Update dependency dompurify to v2.2.0 #274

renovate · 2020-10-21T08:01:01Z

renovate commented

2020-10-21 08:01:01 +00:00

This PR contains the following updates:

Package	Type	Update	Change
dompurify	dependencies	minor	`2.1.1` -> `2.2.0`

Release Notes

cure53/DOMPurify

`v2.2.0`

Compare Source

Fix a possible XSS in Chrome that is hidden behind #enable-experimental-web-platform-features, reported by @neilj and @mfreed7
Changed RETURN_DOM_IMPORT default to true to address said possible XSS
Updated README to reflect the new change and inform about the risks of manually setting RETURN_DOM_IMPORT back to false
Fixed the tests to properly address the new default

Renovate configuration

📅 Schedule: At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻️ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

If you want to rebase/retry this PR, check this box

This PR has been generated by Renovate Bot.

This PR contains the following updates: | Package | Type | Update | Change | |---|---|---|---| | [dompurify](https://github.com/cure53/DOMPurify) | dependencies | minor | [`2.1.1` -> `2.2.0`](https://renovatebot.com/diffs/npm/dompurify/2.1.1/2.2.0) | --- ### Release Notes <details> <summary>cure53/DOMPurify</summary> ### [`v2.2.0`](https://github.com/cure53/DOMPurify/releases/2.2.0) [Compare Source](https://github.com/cure53/DOMPurify/compare/2.1.1...2.2.0) - Fix a possible XSS in Chrome that is hidden behind _#enable-experimental-web-platform-features_, reported by [@neilj](https://github.com/neilj) and [@mfreed7](https://github.com/mfreed7) - Changed `RETURN_DOM_IMPORT` default to `true` to address said possible XSS - Updated README to reflect the new change and inform about the risks of manually setting `RETURN_DOM_IMPORT` back to `false` - Fixed the tests to properly address the new default </details> --- ### Renovate configuration 📅 **Schedule**: At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻️ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] If you want to rebase/retry this PR, check this box --- This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate).

renovate added the

dependencies

label 2020-10-21 08:01:01 +00:00

renovate force-pushed renovate/dompurify-2.x from 8b6f1110ed to e39fdcbdc1

2020-10-21 17:01:07 +00:00

Compare

konrad merged commit e1cee4f5e0 into master

2020-10-21 18:13:54 +00:00

konrad referenced this issue from a commit

2020-10-21 18:13:54 +00:00

Update dependency dompurify to v2.2.0 (#274)

This repo is archived. You cannot comment on pull requests.