[Snyk] Upgrade dompurify from 2.4.1 to 2.5.6

[ilshaad]

Snyk has created this PR to upgrade dompurify from 2.4.1 to 2.5.6.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

---

• The recommended version is 15 versions ahead of your current version.
• The recommended version was released 3 months ago, on 2024-07-05.

The recommended version fixes:

Severity	Issue	PriorityScore (*)	Exploit Maturity
	Prototype Pollution SNYK-JS-DOMPURIFY-7984421	701/1000 Why? Recently disclosed, Has a fix available, CVSS 8.3	No Known Exploit
	Template Injection SNYK-JS-DOMPURIFY-6474511	701/1000 Why? Recently disclosed, Has a fix available, CVSS 8.3	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Release notes

Package name: dompurify

• 2.5.6 - 2024-07-05
  
  • Fixed an issue with the execution logic of attribute hooks to prevent bypasses, thanks @ kevin-mizu
  • Fixed a minor problem with the bower file pointing to the wrong dist path
  • Updated several development dependencies
• 2.5.5 - 2024-05-31
  
  • Fixed a minor issue with the dist paths in bower.js, thanks @ HakumenNC
  • Fixed a minor issue with sanitizing HTML coming from copy&paste Word content, thanks @ kakao-bishop-cho
• 2.5.4 - 2024-05-20
  
  • Fixed a bug with latest isNaN checks affecting MSIE, thanks @ tulach
  • Fixed the tests for MSIE and fixed related test-runner
• 2.5.3 - 2024-05-11
  
  • Fixed several mXSS variations found by and thanks to @ kevin-mizu & @ Ry0taK
  • Added better configurability for comment scrubbing default behavior
  • Added better hardening against Prototype Pollution attacks, thanks @ kevin-mizu
  • Fixed some smaller issues in README and other documentation
• 2.5.2 - 2024-04-30
• 2.5.1 - 2024-04-26
• 2.5.0 - 2024-04-07
• 2.4.9 - 2024-03-21
• 2.4.8 - 2024-03-19
• 2.4.7 - 2023-07-11
• 2.4.6 - 2023-07-10
• 2.4.5 - 2023-03-01
• 2.4.4 - 2023-02-13
• 2.4.3 - 2023-01-06
• 2.4.2 - 2023-01-05
• 2.4.1 - 2022-11-10

from dompurify GitHub release notes

Commit messages

Package name: dompurify

• d78f241 chore: Preparing 2.5.6 release
• 38e8410 fix: Added changes to 2.x regarding attribute value checks
• 9a7cd98 See #961
• de2545c chore: Preparing 2.5.5 release
• f1e27e6 chore: Also removed depth counter logic from 2.x branch for now
• 10c1261 docs: Updated README ever so slightly
• 1c92880 test: Fixed two more tests for MSIE11 and Edge 18
• 1401208 test: Fixed more tests for MSIE and Edge 18
• 2c6410a test: Fixed several new tests for MSIE11 and Edge 18
• 2c9bca9 test: Changed github config to include MSIE tests for 2.x
• b188787 chore: Preparing 2.5.4 release
• 707b3d6 fix: Added a better for for the MSIE iNaN issue
• 62fe3be test: Attempting to get MSIE 11 back into the browser test array
• f3a9710 fix: Fixed an issue with MSIE and no support for Number.isNaN
• e1ddfc7 Merge branch '2.x' of github.com:cure53/DOMPurify into 2.x
• 26e1d69 fix: Merged prototype pollution check into 2.x
• b45d789 docs: Updated README.md with right version number
• 481ff8e chore: chore: Preparing 2.5.3 release
• 2e0d6d9 chore: Getting 2.x branch up to date with main
• 76a19d1 fix: Added better configurability for new comment behavior
• b81a576 chore: Getting 2.x branch up to date with main
• d299fcc chore: Preparing 2.5.2 release
• fc9f702 chore: Migrated relevant changes from main over to 2.x
• f275c0b chore: Preparing 2.5.1 release

Compare

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs