[Snyk] Upgrade dompurify from 3.0.6 to 3.1.0

[BiraruX]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to upgrade dompurify from 3.0.6 to 3.1.0.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

---

• The recommended version is 6 versions ahead of your current version.
• The recommended version was released 24 days ago, on 2024-04-07.

The recommended version fixes:

Severity	Issue	PriorityScore (*)	Exploit Maturity
	Template Injection SNYK-JS-DOMPURIFY-6474511	658/1000 Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 5.3	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Release notes

Package name: dompurify

• 3.1.0 - 2024-04-07
  
  • Added new setting SAFE_FOR_XML to enable better control over comment scrubbing
  • Updated README to warn about happy-dom not being safe for use with DOMPurify yet
  • Updated the LICENSE file to show the accurate year number
  • Updated several build and test dependencies
• 3.0.11 - 2024-03-21
  
  • Fixed another conditional bypass caused by Processing Instructions, thanks @ Ry0taK
  • Fixed the regex for HTML Custom Element detection, thanks @ AlekseySolovey3T
• 3.0.10 - 2024-03-19
  
  • Fixed two possible bypasses when sanitizing an XML document and later using it in HTML, thanks @ Slonser
  • Bumped up some build and test dependencies
• 3.0.9 - 2024-02-20
• 3.0.8 - 2024-01-05
• 3.0.7 - 2024-01-04
• 3.0.6 - 2023-09-28

from dompurify GitHub release notes

Commit messages

Package name: dompurify

• db19269 Merge pull request #936 from cure53/main
• 3375f4c docs: Updated the year in LICENSE file
• 1c32a11 Merge pull request #934 from cure53/main
• 0cf9d2d chore: Preparing 3.1.0 release
• 933b9de See #931
• bf1f5cf fix: Changed the SAFE_FOR_XML config assignment slightly
• e2c857e docs: Modified the README slightly regarding the happy-dom warning
• 3a00950 feature: Added new config option to control comment sanitization
• 1ebcfd4 fix: Removed the unnecessary clobbering check for elm.data
• fc3c781 fix: Rolling back changes from previous fixes, trying more aggressive comment handling
• 8a0dcf8 fix: Enhanced the fix for comments inside XML
• 0f473ef fix: Added an experimental fix to treat unwanted XML comment behavior
• 93ef943 Merge pull request #926 from HaluanUskoa/fix/attrs
• 5540df9 Update attrs.js
• a9fd4ae Merge pull request #921 from cure53/main
• 03d20b1 chore: Preparing 3.0.11 release
• c60a4df fix: Made the NodeFilter see CDATA sections as well, thanks @ Ry0taK
• dce81a5 fix: Addressed a conditional bypass pattern spotted by @ Ry0taK
• f2b637f Merge pull request #917 from cure53/main
• 51eea81 chore: Preparing 3.0.10 release
• dbc1d26 Merge pull request #915 from cure53/dependabot/npm_and_yarn/follow-redirects-1.15.6
• aaa6da1 build(deps-dev): bump follow-redirects from 1.15.4 to 1.15.6
• fcb9dbd fix: added a fix to handle invalid HTML Custom Element tagNames better
• 1b59639 fix: Fixed a possible issue with XML processing instructions deployed in HTML

Compare

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs