[Snyk] Upgrade dompurify from 2.2.6 to 2.4.1

[snyk-bot]

Snyk has created this PR to upgrade dompurify from 2.2.6 to 2.4.1.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

---

• The recommended version is 18 versions ahead of your current version.
• The recommended version was released a month ago, on 2022-11-10.

Release notes

Package name: dompurify

• 2.4.1 - 2022-11-10
  
  • Added new config option ALLOWED_NAMESPACES for better XML handling, thanks @ kevin-deyoungster @ tosmolka
  • Added better detection of template literals when SAFE_FOR_TEMPLATES is true
  • Fixed an exception caused by DOM clobbering, thanks @ masatokinugawa
  • Bumped some dependencies, thanks @ marcpenya-tf
• 2.4.0 - 2022-08-24
  
  • Removed bundled types again as they caused too much trouble
• 2.3.12 - 2022-08-23
  
  • Fixed an issue in 2.3.11 causing errors w. TypeScript, see #712, thanks @ Mirco469, @ brentkeller, @ aryanisml
• 2.3.11 - 2022-08-23
  
  • Added generated type definitions for better compatibility
  • Added SANITIZE_NAMED_PROPS config option, thanks @ SoheilKhodayari
  • Updated README and config documentation, thanks @ 0xedward
  • Updated test suite with newer Node versions
• 2.3.10 - 2022-07-18
  
  • Added support for sanitization of attributes requiring Trusted Types, thanks @ tosmolka
• 2.3.9 - 2022-07-11
  
  • Made TAG and ATTR config options case-sensitive when parsing XHTML, thanks @ tosmolka
  • Bumped some dependencies, thanks @ is2ei
  • Included github-actions in the dependabot config, thanks @ nathannaveen
• 2.3.8 - 2022-05-13
  
  • Cleaned up a minor issue with the 2.3.7 release, thanks @ johnbirds

  No other changes compared to 2.3.7 release, which entail:

  • Fixes around a bug in Safari, thanks @ sybrew
  • Slightly improved performance, thanks @ tiny-ben-tran
  • Lots of chores, bumps and typo fixes, thanks @ is2ei
  • Removed unnecessary string trimming, thanks @ christopherehlen
• 2.3.7 - 2022-05-11
• 2.3.6 - 2022-02-16
  
  • Added an option to allow HTML5 doctypes, thanks @ tosmolka
  • Bumped several dependencies, thanks @ is2ei
  • Updated documentation to cover recently added flags, thanks @ is2ei
• 2.3.5 - 2022-01-26
  
  • Performed several chores and cleanups, thanks @ is2ei
  • Fixed a bug when working with Trusted Types, thanks @ tosmolka
  • Fixed a bug with weird behavior on insecure nodes in IN_PLACE mode, thanks @ tosmolka
  • Added more SVG attributes to allow-list, thanks @ rzhade3
• 2.3.4 - 2021-12-07
  
  • Added support for Custom Elements, thanks @ franktopel
  • Added new config settings to control Custom Element sanitizing, thanks @ franktopel
  • Added faster clobber checks, thanks @ GrantGryczan
  • Allow-listed SVG feImage elements, thanks @ ydaniv
  • Updated test suite
  • Update supported Node versions
  • Updated README
• 2.3.3 - 2021-09-20
• 2.3.2 - 2021-09-15
• 2.3.1 - 2021-08-13
• 2.3.0 - 2021-07-06
• 2.2.9 - 2021-06-01
• 2.2.8 - 2021-04-28
• 2.2.7 - 2021-03-12
• 2.2.6 - 2020-12-18

from dompurify GitHub release notes

Commit messages

Package name: dompurify

• 67f784c chore: preparing 2.4.1 release
• e50e814 Merge pull request Add docs ampproject/amphtml#731 from cure53/dependabot/npm_and_yarn/minimatch-3.1.2
• 4712fa3 test: attempted to fix ALLOWED_NAMESPACES tests for IE/Edge v2
• 48d009c test: attempted to fix ALLOWED_NAMESPACES tests for IE/Edge
• 36eb7c3 build(deps): bump minimatch from 3.0.4 to 3.1.2
• 16232f0 Merge pull request Documentation for screenshot tests ampproject/amphtml#730 from cure53/dependabot/npm_and_yarn/socket.io-parser-4.0.5
• 5f77429 Merge pull request Additional descriptive documentation for AMP layouts ampproject/amphtml#729 from kevin-deyoungster/kdeyoungster/xml
• 7a77304 build(deps): bump socket.io-parser from 4.0.4 to 4.0.5
• 36fc276 lint new changes
• c2c1b11 Experiment with ALLOWED_NAMESPACES
• 5a425dc add tests for ADD_NAMESPACES
• a4f0036 add ADD_NAMESPACES config
• 00ad011 feat: expanded detection for template literals in SAFE_FOR_TEMPLATES
• 06f4fa4 Merge pull request Update karma to version 0.13.14 🚀 ampproject/amphtml#723 from marcpenya-tf/upgrade-jsdom
• a35d263 chore: bump jsdom
• e0970d8 fix: Fixed an exception caused by DOM Clobbering, thanks Masato
• acbfc17 docs: changed headline from h2 to h3
• 0cc4210 docs: added mention of @ types/dompurify to README
• 5f8e875 chore: prepare 2.4.0 release
• 652d200 fix: Removed bundled types entirely due to 3rd party build errors
• caaae5e chore: prepare 2.3.12 release
• b4c57a8 See [WIP] copy and rename ampproject/amphtml#712
• 30af6c8 chore: prepare 2.3.11 release
• 75b384f docs: Updated README and added new contributor

Compare

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs