[Snyk] Upgrade dompurify from 2.3.1 to 2.3.10 #166

snyk-bot · 2022-08-29T06:38:23Z

Snyk has created this PR to upgrade dompurify from 2.3.1 to 2.3.10.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

The recommended version is 9 versions ahead of your current version.
The recommended version was released a month ago, on 2022-07-18.

Release notes

Package name: dompurify

2.3.10 - 2022-07-18
- Added support for sanitization of attributes requiring Trusted Types, thanks @ tosmolka
2.3.9 - 2022-07-11
- Made TAG and ATTR config options case-sensitive when parsing XHTML, thanks @ tosmolka
- Bumped some dependencies, thanks @ is2ei
- Included github-actions in the dependabot config, thanks @ nathannaveen
2.3.8 - 2022-05-13
- Cleaned up a minor issue with the 2.3.7 release, thanks @ johnbirds
No other changes compared to 2.3.7 release, which entail:
- Fixes around a bug in Safari, thanks @ sybrew
- Slightly improved performance, thanks @ tiny-ben-tran
- Lots of chores, bumps and typo fixes, thanks @ is2ei
- Removed unnecessary string trimming, thanks @ christopherehlen
2.3.7 - 2022-05-11
2.3.6 - 2022-02-16
- Added an option to allow HTML5 doctypes, thanks @ tosmolka
- Bumped several dependencies, thanks @ is2ei
- Updated documentation to cover recently added flags, thanks @ is2ei
2.3.5 - 2022-01-26
- Performed several chores and cleanups, thanks @ is2ei
- Fixed a bug when working with Trusted Types, thanks @ tosmolka
- Fixed a bug with weird behavior on insecure nodes in IN_PLACE mode, thanks @ tosmolka
- Added more SVG attributes to allow-list, thanks @ rzhade3
2.3.4 - 2021-12-07
- Added support for Custom Elements, thanks @ franktopel
- Added new config settings to control Custom Element sanitizing, thanks @ franktopel
- Added faster clobber checks, thanks @ GrantGryczan
- Allow-listed SVG feImage elements, thanks @ ydaniv
- Updated test suite
- Update supported Node versions
- Updated README
2.3.3 - 2021-09-20
- Fixed a bug in the handing of PARSER_MEDIA_TYPE spotted by @ securitum-mb
- Adjusted the tests for MSIE to make sure the results are as expected now
2.3.2 - 2021-09-15
2.3.1 - 2021-08-13

from dompurify GitHub release notes

Commit messages

Package name: dompurify

aedec31 chore: preparing 2.3.10 release
2fe2a34 Merge pull request #699 from tosmolka/tosmolka/660
4ec6d6f Support sanitization of attributes that require Trusted Types
52c8eb1 chore: Updated website
6ec9e42 chore: Preparing 2.3.9 release
912245b Merge pull request #695 from cure53/dependabot/npm_and_yarn/shell-quote-1.7.3
2686662 build(deps): bump shell-quote from 1.7.2 to 1.7.3
abf6295 Merge pull request #693 from is2ei/run-format
a49f13d format code
2ac0802 See #692
e1e04f3 See #692
79e622c Merge pull request #692 from tosmolka/tosmolka/xhtml-lowercase
3ad7750 Make TAG and ATTR cfg options case-sensitive when parsing XHTML
87b29de Merge pull request #690 from cure53/dependabot/github_actions/github/codeql-action-2
065db40 Merge pull request #689 from cure53/dependabot/github_actions/actions/checkout-3
74eb853 Merge pull request #688 from cure53/dependabot/github_actions/actions/setup-node-3
ac447e3 Merge pull request #687 from cure53/dependabot/github_actions/GabrielBB/xvfb-action-1.6
2e23e03 build(deps): bump github/codeql-action from 1 to 2
e957332 build(deps): bump actions/checkout from 2 to 3
ba82523 build(deps): bump actions/setup-node from 2 to 3
74d3e47 build(deps): bump GabrielBB/xvfb-action from 1.0 to 1.6
64b3c36 Merge pull request #685 from turrisxyz/Dependabot-GitHub-Actions
b337807 chore: Included githubactions in the dependabot config
dc6db2c chore: Prepared 2.3.8. release