2wa4guqi
✅ Preview: https://docsify-previe-git-snyk-upgrade-f3b03fb5f2097643182713e2-4ab2b1.docsify-core.vercel.app

@codesandbox-ci
Copy link

codesandbox-ci bot commented Oct 14, 2020

This pull request is automatically built and testable in CodeSandbox.

To see build info of the built libraries, click here or the icon next to each commit SHA.

Latest deployment of this branch, based on commit 2b2a252:

Sandbox Source
docsify-template Configuration

@Koooooo-7
Copy link
Member

@sy-records Could u plz check the CI exception on build? the test/e2e/sidebar.test.js.

@Koooooo-7 Koooooo-7 merged commit 1863d8e into develop Oct 15, 2020
trusktr added a commit that referenced this pull request Nov 2, 2020
* develop: (81 commits)
  fix: upgrade dompurify from 2.1.0 to 2.1.1 (#1402)
  fix: upgrade dompurify from 2.0.17 to 2.1.0 (#1397)
  fix: search on homepage test (#1398)
  fix: the sidebar links to another site. (#1336)
  fix: Can't search homepage content (#1391)
  fix: upgrade debug from 4.1.1 to 4.3.0 (#1390)
  fix: packages/docsify-server-renderer/package.json & packages/docsify-server-renderer/package-lock.json to reduce vulnerabilities (#1389)
  Fix eslint warnings (#1388)
  docs: add crossOriginLinks configurations details. (#1386)
  Remove Cypress screenshots
  Fix friendly message display
  Add Vue 3 compatibility
  Show dir listing & help msg for manual instance
  Add NODE_MODULES_URL global
  Jest + Playwright Testing (#1276)
  update doc (#1381)
  Fix scroll event end value
  fix: upgrade docsify from 4.11.4 to 4.11.6 (#1373)
  chore(deps): bump node-fetch in /packages/docsify-server-renderer (#1370)
  test: fix cannot search list content (#1367)
  ...
@sy-records sy-records deleted the snyk-upgrade-f3b03fb5f2097643182713e291b37245 branch November 6, 2020 00:34
@sy-records sy-records mentioned this pull request Feb 5, 2021
3 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants