[Snyk] Upgrade dompurify from 2.2.3 to 2.2.6 by anikethsaha · Pull Request #1482

[Snyk] Upgrade dompurify from 2.2.3 to 2.2.6 by anikethsaha · Pull Request #1482 · docsifyjs/docsify

Snyk has created this PR to upgrade dompurify from 2.2.3 to 2.2.6.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

The recommended version is 3 versions ahead of your current version.
The recommended version was released a month ago, on 2020-12-18.

Release notes

Package name: dompurify

2.2.6 - 2020-12-18
- Added new mXSS prevention logic created by SecurityMB
2.2.5 - 2020-12-18
2.2.4 - 2020-12-15
- Fixed a new MathML-based bypass submitted by PewGrand
- Fixed a new SVG-related bypass submitted by SecurityMB
- Updated NodeJS CI to Node 14.x and Node 15.x
- Cleaned up _forceRemove logic for better reliability
2.2.3 - 2020-12-07
- Fixed an mXSS issue reported by PewGrand
- Fixed a minor issue with the license header
- Fixed a problem with overly-eager CSS stripping
- Updated the README and removed an XSS warning

from dompurify GitHub release notes

Commit messages

Package name: dompurify

b11cb72 chore: Preparing 2.2.6 release after failed 2.2.5 attempt /2
395cc83 chore: Preparing 2.2.6 release after failed 2.2.5 attempt
8a1c887 chore: Preparing 2.2.5 release
77e740e Merge pull request [DO NOT MERGE] [Issue #486] Local storage is now stored per hostname (for subdomains) #496 from securityMB/main
9dd47cb Create a polyfill for __lookupGetter__ to make IE10 happy
8e29990 fix: Made use of proper helper method to get parentNode
7e3a705 fix: Fixed an issue with parent node mapping in MSIE11
d1cf8c6 test: Fixed additional Edge 17 and MSIE11 tests
1446372 test: Fixed a bunch of Edge 17 and MSIE11 tests
7d9bc6a fix: Removed usage of has()
340ca09 fix: Remove use of new Set()
c477321 Revert "test: Fixed tests for MSIE11"
aae5766 Revert "test: Fixed additional tests for Edge 17 and MSIE 11"
b0398fd Revert "test: Customized additional tests for MSIE11"
bf62d7c test: Customized additional tests for MSIE11
abc92e5 test: Fixed additional tests for Edge 17 and MSIE 11
b242859 test: Fixed tests for MSIE11
9ee3d95 Merge pull request [Issue #494] New config option skipLink for accessibility #495 from securityMB/main
808cab3 Merge branch 'main' of https://github.com/cure53/DOMPurify
e8c8e89 Move anti-clobber to purify.js
21baa58 Another fix in anti-clobber: getChildNodes -> childNodes
6b2b871 Fix a terrible mistake in anti-clobber
0d42de0 Experiment with anticlobber approach
ccc2d31 Add a bunch of tests to check namespace enforcement

Compare

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs