mail
mail copied to clipboard
nextcloud
fix(deps): bump dompurify from 3.1.0 to ^3.1.2 (main)
This PR contains the following updates:
| Package | Change | Age | Adoption | Passing | Confidence |
|---|---|---|---|---|---|
| dompurify | ^3.1.0 -> ^3.1.2 |
Release Notes
cure53/DOMPurify (dompurify)
v3.1.2: DOMPurify 3.1.2
- Addressed and fixed a mXSS variation found by @​kevin-mizu
- Addressed and fixed a mXSS variation found by Adam Kues of Assetnote
- Updated tests for older Safari and Chrome versions
v3.1.1: DOMPurify 3.1.1
- Fixed an mXSS sanitiser bypass reported by @​icesfont
- Added new code to track element nesting depth
- Added new code to enforce a maximum nesting depth of 255
- Added coverage tests and necessary clobbering protections
Note that this is a security release and should be upgraded to immediately. Please also note that further releases may follow as the underlying vulnerability is apparently new and further variations may be discovered.
Configuration
📅 Schedule: Branch creation - "before 5am on wednesday" in timezone Europe/Vienna, Automerge - At any time (no schedule defined).
🚦 Automerge: Enabled.
â™» Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
- [ ] If you want to rebase/retry this PR, check this box
This PR has been generated by Mend Renovate. View repository job log here.
![renovate[bot] avatar](https://avatars.githubusercontent.com/in/2740?v=4 "Published by a pub.dev verified publisher"){kind=small}