reactpress
reactpress copied to clipboard
Published
20 hours ago •
kvnam
kvnam
[Snyk] Security upgrade dompurify from 2.3.0 to 2.4.9
This PR was automatically created by Snyk using the credentials of a real user.
Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.
Changes included in this PR
- Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
- package.json
Vulnerabilities that will be fixed
With an upgrade:
| Severity | Priority Score (*) | Issue | Breaking Change | Exploit Maturity |
|---|---|---|---|---|
 |
658/1000 Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 5.3 |
Template Injection SNYK-JS-DOMPURIFY-6474511 |
No | Proof of Concept |
(*) Note that the real score may have changed since the PR was raised.
Commit messages
Package name: dompurify
The new version differs by 250 commits.- 79cfb37 chore: Preparing 2.4.9 release
- 0940755 fix: Merged relevant changes from main for 2.4.9
- 416ba67 chore: Preparing 2.4.8 release
- 4035e3a chore: Preparing 2.4.8. release
- f0e75b0 fix: cherry-picked fixes for XML & CE bypass
- ef731c0 chore: Preparing 2.4.7. release
- 5b7dff9 chore: Preparing 2.4.6 release
- a01c083 Fix: addressed a bypass on jsdom 22 when noframes tag is allowed
- f464d95 chore: preparing 2.4.5 release
- fa4e8ee chore: preparing 2.4.4 release
- f5c25ac see #767
- 08e9fab test: Added 2.x tag to 2.x branch actions
- 5f766bc See #761
- 90326ef Merge pull request #750 from cure53/dependabot/npm_and_yarn/json5-1.0.2
- fade506 chore: Prepare 2.4.3, final feature release compatible w. MSIE10/11
- 3afe389 build(deps): bump json5 from 1.0.1 to 1.0.2
- f1e180f fix: merged from latest main
- 7707778 Update README.md
- 5267b04 chore: Preparing 2.4.2 release
- d1dd037 fix: Fixed a prototype pollution bug reported by @ kevin_mizu
- 24d2a7f Merge pull request #748 from tosmolka/tosmolka/747
- 7de86a0 Fix formatting
- 191cc00 Fix Trusted Types Sink violation with empty input and NAMESPACE
- 4945074 Merge pull request #745 from cure53/dependabot/npm_and_yarn/qs-and-body-parser-6.11.0
Check the changes in this PR to ensure they won't cause issues with your project.
Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.
For more information:
🧐 View latest project report
📚 Read more about Snyk's upgrade and patch logic
Learn how to fix vulnerabilities with free interactive lessons:
🦉 Learn about vulnerability in an interactive lesson of Snyk Learn.
