From 75cece4da7f6f9a2d78395d5f3f02a6865681771 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Mon, 9 Dec 2024 10:08:05 +0000 Subject: [PATCH] Update dependency dompurify to v3.2.3 (#21835) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This PR contains the following updates: | Package | Change | Age | Adoption | Passing | Confidence | |---|---|---|---|---|---| | [dompurify](https://redirect.github.com/cure53/DOMPurify) | [`3.2.2` -> `3.2.3`](https://renovatebot.com/diffs/npm/dompurify/3.2.2/3.2.3) | [![age](https://developer.mend.io/api/mc/badges/age/npm/dompurify/3.2.3?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/dompurify/3.2.3?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/dompurify/3.2.2/3.2.3?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/dompurify/3.2.2/3.2.3?slim=true)](https://docs.renovatebot.com/merge-confidence/) | --- ### Release Notes
cure53/DOMPurify (dompurify) ### [`v3.2.3`](https://redirect.github.com/cure53/DOMPurify/releases/tag/3.2.3): DOMPurify 3.2.3 [Compare Source](https://redirect.github.com/cure53/DOMPurify/compare/3.2.2...3.2.3) - Fixed two conditional sanitizer bypasses discovered by [@​parrot409](https://redirect.github.com/parrot409) and [@​Slonser](https://x.com/slonser\_) - Updated the attribute clobbering checks to prevent future bypasses, thanks [@​parrot409](https://redirect.github.com/parrot409)
--- ### Configuration 📅 **Schedule**: Branch creation - "* * * * 1-5" (UTC), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Enabled. ♻ **Rebasing**: Never, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] If you want to rebase/retry this PR, check this box --- This PR was generated by [Mend Renovate](https://mend.io/renovate/). View the [repository job log](https://developer.mend.io/github/TryGhost/Ghost). Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> --- ghost/core/package.json | 2 +- yarn.lock | 8 ++++---- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/ghost/core/package.json b/ghost/core/package.json index 956a79cb7a..e9b24d9c10 100644 --- a/ghost/core/package.json +++ b/ghost/core/package.json @@ -179,7 +179,7 @@ "connect-slashes": "1.4.0", "cookie-session": "2.1.0", "cors": "2.8.5", - "dompurify": "3.2.2", + "dompurify": "3.2.3", "downsize": "0.0.8", "express": "4.21.1", "express-brute": "1.0.1", diff --git a/yarn.lock b/yarn.lock index 902d457b93..e0bc2338c6 100644 --- a/yarn.lock +++ b/yarn.lock @@ -14446,10 +14446,10 @@ domhandler@^5.0.1, domhandler@^5.0.2, domhandler@^5.0.3: dependencies: domelementtype "^2.3.0" -dompurify@3.2.2: - version "3.2.2" - resolved "https://registry.yarnpkg.com/dompurify/-/dompurify-3.2.2.tgz#6c0518745e81686c74a684f5af1e5613e7cc0246" - integrity sha512-YMM+erhdZ2nkZ4fTNRTSI94mb7VG7uVF5vj5Zde7tImgnhZE3R6YW/IACGIHb2ux+QkEXMhe591N+5jWOmL4Zw== +dompurify@3.2.3: + version "3.2.3" + resolved "https://registry.yarnpkg.com/dompurify/-/dompurify-3.2.3.tgz#05dd2175225324daabfca6603055a09b2382a4cd" + integrity sha512-U1U5Hzc2MO0oW3DF+G9qYN0aT7atAou4AgI0XjWz061nyBPbdxkfdhfy5uMgGn6+oLFCfn44ZGbdDqCzVmlOWA== optionalDependencies: "@types/trusted-types" "^2.0.7"