Movatterモバイル変換

[0]ホーム
URL:

Skip to content

Navigation Menu

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly

 Sign up
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to ourterms of service andprivacy statement. We’ll occasionally send you account related emails.

Already on GitHub?Sign in to your account

Update dependency dompurify to v3.2.4 [SECURITY]#9568

Open
renovate wants to merge1 commit intomain
base:main
Choose a base branch
Loading
fromrenovate/npm-dompurify-vulnerability

Conversation

renovate[bot]
Copy link
Contributor

@renovaterenovatebot commentedFeb 14, 2025
edited
Loading

This PR contains the following updates:

PackageChangeAgeAdoptionPassingConfidence
dompurify3.1.5 ->3.2.4ageadoptionpassingconfidence

GitHub Vulnerability Alerts

CVE-2025-26791

DOMPurify before 3.2.4 has an incorrect template literal regular expression, sometimes leading to mutation cross-site scripting (mXSS).

Release Notes

cure53/DOMPurify (dompurify)

v3.2.4: DOMPurify 3.2.4

Compare Source

  • Fixed a conditional and config dependent mXSS-stylebypass reported by@​nsysean
  • Added a new feature to allow specific hook removal, thanks@​davecardwell
  • Addedpurify.js andpurify.min.js to exports, thanks@​Aetherinox
  • Added better logic in case no window object is president, thanks@​yehuya
  • Updated some dependencies called out by dependabot
  • Updated license files etc to show the correct year

v3.2.3: DOMPurify 3.2.3

Compare Source

v3.2.2: DOMPurify 3.2.2

Compare Source

  • Fixed a possible bypass in case a rather specific config for custom elements is set, thanks@​yaniv-git
  • Fixed several minor issues with the type definitions, thanks again@​reduckted
  • Fixed a minor issue with the types reference for trusted types, thanks@​reduckted
  • Fixed a minor problem with the template detection regex on some systems, thanks@​svdb99

v3.2.1: DOMPurify 3.2.1

Compare Source

v3.2.0: DOMPurify 3.2.0

Compare Source

v3.1.7: DOMPurify 3.1.7

Compare Source

  • Fixed an issue with comment detection and possible bypasses with specific config settings, thanks@​masatokinugawa
  • Fixed several smaller typos in documentation and test & build files, thanks@​christianhg
  • Added better support for Angular compiler, thanks@​jeroen1602
  • Added several new attributes to HTML and SVG allow-list, thanks@​Gigabyte5671 and@​Rotzbua
  • Removed theforeignObject element from the list of HTML entry-points, thanks@​masatokinugawa
  • Bumped several dependencies to be more up to date

v3.1.6: DOMPurify 3.1.6

Compare Source

  • Fixed an issue with the execution logic of attribute hooks to prevent bypasses, thanks@​kevin-mizu
  • Fixed an issue with element removal leading to uncaught errors through DOM Clobbering, thanks@​realansgar
  • Fixed a minor problem with the bower file pointing to the wrong dist path
  • Fixed several minor typos in docs, comments and comment blocks, thanks@​Rotzbua
  • Updated several development dependencies

Configuration

📅Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

🚦Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕Ignore: Close this PR and you won't be reminded about this update again.

  • If you want to rebase/retry this PR, check this box

This PR was generated byMend Renovate. View therepository job log.

@renovaterenovatebot changed the titleUpdate dependency dompurify to v3.2.4 [SECURITY]fix(deps): update dependency dompurify to v3.2.4 [security]Feb 20, 2025
@renovaterenovatebotforce-pushed therenovate/npm-dompurify-vulnerability branch from2b23746 tob84126cCompareMarch 3, 2025 13:34
@renovaterenovatebotforce-pushed therenovate/npm-dompurify-vulnerability branch fromb84126c to8e6b9e6CompareMarch 11, 2025 10:40
@renovaterenovatebot changed the titlefix(deps): update dependency dompurify to v3.2.4 [security]Update dependency dompurify to v3.2.4 [SECURITY]Mar 12, 2025
@renovaterenovatebotforce-pushed therenovate/npm-dompurify-vulnerability branch from8e6b9e6 tof7b08f0CompareMarch 14, 2025 22:26
@renovaterenovatebot changed the titleUpdate dependency dompurify to v3.2.4 [SECURITY]fix(deps): update dependency dompurify to v3.2.4 [security]Mar 14, 2025
@renovaterenovatebotforce-pushed therenovate/npm-dompurify-vulnerability branch fromf7b08f0 to3074cf6CompareMarch 24, 2025 01:10
@renovaterenovatebot changed the titlefix(deps): update dependency dompurify to v3.2.4 [security]Update dependency dompurify to v3.2.4 [SECURITY]Mar 24, 2025
@renovaterenovatebotforce-pushed therenovate/npm-dompurify-vulnerability branch from3074cf6 to401db4cCompareApril 1, 2025 12:39
Sign up for freeto join this conversation on GitHub. Already have an account?Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

0 participants
[8]ページ先頭
©2009-2025 Movatter.jp