[Snyk] Upgrade dompurify from 2.2.8 to 2.3.8

[snyk-bot]

Snyk has created this PR to upgrade dompurify from 2.2.8 to 2.3.8.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

---

• The recommended version is 10 versions ahead of your current version.
• The recommended version was released 2 months ago, on 2022-05-13.

Release notes

Package name: dompurify

• 2.3.8 - 2022-05-13
  
  • Cleaned up a minor issue with the 2.3.7 release, thanks @ johnbirds

  No other changes compared to 2.3.7 release, which entail:

  • Fixes around a bug in Safari, thanks @ sybrew
  • Slightly improved performance, thanks @ tiny-ben-tran
  • Lots of chores, bumps and typo fixes, thanks @ is2ei
  • Removed unnecessary string trimming, thanks @ christopherehlen
• 2.3.7 - 2022-05-11
• 2.3.6 - 2022-02-16
  
  • Added an option to allow HTML5 doctypes, thanks @ tosmolka
  • Bumped several dependencies, thanks @ is2ei
  • Updated documentation to cover recently added flags, thanks @ is2ei
• 2.3.5 - 2022-01-26
  
  • Performed several chores and cleanups, thanks @ is2ei
  • Fixed a bug when working with Trusted Types, thanks @ tosmolka
  • Fixed a bug with weird behavior on insecure nodes in IN_PLACE mode, thanks @ tosmolka
  • Added more SVG attributes to allow-list, thanks @ rzhade3
• 2.3.4 - 2021-12-07
  
  • Added support for Custom Elements, thanks @ franktopel
  • Added new config settings to control Custom Element sanitizing, thanks @ franktopel
  • Added faster clobber checks, thanks @ GrantGryczan
  • Allow-listed SVG feImage elements, thanks @ ydaniv
  • Updated test suite
  • Update supported Node versions
  • Updated README
• 2.3.3 - 2021-09-20
  
  • Fixed a bug in the handing of PARSER_MEDIA_TYPE spotted by @ securitum-mb
  • Adjusted the tests for MSIE to make sure the results are as expected now
• 2.3.2 - 2021-09-15
  
  • Added new config option PARSER_MEDIA_TYPE, thanks @ tosmolka
• 2.3.1 - 2021-08-13
  
  • Added code to make FORBID_CONTENTS setting configurable
  • Added role to URI-safe attributes
  • Added more paranoid handling for template elements
• 2.3.0 - 2021-07-06
  
  • Added better handling of document creation on Firefox
  • Added better handling of version numbers in license file
  • Added two new browser versions to test suite config
  • Fixed a bug with handling of custom data attributes
• 2.2.9 - 2021-06-01
• 2.2.8 - 2021-04-28

from dompurify GitHub release notes

Commit messages

Package name: dompurify

• dc6db2c chore: Prepared 2.3.8. release
• 6fa9e5c chore: Preparing 2.3.7. release
• ec99173 fix: Added an experimental fix for a WebKit engine bug, thanks @ sybrew
• 5dda014 Merge pull request #679 from is2ei/fix-typo
• 3d9dd14 Merge pull request #680 from tiny-ben-tran/performance-improvement
• f4c5f80 Capitalised const variable name
• 73f2168 Moved commonSvgAndHTMLElements out so _checkValidNamespace doesn't re-created in every call
• 23ff095 Minor performance improvements
• 85ffd13 chore: fix typo in README
• e5931be Merge pull request #678 from is2ei/fix-typo
• 8a38fe4 chore: fix typo
• 0965e99 docs: Added new conributors to README
• 9421f05 Merge pull request #676 from is2ei/update-pull-request-template
• bf07c50 chore: update pull request template
• 81ae4bd Merge pull request #674 from is2ei/update-bugbounty-link
• 2f1a97d chore: update the link to bug bounty page
• 6e28ca8 Merge pull request #669 from is2ei/bump-karma
• 6cc790d chore: bump karma
• a7cea06 Merge pull request #668 from cure53/dependabot/npm_and_yarn/minimist-1.2.6
• 8d92904 build(deps-dev): bump minimist from 1.2.5 to 1.2.6
• b256113 Merge pull request #667 from is2ei/bump-rollup
• ff41e9d chore: bump rollup
• 34261b1 Merge pull request #666 from is2ei/fix-link-to-amd
• df44011 chore: fix link to AMD

Compare

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs