Skip to content
This repository was archived by the owner on Sep 22, 2025. It is now read-only.

[Snyk] Upgrade dompurify from 3.0.3 to 3.2.4 #4

Open
thefoodiecoder wants to merge 1 commit into
base: main
Choose a base branch
from
Open

[Snyk] Upgrade dompurify from 3.0.3 to 3.2.4 #4

thefoodiecoder wants to merge 1 commit into from

Conversation

@thefoodiecoder
Copy link
Member

@thefoodiecoder thefoodiecoder commented Apr 2, 2025

snyk-top-banner

Snyk has created this PR to upgrade dompurify from 3.0.3 to 3.2.4.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

  • The recommended version is 21 versions ahead of your current version.

  • The recommended version was released 2 months ago.

Issues fixed by the recommended upgrade:

Issue Score Exploit Maturity
high severity Prototype Pollution
SNYK-JS-DOMPURIFY-7984421		 586 No Known Exploit
medium severity Template Injection
SNYK-JS-DOMPURIFY-6474511		 586 Proof of Concept
medium severity Cross-site Scripting (XSS)
SNYK-JS-DOMPURIFY-8184974		 586 Proof of Concept
low severity Cross-site Scripting (XSS)
SNYK-JS-DOMPURIFY-8722251		 586 Proof of Concept
Release notes
Package name: dompurify
  • 3.2.4 - 2025-01-30
    • Fixed a conditional and config dependent mXSS-style bypass reported by @ nsysean
    • Added a new feature to allow specific hook removal, thanks @ davecardwell
    • Added purify.js and purify.min.js to exports, thanks @ Aetherinox
    • Added better logic in case no window object is president, thanks @ yehuya
    • Updated some dependencies called out by dependabot
    • Updated license files etc to show the correct year
  • 3.2.3 - 2024-12-09
    • Fixed two conditional sanitizer bypasses discovered by @ parrot409 and @ Slonser
    • Updated the attribute clobbering checks to prevent future bypasses, thanks @ parrot409
  • 3.2.2 - 2024-11-29
    • Fixed a possible bypass in case a rather specific config for custom elements is set, thanks @ Yaniv-git
    • Fixed several minor issues with the type definitions, thanks again @ reduckted
    • Fixed a minor issue with the types reference for trusted types, thanks @ reduckted
    • Fixed a minor problem with the template detection regex on some systems, thanks @ svdb99
  • 3.2.1 - 2024-11-20
  • 3.2.0 - 2024-11-11
  • 3.1.7 - 2024-09-26
    • Fixed an issue with comment detection and possible bypasses with specific config settings, thanks @ masatokinugawa
    • Fixed several smaller typos in documentation and test & build files, thanks @ christianhg
    • Added better support for Angular compiler, thanks @ jeroen1602
    • Added several new attributes to HTML and SVG allow-list, thanks @ Gigabyte5671 and @ Rotzbua
    • Removed the foreignObject element from the list of HTML entry-points, thanks @ masatokinugawa
    • Bumped several dependencies to be more up to date
  • 3.1.6 - 2024-07-05
    • Fixed an issue with the execution logic of attribute hooks to prevent bypasses, thanks @ kevin-mizu
    • Fixed an issue with element removal leading to uncaught errors through DOM Clobbering, thanks @ realansgar
    • Fixed a minor problem with the bower file pointing to the wrong dist path
    • Fixed several minor typos in docs, comments and comment blocks, thanks @ Rotzbua
    • Updated several development dependencies
  • 3.1.5 - 2024-05-31
  • 3.1.4 - 2024-05-20
  • 3.1.3 - 2024-05-11
  • 3.1.2 - 2024-04-30
  • 3.1.1 - 2024-04-26
  • 3.1.0 - 2024-04-07
  • 3.0.11 - 2024-03-21
  • 3.0.10 - 2024-03-19
  • 3.0.9 - 2024-02-20
  • 3.0.8 - 2024-01-05
  • 3.0.7 - 2024-01-04
  • 3.0.6 - 2023-09-28
  • 3.0.5 - 2023-07-11
  • 3.0.4 - 2023-06-29
  • 3.0.3 - 2023-05-06
from dompurify GitHub release notes

Important

  • Check the changes in this PR to ensure they won't cause issues with your project.
  • This PR was automatically created by Snyk using the credentials of a real user.
  • Max score is 1000. Note that the real score may have changed since the PR was raised.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

@snyk-bot
fix: upgrade dompurify from 3.0.3 to 3.2.4
603592d 
Snyk has created this PR to upgrade dompurify from 3.0.3 to 3.2.4.

See this package in npm:
dompurify

See this project in Snyk:
https://app.snyk.io/org/vijay-sok/project/43c512f6-6775-4d03-91d8-292dca650da8?utm_source=github&utm_medium=referral&page=upgrade-pr
otaku-tekkurai pushed a commit that referenced this pull request May 13, 2025
@sheetalsindhu
feat: Catalog Component Registration #4 (#7)
0f56be9 
## 📦 Backstage Catalog Component Registration

### Adds 🚀
- A new `catalog-info.yaml` file for registering
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@thefoodiecoder @snyk-bot