vikunja
/
frontend
Archived
6
39
Fork 49
Code Issues 1 Pull Requests 4 Projects Releases 26 Activity

Update dependency dompurify to v2.0.17 #241

Merged
konrad merged 1 commits from renovate/dompurify-2.x into master 2020-09-22 20:29:39 +00:00
Conversation 0 Commits 1 Files Changed 2 +5 -5
renovate commented 2020-09-22 20:23:15 +00:00
Member
Copy Link

This PR contains the following updates:

Package Type Update Change
dompurify dependencies patch 2.0.15 -> 2.0.17

Release Notes

cure53/DOMPurify

v2.0.17

Compare Source

  • Fixed another bypass causing mXSS by using MathML

v2.0.16

Compare Source

  • Fixed an mXSS-based bypass caused by nested forms inside MathML
  • Fixed a security error thrown on older Chrome on Android versions, see #​470

Credits for the bypass go to Michał Bentkowski (@​securityMB) of Securitum who spotted the bug in Chrome, turned it into another DOMPurify bypass, reported and helped verifying the fix 🙇‍♂️ 🙇‍♀️

Renovate configuration

📅 Schedule: At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻️ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

  • If you want to rebase/retry this PR, check this box

This PR has been generated by Renovate Bot.

This PR contains the following updates: | Package | Type | Update | Change | |---|---|---|---| | [dompurify](https://github.com/cure53/DOMPurify) | dependencies | patch | [`2.0.15` -> `2.0.17`](https://renovatebot.com/diffs/npm/dompurify/2.0.15/2.0.17) | --- ### Release Notes <details> <summary>cure53/DOMPurify</summary> ### [`v2.0.17`](https://github.com/cure53/DOMPurify/releases/2.0.17) [Compare Source](https://github.com/cure53/DOMPurify/compare/2.0.16...2.0.17) - Fixed another bypass causing mXSS by using MathML ### [`v2.0.16`](https://github.com/cure53/DOMPurify/releases/2.0.16) [Compare Source](https://github.com/cure53/DOMPurify/compare/2.0.15...2.0.16) - Fixed an mXSS-based bypass caused by nested forms inside MathML - Fixed a security error thrown on older Chrome on Android versions, see [#&#8203;470](https://github.com/cure53/DOMPurify/issues/470) Credits for the bypass go to Michał Bentkowski ([@&#8203;securityMB](https://github.com/securityMB)) of Securitum who spotted the bug in Chrome, turned it into another DOMPurify bypass, reported and helped verifying the fix :bowing_man: :bowing_woman: </details> --- ### Renovate configuration 📅 **Schedule**: At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻️ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate).
renovate added the
dependencies
 label 2020-09-22 20:23:15 +00:00
renovate added 1 commit 2020-09-22 20:23:16 +00:00
continuous-integration/drone/pr Build is passing Details
ff28adac6d Update dependency dompurify to v2.0.17
konrad merged commit 2a65efe6b0 into master 2020-09-22 20:29:39 +00:00
This repo is archived. You cannot comment on pull requests.
Reviewers
No reviewers
Labels
Clear labels   
area/internal-code

   
changes requested

   
confirmed

   
dependencies

   
duplicate

This issue or pull request already exists

  
good first issue

   
help wanted

Need some help

  
hosting

   
invalid

Something is wrong

  
kind/bug

Something is not working

  
kind/feature

New feature

  
question

More information is needed

  
wontfix

This won't be fixed

No Label
area/internal-code
changes requested
confirmed
dependencies
duplicate
good first issue
help wanted
hosting
invalid
kind/bug
kind/feature
question
wontfix
Milestone
Clear milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
No Assignees
1 Participants
Due Date
The due date is invalid or out of range. Please use the format 'yyyy-mm-dd'.

No due date set.

Dependencies

No dependencies set.

Reference: vikunja/frontend#241
No description provided.
Delete Branch "renovate/dompurify-2.x"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?