Skip to content

chore(deps): update dependency dompurify to v3.1.1

GitLab Dependency Botrequested to merge
gitlab-renovate-forks/gitlab-ui:renovate/dompurify-3.x-lockfile into main

This MR contains the following updates:

Package Type Update Change
dompurify devDependencies patch 3.1.0 -> 3.1.1

MR created with the help of gitlab-org/frontend/renovate-gitlab-bot

Release Notes

cure53/DOMPurify (dompurify)

v3.1.1: DOMPurify 3.1.1

Compare Source

  • Fixed an mXSS sanitiser bypass reported by @​icesfont
  • Added new code to track element nesting depth
  • Added new code to enforce a maximum nesting depth of 255
  • Added coverage tests and necessary clobbering protections

Note that this is a security release and should be upgraded to immediately. Please also note that further releases may follow as the underlying vulnerability is apparently new and further variations may be discovered.

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever MR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this MR and you won't be reminded about this update again.

  • If you want to rebase/retry this MR, check this box

This MR has been generated by Renovate Bot.

Edited by Dheeraj Joshi

Merge request reports