WebchatWidget
WebchatWidget copied to clipboard
Published
20 hours ago •
Cognigy
Cognigy
[Snyk] Security upgrade dompurify from 2.4.3 to 2.4.9
This PR was automatically created by Snyk using the credentials of a real user.
Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.
Changes included in this PR
- Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
- package.json
⚠️ Warning
Failed to update the package-lock.json, please update manually before merging.
Vulnerabilities that will be fixed
With an upgrade:
| Severity | Priority Score (*) | Issue | Breaking Change | Exploit Maturity |
|---|---|---|---|---|
 |
658/1000 Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 5.3 |
Template Injection SNYK-JS-DOMPURIFY-6474511 |
No | Proof of Concept |
(*) Note that the real score may have changed since the PR was raised.
Commit messages
Package name: dompurify
The new version differs by 13 commits.- 79cfb37 chore: Preparing 2.4.9 release
- 0940755 fix: Merged relevant changes from main for 2.4.9
- 416ba67 chore: Preparing 2.4.8 release
- 4035e3a chore: Preparing 2.4.8. release
- f0e75b0 fix: cherry-picked fixes for XML & CE bypass
- ef731c0 chore: Preparing 2.4.7. release
- 5b7dff9 chore: Preparing 2.4.6 release
- a01c083 Fix: addressed a bypass on jsdom 22 when noframes tag is allowed
- f464d95 chore: preparing 2.4.5 release
- fa4e8ee chore: preparing 2.4.4 release
- f5c25ac see #767
- 08e9fab test: Added 2.x tag to 2.x branch actions
- 5f766bc See #761
Check the changes in this PR to ensure they won't cause issues with your project.
Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.
For more information:
🧐 View latest project report
📚 Read more about Snyk's upgrade and patch logic
Learn how to fix vulnerabilities with free interactive lessons:
🦉 Learn about vulnerability in an interactive lesson of Snyk Learn.
