[Snyk] Upgrade dompurify from 2.4.5 to 2.4.9

[stanleyowen]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to upgrade dompurify from 2.4.5 to 2.4.9.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

---

• The recommended version is 4 versions ahead of your current version.
• The recommended version was released 24 days ago, on 2024-03-21.

The recommended version fixes:

Severity	Issue	PriorityScore (*)	Exploit Maturity
	Regular Expression Denial of Service (ReDoS) SNYK-JS-ADOBECSSTOOLS-6096077	375/1000 Why? CVSS 7.5	No Known Exploit
	Regular Expression Denial of Service (ReDoS) SNYK-JS-ADOBECSSTOOLS-5871286	375/1000 Why? CVSS 7.5	No Known Exploit
	Incomplete List of Disallowed Inputs SNYK-JS-BABELTRAVERSE-5962462	375/1000 Why? CVSS 7.5	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-SEMVER-3247795	375/1000 Why? CVSS 7.5	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-SEMVER-3247795	375/1000 Why? CVSS 7.5	Proof of Concept
	Path Traversal SNYK-JS-WEBPACKDEVMIDDLEWARE-6476555	375/1000 Why? CVSS 7.5	Proof of Concept
	Improper Input Validation SNYK-JS-FOLLOWREDIRECTS-6141137	375/1000 Why? CVSS 7.5	Proof of Concept
	Open Redirect SNYK-JS-EXPRESS-6474509	375/1000 Why? CVSS 7.5	No Known Exploit
	Prototype Pollution SNYK-JS-TOUGHCOOKIE-5672873	375/1000 Why? CVSS 7.5	Proof of Concept
	Information Exposure SNYK-JS-FOLLOWREDIRECTS-6444610	375/1000 Why? CVSS 7.5	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-WORDWRAP-3149973	375/1000 Why? CVSS 7.5	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Release notes

Package name: dompurify

• 2.4.9 - 2024-03-21
  
  • Fixed another conditional bypass caused by Processing Instructions, thanks @ Ry0taK
  • Fixed the regex for HTML Custom Element detection, thanks @ AlekseySolovey3T
• 2.4.8 - 2024-03-19
  
  • Fixed two possible bypasses when sanitizing an XML document and later using it in HTML, thanks @ Slonser
• 2.4.7 - 2023-07-11
• 2.4.6 - 2023-07-10
• 2.4.5 - 2023-03-01

from dompurify GitHub release notes

Commit messages

Package name: dompurify

• 79cfb37 chore: Preparing 2.4.9 release
• 0940755 fix: Merged relevant changes from main for 2.4.9
• 416ba67 chore: Preparing 2.4.8 release
• 4035e3a chore: Preparing 2.4.8. release
• f0e75b0 fix: cherry-picked fixes for XML & CE bypass
• ef731c0 chore: Preparing 2.4.7. release
• 5b7dff9 chore: Preparing 2.4.6 release
• a01c083 Fix: addressed a bypass on jsdom 22 when noframes tag is allowed

Compare

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs

[netlify]

✅ Deploy Preview for otlio ready!

Name	Link
🔨 Latest commit	bff953a
🔍 Latest deploy log	https://app.netlify.com/sites/otlio/deploys/661c2ea983ed020008f47451
😎 Deploy Preview	https://deploy-preview-437--otlio.netlify.app
📱 Preview on mobile	Toggle QR Code... Use your smartphone camera to open QR code link.
Lighthouse	1 paths audited Performance: 69 (🟢 up 2 from production) Accessibility: 97 (🟢 up 3 from production) Best Practices: 92 (🟢 up 9 from production) SEO: 97 (no change from production) PWA: 70 (no change from production) View the detailed breakdown and full score reports

---

To edit notification comments on pull requests, go to your Netlify site configuration.