chore(deps): update dependency dompurify to ^2.1.1
This MR contains the following updates:
| Package | Type | Update | Change |
|---|---|---|---|
| dompurify | dependencies | minor | ^2.0.12 -> ^2.1.1 |
MR created with the help of gitlab-org/frontend/renovate-gitlab-bot
Release Notes
cure53/DOMPurify
v2.1.1
- Removed some code targeting old Safari versions
- Removed some code targeting older MS Edge versions
- Re-added some code targeting older Chrome versions, thanks @terjanq
- Added new tests and removed unused SAFE_FOR_JQUERY test cases
- Added Node 14.x to existing test coverage
v2.1.0
- Fixed several possible mXSS patterns, thanks @hackvertor
- Removed the
SAFE_FOR_JQUERYflag (we are safe by default now for jQuery) - Removed several now useless mXSS checks
- Updated the mXSS check for elements
- Updated test cases to cover new sanitization strategy
- Updated test website to use newer jQuery
- Updated array of tested browsers and removed legacy browsers
- Added "auto convert" checkbox to test website, thanks @hackvertor
v2.0.17
- Fixed another bypass causing mXSS by using MathML
v2.0.16
- Fixed an mXSS-based bypass caused by nested forms inside MathML
- Fixed a security error thrown on older Chrome on Android versions, see #470
Credits for the bypass go to Michał Bentkowski (@securityMB) of Securitum who spotted the bug in Chrome, turned it into another DOMPurify bypass, reported and helped verifying the fix :bowing_man: :bowing_woman:
v2.0.15
- Added a renovated test suite, thanks @peernohell
- Fixed some minor linter warnings
v2.0.14
- Fixed a problem with the documentMode default value
v2.0.13
Renovate configuration
-
If you want to rebase/retry this MR, check this box
This MR has been generated by Renovate Bot.