Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix(deps): update dependency dompurify to v3.2.4 [security] #3576

Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

fix(deps): update dependency dompurify to v3.2.4 [security] #3576

wants to merge 1 commit into from

Conversation

renovate[bot]
Copy link
Contributor

@renovate renovate bot commented Feb 14, 2025

This PR contains the following updates:

Package Change Age Adoption Passing Confidence
dompurify 3.2.3 -> 3.2.4 age adoption passing confidence

GitHub Vulnerability Alerts

CVE-2025-26791

DOMPurify before 3.2.4 has an incorrect template literal regular expression, sometimes leading to mutation cross-site scripting (mXSS).

Release Notes

cure53/DOMPurify (dompurify)

v3.2.4: DOMPurify 3.2.4

Compare Source

  • Fixed a conditional and config dependent mXSS-style bypass reported by @​nsysean
  • Added a new feature to allow specific hook removal, thanks @​davecardwell
  • Added purify.js and purify.min.js to exports, thanks @​Aetherinox
  • Added better logic in case no window object is president, thanks @​yehuya
  • Updated some dependencies called out by dependabot
  • Updated license files etc to show the correct year

Configuration

📅 Schedule: Branch creation - "" in timezone Europe/Paris, Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@socket-security Socket Security
Copy link

New, updated, and removed dependencies detected. Learn more about Socket for GitHub ↗︎

Package New capabilities Transitives Size Publisher
npm/@meilisearch/[email protected] network 0 1.06 MB meili-bot
npm/@next/[email protected] None 0 3.38 kB vercel-release-bot
npm/@sentry/[email protected] environment, filesystem, network Transitive: shell, unsafe +116 137 MB sentry-bot
npm/@socialgouv/[email protected] Transitive: environment, eval, filesystem, network, unsafe +90 16 MB socialgroovybot
npm/@storybook/[email protected] Transitive: filesystem, unsafe +18 3.47 MB storybook-bot
npm/@storybook/[email protected] Transitive: environment, eval +32 7.17 MB storybook-bot
npm/@storybook/[email protected] None +2 73.2 kB storybook-bot
npm/@storybook/[email protected] environment, eval +2 1.9 MB storybook-bot
npm/@storybook/[email protected] environment Transitive: eval, filesystem, network, shell, unsafe +216 28.5 MB storybook-bot
npm/@storybook/[email protected] environment Transitive: eval +37 7.98 MB storybook-bot
npm/@testing-library/[email protected] Transitive: environment +11 3.33 MB testing-library-bot
npm/@testing-library/[email protected] None +8 768 kB testing-library-bot
npm/@testing-library/[email protected] environment +11 3.61 MB testing-library-bot
npm/@testing-library/[email protected] Transitive: environment +11 3.72 MB testing-library-bot
npm/@types/[email protected] None 0 1.74 kB types
npm/@types/[email protected] None +1 2.8 MB types
npm/@types/[email protected] None +4 702 kB types
npm/@types/[email protected] None +1 871 kB types
npm/@types/[email protected] None +2 92.5 kB types
npm/@types/[email protected] 🔁 npm/@types/[email protected] None 0 2.29 MB types
npm/@types/[email protected] None 0 13.6 kB types
npm/@types/[email protected] None 0 37.9 kB types
npm/@types/[email protected] None 0 7.82 kB types
npm/@typescript-eslint/[email protected] Transitive: environment, filesystem +23 8.11 MB bradzacher, jameshenry
npm/[email protected] None +2 1.29 MB hazork
npm/[email protected] network Transitive: filesystem +5 2.24 MB jasonsaayman
npm/[email protected] None 0 23.6 kB jedwatson
npm/[email protected] Transitive: environment, eval, filesystem, network, shell, unsafe +57 11.5 MB cypress-npm-publisher
npm/[email protected] None +1 317 kB cure53
npm/[email protected] unsafe Transitive: environment, eval, filesystem, network, shell +84 13.6 MB timer, timneutkens, vercel-release-bot
npm/[email protected] None 0 85.8 kB cypress-npm-publisher
npm/[email protected] Transitive: environment, eval, filesystem +42 4.42 MB ljharb, yannickcr
npm/[email protected] filesystem Transitive: environment +13 1.95 MB rafaelrozon, yannbf
npm/[email protected] filesystem Transitive: environment +12 2.03 MB testing-library-bot
npm/[email protected] environment, filesystem Transitive: eval, shell, unsafe +44 9.14 MB eslintbot
npm/[email protected] None 0 174 kB amitgupta
npm/[email protected] environment, filesystem Transitive: eval, shell +20 8.97 MB ext

🚮 Removed packages: npm/@docusaurus/[email protected], npm/@docusaurus/[email protected], npm/@docusaurus/[email protected], npm/@docusaurus/[email protected], npm/@tsconfig/[email protected], npm/[email protected]

View full report↗︎

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
dependencies
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
0 participants