From 530dc13f708d6b1ca29ce172e540a0e3dd4d21b9 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sun, 20 Nov 2022 13:50:30 +0000 Subject: [PATCH] Fix use of sanitizeHTML (#7231) * Remove object from sanitizeHTML return value * Import sanitizeHTML from utils * Fix dangerously set inner HTML format * Update package-lock * Update package-lock * Update package-lock * Update @types/dompurify version Co-authored-by: Thomas Roberts <5656702+opr@users.noreply.github.com> --- package-lock.json | 198 +++++++++++++++++++++++++++------------------- package.json | 2 +- 2 files changed, 117 insertions(+), 83 deletions(-) diff --git a/package-lock.json b/package-lock.json index de3526af8a1..541bce7a303 100644 --- a/package-lock.json +++ b/package-lock.json @@ -32,6 +32,7 @@ "snakecase-keys": "5.4.2", "trim-html": "0.1.9", "use-debounce": "7.0.1", + "use-resize-observer": "^9.0.2", "wordpress-components": "npm:@wordpress/components@14.2.0" }, "devDependencies": { @@ -51,7 +52,7 @@ "@storybook/addon-links": "6.5.9", "@storybook/addon-storysource": "6.5.9", "@storybook/addons": "6.5.9", - "@storybook/client-api": "6.5.12", + "@storybook/client-api": "6.5.13", "@storybook/react": "6.5.10", "@testing-library/jest-dom": "5.16.4", "@testing-library/react": "12.1.5", @@ -7341,17 +7342,18 @@ } }, "node_modules/@storybook/client-api": { - "version": "6.5.12", + "version": "6.5.13", + "resolved": "https://registry.npmjs.org/@storybook/client-api/-/client-api-6.5.13.tgz", + "integrity": "sha512-uH1mAWbidPiuuTdMUVEiuaNOfrYXm+9QLSP1MMYTKULqEOZI5MSOGkEDqRfVWxbYv/iWBOPTQ+OM9TQ6ecYacg==", "dev": true, - "license": "MIT", "dependencies": { - "@storybook/addons": "6.5.12", - "@storybook/channel-postmessage": "6.5.12", - "@storybook/channels": "6.5.12", - "@storybook/client-logger": "6.5.12", - "@storybook/core-events": "6.5.12", + "@storybook/addons": "6.5.13", + "@storybook/channel-postmessage": "6.5.13", + "@storybook/channels": "6.5.13", + "@storybook/client-logger": "6.5.13", + "@storybook/core-events": "6.5.13", "@storybook/csf": "0.0.2--canary.4566f4d.1", - "@storybook/store": "6.5.12", + "@storybook/store": "6.5.13", "@types/qs": "^6.9.5", "@types/webpack-env": "^1.16.0", "core-js": "^3.8.2", @@ -7376,17 +7378,18 @@ } }, "node_modules/@storybook/client-api/node_modules/@storybook/addons": { - "version": "6.5.12", + "version": "6.5.13", + "resolved": "https://registry.npmjs.org/@storybook/addons/-/addons-6.5.13.tgz", + "integrity": "sha512-18CqzNnrGMfeZtiKz+R/3rHtSNnfNwz6y6prIQIbWseK16jY8ELTfIFGviwO5V2OqpbHDQi5+xQQ63QAIb89YA==", "dev": true, - "license": "MIT", "dependencies": { - "@storybook/api": "6.5.12", - "@storybook/channels": "6.5.12", - "@storybook/client-logger": "6.5.12", - "@storybook/core-events": "6.5.12", + "@storybook/api": "6.5.13", + "@storybook/channels": "6.5.13", + "@storybook/client-logger": "6.5.13", + "@storybook/core-events": "6.5.13", "@storybook/csf": "0.0.2--canary.4566f4d.1", - "@storybook/router": "6.5.12", - "@storybook/theming": "6.5.12", + "@storybook/router": "6.5.13", + "@storybook/theming": "6.5.13", "@types/webpack-env": "^1.16.0", "core-js": "^3.8.2", "global": "^4.4.0", @@ -7402,17 +7405,18 @@ } }, "node_modules/@storybook/client-api/node_modules/@storybook/api": { - "version": "6.5.12", + "version": "6.5.13", + "resolved": "https://registry.npmjs.org/@storybook/api/-/api-6.5.13.tgz", + "integrity": "sha512-xVSmB7/IuFd6G7eiJjbI2MuS7SZunoUM6d+YCWpjiehfMeX47MXt1gZtOwFrgJC1ShZlefXFahq/dvxwtmWs+w==", "dev": true, - "license": "MIT", "dependencies": { - "@storybook/channels": "6.5.12", - "@storybook/client-logger": "6.5.12", - "@storybook/core-events": "6.5.12", + "@storybook/channels": "6.5.13", + "@storybook/client-logger": "6.5.13", + "@storybook/core-events": "6.5.13", "@storybook/csf": "0.0.2--canary.4566f4d.1", - "@storybook/router": "6.5.12", + "@storybook/router": "6.5.13", "@storybook/semver": "^7.3.2", - "@storybook/theming": "6.5.12", + "@storybook/theming": "6.5.13", "core-js": "^3.8.2", "fast-deep-equal": "^3.1.3", "global": "^4.4.0", @@ -7434,13 +7438,14 @@ } }, "node_modules/@storybook/client-api/node_modules/@storybook/channel-postmessage": { - "version": "6.5.12", + "version": "6.5.13", + "resolved": "https://registry.npmjs.org/@storybook/channel-postmessage/-/channel-postmessage-6.5.13.tgz", + "integrity": "sha512-R79MBs0mQ7TV8M/a6x/SiTRyvZBidDfMEEthG7Cyo9p35JYiKOhj2535zhW4qlVMESBu95pwKYBibTjASoStPw==", "dev": true, - "license": "MIT", "dependencies": { - "@storybook/channels": "6.5.12", - "@storybook/client-logger": "6.5.12", - "@storybook/core-events": "6.5.12", + "@storybook/channels": "6.5.13", + "@storybook/client-logger": "6.5.13", + "@storybook/core-events": "6.5.13", "core-js": "^3.8.2", "global": "^4.4.0", "qs": "^6.10.0", @@ -7452,9 +7457,10 @@ } }, "node_modules/@storybook/client-api/node_modules/@storybook/channels": { - "version": "6.5.12", + "version": "6.5.13", + "resolved": "https://registry.npmjs.org/@storybook/channels/-/channels-6.5.13.tgz", + "integrity": "sha512-sGYSilE30bz0jG+HdHnkv0B4XkAv2hP+KRZr4xmnv+MOOQpRnZpJ5Z3HVU16s17cj/83NWihKj6BuKcEVzyilg==", "dev": true, - "license": "MIT", "dependencies": { "core-js": "^3.8.2", "ts-dedent": "^2.0.0", @@ -7466,9 +7472,10 @@ } }, "node_modules/@storybook/client-api/node_modules/@storybook/client-logger": { - "version": "6.5.12", + "version": "6.5.13", + "resolved": "https://registry.npmjs.org/@storybook/client-logger/-/client-logger-6.5.13.tgz", + "integrity": "sha512-F2SMW3LWFGXLm2ENTwTitrLWJgmMXRf3CWQXdN2EbkNCIBHy5Zcbt+91K4OX8e2e5h9gjGfrdYbyYDYOoUCEfA==", "dev": true, - "license": "MIT", "dependencies": { "core-js": "^3.8.2", "global": "^4.4.0" @@ -7479,9 +7486,10 @@ } }, "node_modules/@storybook/client-api/node_modules/@storybook/core-events": { - "version": "6.5.12", + "version": "6.5.13", + "resolved": "https://registry.npmjs.org/@storybook/core-events/-/core-events-6.5.13.tgz", + "integrity": "sha512-kL745tPpRKejzHToA3/CoBNbI+NPRVk186vGxXBmk95OEg0TlwgQExP8BnqEtLlRZMbW08e4+6kilc1M1M4N5w==", "dev": true, - "license": "MIT", "dependencies": { "core-js": "^3.8.2" }, @@ -7491,11 +7499,12 @@ } }, "node_modules/@storybook/client-api/node_modules/@storybook/router": { - "version": "6.5.12", + "version": "6.5.13", + "resolved": "https://registry.npmjs.org/@storybook/router/-/router-6.5.13.tgz", + "integrity": "sha512-sf5aogfirH5ucD0d0hc2mKf2iyWsZsvXhr5kjxUQmgkcoflkGUWhc34sbSQVRQ1i8K5lkLIDH/q2s1Zr2SbzhQ==", "dev": true, - "license": "MIT", "dependencies": { - "@storybook/client-logger": "6.5.12", + "@storybook/client-logger": "6.5.13", "core-js": "^3.8.2", "memoizerific": "^1.11.3", "qs": "^6.10.0", @@ -7511,13 +7520,14 @@ } }, "node_modules/@storybook/client-api/node_modules/@storybook/store": { - "version": "6.5.12", + "version": "6.5.13", + "resolved": "https://registry.npmjs.org/@storybook/store/-/store-6.5.13.tgz", + "integrity": "sha512-GG6lm+8fBX1tNUnX7x3raBOjYhhf14bPWLtYiPlxDTFEMs3sJte7zWKZq6NQ79MoBLL6jjzTeolBfDCBw6fiWQ==", "dev": true, - "license": "MIT", "dependencies": { - "@storybook/addons": "6.5.12", - "@storybook/client-logger": "6.5.12", - "@storybook/core-events": "6.5.12", + "@storybook/addons": "6.5.13", + "@storybook/client-logger": "6.5.13", + "@storybook/core-events": "6.5.13", "@storybook/csf": "0.0.2--canary.4566f4d.1", "core-js": "^3.8.2", "fast-deep-equal": "^3.1.3", @@ -7541,11 +7551,12 @@ } }, "node_modules/@storybook/client-api/node_modules/@storybook/theming": { - "version": "6.5.12", + "version": "6.5.13", + "resolved": "https://registry.npmjs.org/@storybook/theming/-/theming-6.5.13.tgz", + "integrity": "sha512-oif5NGFAUQhizo50r+ctw2hZNLWV4dPHai+L/gFvbaSeRBeHSNkIcMoZ2FlrO566HdGZTDutYXcR+xus8rI28g==", "dev": true, - "license": "MIT", "dependencies": { - "@storybook/client-logger": "6.5.12", + "@storybook/client-logger": "6.5.13", "core-js": "^3.8.2", "memoizerific": "^1.11.3", "regenerator-runtime": "^0.13.7" @@ -7561,8 +7572,9 @@ }, "node_modules/@storybook/client-api/node_modules/slash": { "version": "3.0.0", + "resolved": "https://registry.npmjs.org/slash/-/slash-3.0.0.tgz", + "integrity": "sha512-g9Q1haeby36OSStwb4ntCGGGaKsaVSjQ68fBxoQcutl5fS1vuY18H3wSt3jFyFtrkx+Kz0V1G85A4MyAdDMi2Q==", "dev": true, - "license": "MIT", "engines": { "node": ">=8" } @@ -54801,16 +54813,18 @@ } }, "@storybook/client-api": { - "version": "6.5.12", + "version": "6.5.13", + "resolved": "https://registry.npmjs.org/@storybook/client-api/-/client-api-6.5.13.tgz", + "integrity": "sha512-uH1mAWbidPiuuTdMUVEiuaNOfrYXm+9QLSP1MMYTKULqEOZI5MSOGkEDqRfVWxbYv/iWBOPTQ+OM9TQ6ecYacg==", "dev": true, "requires": { - "@storybook/addons": "6.5.12", - "@storybook/channel-postmessage": "6.5.12", - "@storybook/channels": "6.5.12", - "@storybook/client-logger": "6.5.12", - "@storybook/core-events": "6.5.12", + "@storybook/addons": "6.5.13", + "@storybook/channel-postmessage": "6.5.13", + "@storybook/channels": "6.5.13", + "@storybook/client-logger": "6.5.13", + "@storybook/core-events": "6.5.13", "@storybook/csf": "0.0.2--canary.4566f4d.1", - "@storybook/store": "6.5.12", + "@storybook/store": "6.5.13", "@types/qs": "^6.9.5", "@types/webpack-env": "^1.16.0", "core-js": "^3.8.2", @@ -54827,16 +54841,18 @@ }, "dependencies": { "@storybook/addons": { - "version": "6.5.12", + "version": "6.5.13", + "resolved": "https://registry.npmjs.org/@storybook/addons/-/addons-6.5.13.tgz", + "integrity": "sha512-18CqzNnrGMfeZtiKz+R/3rHtSNnfNwz6y6prIQIbWseK16jY8ELTfIFGviwO5V2OqpbHDQi5+xQQ63QAIb89YA==", "dev": true, "requires": { - "@storybook/api": "6.5.12", - "@storybook/channels": "6.5.12", - "@storybook/client-logger": "6.5.12", - "@storybook/core-events": "6.5.12", + "@storybook/api": "6.5.13", + "@storybook/channels": "6.5.13", + "@storybook/client-logger": "6.5.13", + "@storybook/core-events": "6.5.13", "@storybook/csf": "0.0.2--canary.4566f4d.1", - "@storybook/router": "6.5.12", - "@storybook/theming": "6.5.12", + "@storybook/router": "6.5.13", + "@storybook/theming": "6.5.13", "@types/webpack-env": "^1.16.0", "core-js": "^3.8.2", "global": "^4.4.0", @@ -54844,16 +54860,18 @@ } }, "@storybook/api": { - "version": "6.5.12", + "version": "6.5.13", + "resolved": "https://registry.npmjs.org/@storybook/api/-/api-6.5.13.tgz", + "integrity": "sha512-xVSmB7/IuFd6G7eiJjbI2MuS7SZunoUM6d+YCWpjiehfMeX47MXt1gZtOwFrgJC1ShZlefXFahq/dvxwtmWs+w==", "dev": true, "requires": { - "@storybook/channels": "6.5.12", - "@storybook/client-logger": "6.5.12", - "@storybook/core-events": "6.5.12", + "@storybook/channels": "6.5.13", + "@storybook/client-logger": "6.5.13", + "@storybook/core-events": "6.5.13", "@storybook/csf": "0.0.2--canary.4566f4d.1", - "@storybook/router": "6.5.12", + "@storybook/router": "6.5.13", "@storybook/semver": "^7.3.2", - "@storybook/theming": "6.5.12", + "@storybook/theming": "6.5.13", "core-js": "^3.8.2", "fast-deep-equal": "^3.1.3", "global": "^4.4.0", @@ -54867,12 +54885,14 @@ } }, "@storybook/channel-postmessage": { - "version": "6.5.12", + "version": "6.5.13", + "resolved": "https://registry.npmjs.org/@storybook/channel-postmessage/-/channel-postmessage-6.5.13.tgz", + "integrity": "sha512-R79MBs0mQ7TV8M/a6x/SiTRyvZBidDfMEEthG7Cyo9p35JYiKOhj2535zhW4qlVMESBu95pwKYBibTjASoStPw==", "dev": true, "requires": { - "@storybook/channels": "6.5.12", - "@storybook/client-logger": "6.5.12", - "@storybook/core-events": "6.5.12", + "@storybook/channels": "6.5.13", + "@storybook/client-logger": "6.5.13", + "@storybook/core-events": "6.5.13", "core-js": "^3.8.2", "global": "^4.4.0", "qs": "^6.10.0", @@ -54880,7 +54900,9 @@ } }, "@storybook/channels": { - "version": "6.5.12", + "version": "6.5.13", + "resolved": "https://registry.npmjs.org/@storybook/channels/-/channels-6.5.13.tgz", + "integrity": "sha512-sGYSilE30bz0jG+HdHnkv0B4XkAv2hP+KRZr4xmnv+MOOQpRnZpJ5Z3HVU16s17cj/83NWihKj6BuKcEVzyilg==", "dev": true, "requires": { "core-js": "^3.8.2", @@ -54889,7 +54911,9 @@ } }, "@storybook/client-logger": { - "version": "6.5.12", + "version": "6.5.13", + "resolved": "https://registry.npmjs.org/@storybook/client-logger/-/client-logger-6.5.13.tgz", + "integrity": "sha512-F2SMW3LWFGXLm2ENTwTitrLWJgmMXRf3CWQXdN2EbkNCIBHy5Zcbt+91K4OX8e2e5h9gjGfrdYbyYDYOoUCEfA==", "dev": true, "requires": { "core-js": "^3.8.2", @@ -54897,17 +54921,21 @@ } }, "@storybook/core-events": { - "version": "6.5.12", + "version": "6.5.13", + "resolved": "https://registry.npmjs.org/@storybook/core-events/-/core-events-6.5.13.tgz", + "integrity": "sha512-kL745tPpRKejzHToA3/CoBNbI+NPRVk186vGxXBmk95OEg0TlwgQExP8BnqEtLlRZMbW08e4+6kilc1M1M4N5w==", "dev": true, "requires": { "core-js": "^3.8.2" } }, "@storybook/router": { - "version": "6.5.12", + "version": "6.5.13", + "resolved": "https://registry.npmjs.org/@storybook/router/-/router-6.5.13.tgz", + "integrity": "sha512-sf5aogfirH5ucD0d0hc2mKf2iyWsZsvXhr5kjxUQmgkcoflkGUWhc34sbSQVRQ1i8K5lkLIDH/q2s1Zr2SbzhQ==", "dev": true, "requires": { - "@storybook/client-logger": "6.5.12", + "@storybook/client-logger": "6.5.13", "core-js": "^3.8.2", "memoizerific": "^1.11.3", "qs": "^6.10.0", @@ -54915,12 +54943,14 @@ } }, "@storybook/store": { - "version": "6.5.12", + "version": "6.5.13", + "resolved": "https://registry.npmjs.org/@storybook/store/-/store-6.5.13.tgz", + "integrity": "sha512-GG6lm+8fBX1tNUnX7x3raBOjYhhf14bPWLtYiPlxDTFEMs3sJte7zWKZq6NQ79MoBLL6jjzTeolBfDCBw6fiWQ==", "dev": true, "requires": { - "@storybook/addons": "6.5.12", - "@storybook/client-logger": "6.5.12", - "@storybook/core-events": "6.5.12", + "@storybook/addons": "6.5.13", + "@storybook/client-logger": "6.5.13", + "@storybook/core-events": "6.5.13", "@storybook/csf": "0.0.2--canary.4566f4d.1", "core-js": "^3.8.2", "fast-deep-equal": "^3.1.3", @@ -54936,10 +54966,12 @@ } }, "@storybook/theming": { - "version": "6.5.12", + "version": "6.5.13", + "resolved": "https://registry.npmjs.org/@storybook/theming/-/theming-6.5.13.tgz", + "integrity": "sha512-oif5NGFAUQhizo50r+ctw2hZNLWV4dPHai+L/gFvbaSeRBeHSNkIcMoZ2FlrO566HdGZTDutYXcR+xus8rI28g==", "dev": true, "requires": { - "@storybook/client-logger": "6.5.12", + "@storybook/client-logger": "6.5.13", "core-js": "^3.8.2", "memoizerific": "^1.11.3", "regenerator-runtime": "^0.13.7" @@ -54947,6 +54979,8 @@ }, "slash": { "version": "3.0.0", + "resolved": "https://registry.npmjs.org/slash/-/slash-3.0.0.tgz", + "integrity": "sha512-g9Q1haeby36OSStwb4ntCGGGaKsaVSjQ68fBxoQcutl5fS1vuY18H3wSt3jFyFtrkx+Kz0V1G85A4MyAdDMi2Q==", "dev": true } } diff --git a/package.json b/package.json index 95c66016dee..64b4d633f86 100644 --- a/package.json +++ b/package.json @@ -102,7 +102,7 @@ "@storybook/addon-links": "6.5.9", "@storybook/addon-storysource": "6.5.9", "@storybook/addons": "6.5.9", - "@storybook/client-api": "6.5.12", + "@storybook/client-api": "6.5.13", "@storybook/react": "6.5.10", "@testing-library/jest-dom": "5.16.4", "@testing-library/react": "12.1.5",