[Snyk] Upgrade dompurify from 2.3.8 to 2.4.3 #1277

Lomilar · 2023-02-14T08:12:52Z

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to upgrade dompurify from 2.3.8 to 2.4.3.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

The recommended version is 8 versions ahead of your current version.
The recommended version was released a month ago, on 2023-01-06.

Release notes

Package name: dompurify

2.4.3 - 2023-01-06
- Final release that is compatible with MSIE10 & MSIE 11
2.4.2 - 2023-01-05
- Fixed a Trusted Types sink violation with empty input and NAMESPACE , thanks @ tosmolka
- Fixed a Prototype Pollution issue discovered and reported by @ kevin-mizu
2.4.1 - 2022-11-10
- Added new config option ALLOWED_NAMESPACES for better XML handling, thanks @ kevin-deyoungster @ tosmolka
- Added better detection of template literals when SAFE_FOR_TEMPLATES is true
- Fixed an exception caused by DOM clobbering, thanks @ masatokinugawa
- Bumped some dependencies, thanks @ marcpenya-tf
2.4.0 - 2022-08-24
- Removed bundled types again as they caused too much trouble
2.3.12 - 2022-08-23
- Fixed an issue in 2.3.11 causing errors w. TypeScript, see #712, thanks @ Mirco469, @ brentkeller, @ aryanisml
2.3.11 - 2022-08-23
- Added generated type definitions for better compatibility
- Added SANITIZE_NAMED_PROPS config option, thanks @ SoheilKhodayari
- Updated README and config documentation, thanks @ 0xedward
- Updated test suite with newer Node versions
2.3.10 - 2022-07-18
- Added support for sanitization of attributes requiring Trusted Types, thanks @ tosmolka
2.3.9 - 2022-07-11
- Made TAG and ATTR config options case-sensitive when parsing XHTML, thanks @ tosmolka
- Bumped some dependencies, thanks @ is2ei
- Included github-actions in the dependabot config, thanks @ nathannaveen
2.3.8 - 2022-05-13

from dompurify GitHub release notes

Commit messages

Package name: dompurify

90326ef Merge pull request [Security] Bump ini from 1.3.5 to 1.3.8 #750 from cure53/dependabot/npm_and_yarn/json5-1.0.2
fade506 chore: Prepare 2.4.3, final feature release compatible w. MSIE10/11
3afe389 build(deps): bump json5 from 1.0.1 to 1.0.2
f1e180f fix: merged from latest main
7707778 Update README.md
5267b04 chore: Preparing 2.4.2 release
d1dd037 fix: Fixed a prototype pollution bug reported by @ kevin_mizu
24d2a7f Merge pull request Bump vuex from 3.5.1 to 3.6.0 #748 from tosmolka/tosmolka/747
7de86a0 Fix formatting
191cc00 Fix Trusted Types Sink violation with empty input and NAMESPACE
4945074 Merge pull request Bump dateformat from 3.0.3 to 4.3.1 #745 from cure53/dependabot/npm_and_yarn/qs-and-body-parser-6.11.0
7e9fcd9 build(deps): bump qs and body-parser
2734b2d Merge pull request Bump @vue/cli-plugin-eslint from 4.5.8 to 4.5.9 #737 from cure53/dependabot/npm_and_yarn/engine.io-and-socket.io-6.2.1
f3b68d9 build(deps): bump engine.io and socket.io
9a751e4 Merge pull request Bump core-js from 3.6.5 to 3.7.0 #732 from Pomierski/patch-1
2c03b6c fix
7477926 chore: fix allowCustomizedBuiltInElements comment in readme
67f784c chore: preparing 2.4.1 release
e50e814 Merge pull request Bump vuepress from 1.5.2 to 1.7.1 #731 from cure53/dependabot/npm_and_yarn/minimatch-3.1.2
4712fa3 test: attempted to fix ALLOWED_NAMESPACES tests for IE/Edge v2
48d009c test: attempted to fix ALLOWED_NAMESPACES tests for IE/Edge
36eb7c3 build(deps): bump minimatch from 3.0.4 to 3.1.2
16232f0 Merge pull request Bump @vue/test-utils from 1.1.0 to 1.1.1 #730 from cure53/dependabot/npm_and_yarn/socket.io-parser-4.0.5
5f77429 Merge pull request Add direct link to Framework and Taxonomy documentation in left side menu #729 from kevin-deyoungster/kdeyoungster/xml