vikunja
/
vikunja
6
43
Fork 71
Code Issues 150 Pull Requests 18 Packages Releases 32 Activity

fix(deps): update dependency dompurify to v3.1.1 #2304

Merged
konrad merged 1 commits from renovate/dompurify-3.x into main 2024-04-26 14:57:33 +00:00
Conversation 1 Commits 1 Files Changed 2 +6 -6
renovate commented 2024-04-26 12:07:36 +00:00
Member
Copy Link

This PR contains the following updates:

Package Type Update Change
dompurify dependencies patch 3.1.0 -> 3.1.1

Release Notes

cure53/DOMPurify (dompurify)

v3.1.1: DOMPurify 3.1.1

Compare Source

  • Fixed an mXSS sanitiser bypass reported by @​icesfont
  • Added new code to track element nesting depth
  • Added new code to enforce a maximum nesting depth of 255
  • Added coverage tests and necessary clobbering protections

Note that this is a security release and should be upgraded to immediately. Please also note that further releases may follow as the underlying vulnerability is apparently new and further variations may be discovered.

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

  • If you want to rebase/retry this PR, check this box

This PR has been generated by Renovate Bot.

This PR contains the following updates: | Package | Type | Update | Change | |---|---|---|---| | [dompurify](https://github.com/cure53/DOMPurify) | dependencies | patch | [`3.1.0` -> `3.1.1`](https://renovatebot.com/diffs/npm/dompurify/3.1.0/3.1.1) | --- ### Release Notes <details> <summary>cure53/DOMPurify (dompurify)</summary> ### [`v3.1.1`](https://github.com/cure53/DOMPurify/releases/tag/3.1.1): DOMPurify 3.1.1 [Compare Source](https://github.com/cure53/DOMPurify/compare/3.1.0...3.1.1) - Fixed an mXSS sanitiser bypass reported by [@&#8203;icesfont](https://github.com/icesfont) - Added new code to track element nesting depth - Added new code to enforce a maximum nesting depth of 255 - Added coverage tests and necessary clobbering protections **Note that this is a security release and should be upgraded to immediately. Please also note that further releases may follow as the underlying vulnerability is apparently new and further variations may be discovered.** </details> --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNy4zMjEuMiIsInVwZGF0ZWRJblZlciI6IjM3LjMyMS4yIiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6WyJkZXBlbmRlbmNpZXMiXX0=-->
renovate added the
dependencies
 label 2024-04-26 12:07:36 +00:00
renovate added 1 commit 2024-04-26 12:08:15 +00:00
continuous-integration/drone/pr Build is passing Details
continuous-integration/drone/push Build is passing Details
fd126fa234 fix(deps): update dependency dompurify to v3.1.1
frederick commented 2024-04-26 12:18:59 +00:00
Member
Copy Link

Hi renovate!

Thank you for creating a PR!

I've deployed the frontend changes of this PR on a preview environment under this URL: https://2304-renovate-dompurify-3-x--vikunja-frontend-preview.netlify.app

You can use this url to view the changes live and test them out.
You will need to manually connect this to an api running somewhere. The easiest to use is https://try.vikunja.io/.

This preview does not contain any changes made to the api, only the frontend.

Have a nice day!

Beep boop, I'm a bot.

Hi renovate! Thank you for creating a PR! I've deployed the frontend changes of this PR on a preview environment under this URL: https://2304-renovate-dompurify-3-x--vikunja-frontend-preview.netlify.app You can use this url to view the changes live and test them out. You will need to manually connect this to an api running somewhere. The easiest to use is https://try.vikunja.io/. This preview does not contain any changes made to the api, only the frontend. Have a nice day! > Beep boop, I'm a bot.
konrad merged commit fd126fa234 into main 2024-04-26 14:57:33 +00:00
Sign in to join this conversation.
Reviewers
No reviewers
Labels
Clear labels   
dependencies

   
duplicate

This issue or pull request already exists

  
help wanted

Need some help

  
invalid

Something is wrong

  
kind/bug

Something is not working

  
kind/feature

New feature

  
needs reproduction

   
question

More information is needed

  
security

   
wontfix

This won't be fixed

No Label
dependencies
duplicate
help wanted
invalid
kind/bug
kind/feature
needs reproduction
question
security
wontfix
Milestone
Clear milestone
No items
No Milestone
Assignees
Clear assignees
No Assignees
2 Participants
Notifications
Due Date
The due date is invalid or out of range. Please use the format 'yyyy-mm-dd'.

No due date set.

Dependencies

No dependencies set.

Reference: vikunja/vikunja#2304
No description provided.
Delete Branch "renovate/dompurify-3.x"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?