Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Update dependency dompurify to v3 - autoclosed #83

Closed

Conversation

mend-for-github-com[bot]
Copy link
Contributor

This PR contains the following updates:

Package Type Update Change
dompurify dependencies major ^2.1.1 -> ^3.0.0

By merging this PR, the issue #82 will be automatically resolved and closed:

Severity CVSS Score CVE
Critical Critical 10.0 CVE-2024-47875
High High 7.3 CVE-2024-45801

Release Notes

cure53/DOMPurify (dompurify)

v3.0.0: DOMPurify 3.0.0

Compare Source

  • Removed all code that is for MSIE-only
  • Removed all tests that are for MSIE-only
  • Modified documentation to reflect new state of MSIE support
  • Added support for ALLOW_SELF_CLOSE_IN_ATTR flag, thanks @​edg2s @​AndreVirtimo
  • Added better support for shadowrootmode, thanks @​mfreed7

NOTE Please use the 2.4.4 release if you still need MSIE support, 3.0.0 comes without the MSIE overhead


  • If you want to rebase/retry this PR, check this box

@mend-for-github-com mend-for-github-com bot added the security fix Security fix generated by Mend label Nov 6, 2024
@mend-for-github-com mend-for-github-com bot changed the title Update dependency dompurify to v3 Update dependency dompurify to v3 - autoclosed Nov 6, 2024
@mend-for-github-com mend-for-github-com bot deleted the whitesource-remediate/dompurify-3.x branch November 6, 2024 22:35
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
security fix Security fix generated by Mend
Projects
None yet
Development

Successfully merging this pull request may close these issues.

0 participants