- Notifications
You must be signed in to change notification settings - Fork1k
chore: override version of DOMPurify#19574
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to ourterms of service andprivacy statement. We’ll occasionally send you account related emails.
Already on GitHub?Sign in to your account
Uh oh!
There was an error while loading.Please reload this page.
Conversation
Parkreiner commentedAug 27, 2025 • edited
Loading Uh oh!
There was an error while loading.Please reload this page.
edited
Uh oh!
There was an error while loading.Please reload this page.
Edit: whoops, I should've expanded the preview for the files before saying anything. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others.Learn more.
I misunderstood the changes for a moment, but specifying theoverride in thepackage.json file should do the trick here
0b6f353 intomainUh oh!
There was an error while loading.Please reload this page.
Thanks for checking@Parkreiner! |
TheDOMPurify version used by the latest version ofmonaco-editor containsat least one known CVE
#19445
#19446
This PR aims to override the version to resolve security issues:
https://www.npmjs.com/package/dompurify/v/3.2.6