Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Snyk] Upgrade dompurify from 2.4.5 to 2.5.0 #439

Open
wants to merge 1 commit into
base: master
Choose a base branch
from

Conversation

stanleyowen
Copy link
Owner

This PR was automatically created by Snyk using the credentials of a real user.


Snyk has created this PR to upgrade dompurify from 2.4.5 to 2.5.0.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.


  • The recommended version is 5 versions ahead of your current version.
  • The recommended version was released 21 days ago, on 2024-04-07.

The recommended version fixes:

Severity Issue PriorityScore (*) Exploit Maturity
Regular Expression Denial of Service (ReDoS)
SNYK-JS-ADOBECSSTOOLS-6096077
375/1000
Why? CVSS 7.5
No Known Exploit
Regular Expression Denial of Service (ReDoS)
SNYK-JS-SEMVER-3247795
375/1000
Why? CVSS 7.5
Proof of Concept
Regular Expression Denial of Service (ReDoS)
SNYK-JS-SEMVER-3247795
375/1000
Why? CVSS 7.5
Proof of Concept
Path Traversal
SNYK-JS-WEBPACKDEVMIDDLEWARE-6476555
375/1000
Why? CVSS 7.5
Proof of Concept
Improper Input Validation
SNYK-JS-FOLLOWREDIRECTS-6141137
375/1000
Why? CVSS 7.5
Proof of Concept
Regular Expression Denial of Service (ReDoS)
SNYK-JS-ADOBECSSTOOLS-5871286
375/1000
Why? CVSS 7.5
No Known Exploit
Prototype Pollution
SNYK-JS-TOUGHCOOKIE-5672873
375/1000
Why? CVSS 7.5
Proof of Concept
Incomplete List of Disallowed Inputs
SNYK-JS-BABELTRAVERSE-5962462
375/1000
Why? CVSS 7.5
Proof of Concept
Template Injection
SNYK-JS-DOMPURIFY-6474511
375/1000
Why? CVSS 7.5
Proof of Concept
Open Redirect
SNYK-JS-EXPRESS-6474509
375/1000
Why? CVSS 7.5
No Known Exploit
Information Exposure
SNYK-JS-FOLLOWREDIRECTS-6444610
375/1000
Why? CVSS 7.5
Proof of Concept
Regular Expression Denial of Service (ReDoS)
SNYK-JS-WORDWRAP-3149973
375/1000
Why? CVSS 7.5
Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Release notes
Package name: dompurify
  • 2.5.0 - 2024-04-07
    • Added new setting SAFE_FOR_XML to enable better control over comment scrubbing
    • Updated the LICENSE file to show the accurate year number
    • Updated several build and test dependencies
  • 2.4.9 - 2024-03-21
    • Fixed another conditional bypass caused by Processing Instructions, thanks @ Ry0taK
    • Fixed the regex for HTML Custom Element detection, thanks @ AlekseySolovey3T
  • 2.4.8 - 2024-03-19
    • Fixed two possible bypasses when sanitizing an XML document and later using it in HTML, thanks @ Slonser
  • 2.4.7 - 2023-07-11
  • 2.4.6 - 2023-07-10
  • 2.4.5 - 2023-03-01
from dompurify GitHub release notes
Commit messages
Package name: dompurify
  • 7f6cf8a chore: Updated some packages
  • 6f9902d docs: Updated year in LICENSE file for 2.x as well
  • 2dcadf0 chore: Preparing 2.5.0 release
  • 28381af feature: Added SAFE_FOR_XML flag and code to 2.x branch
  • 79cfb37 chore: Preparing 2.4.9 release
  • 0940755 fix: Merged relevant changes from main for 2.4.9
  • 416ba67 chore: Preparing 2.4.8 release
  • 4035e3a chore: Preparing 2.4.8. release
  • f0e75b0 fix: cherry-picked fixes for XML & CE bypass
  • ef731c0 chore: Preparing 2.4.7. release
  • 5b7dff9 chore: Preparing 2.4.6 release
  • a01c083 Fix: addressed a bypass on jsdom 22 when noframes tag is allowed

Compare


Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs

Copy link

netlify bot commented Apr 28, 2024

Deploy Preview for otlio ready!

Name Link
🔨 Latest commit 52a1770
🔍 Latest deploy log https://app.netlify.com/sites/otlio/deploys/662e66e6e1f9660008c9f9ec
😎 Deploy Preview https://deploy-preview-439--otlio.netlify.app
📱 Preview on mobile
Toggle QR Code...

QR Code

Use your smartphone camera to open QR code link.
Lighthouse
Lighthouse
1 paths audited
Performance: 68 (🟢 up 1 from production)
Accessibility: 94 (no change from production)
Best Practices: 92 (🟢 up 9 from production)
SEO: 97 (no change from production)
PWA: 70 (no change from production)
View the detailed breakdown and full score reports

To edit notification comments on pull requests, go to your Netlify site configuration.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants