Skip to content
Permalink

Comparing changes

Choose two branches to see what’s changed or to start a new pull request. If you need to, you can also or learn more about diff comparisons.

Open a pull request

Create a new pull request by comparing changes across two branches. If you need to, you can also . Learn more about diff comparisons here.
base repository: cure53/DOMPurify
Failed to load repositories. Confirm that selected base ref is valid, then try again.
Loading
base: 2.4.1
Choose a base ref
...
head repository: cure53/DOMPurify
Failed to load repositories. Confirm that selected head ref is valid, then try again.
Loading
compare: 2.4.3
Choose a head ref
  • 17 commits
  • 16 files changed
  • 4 contributors

Commits on Nov 14, 2022

  1. chore: fix allowCustomizedBuiltInElements comment in readme 

    The comment seems to be incorrect. The comment above informs us that if we pass false as a value, then no customized built-ins are allowed.
    @Pomierski
    Pomierski authored Nov 14, 2022
    Configuration menu
    Copy the full SHA
    7477926 View commit details
    Browse the repository at this point in the history

  2. fix

    @Pomierski
    Pomierski authored Nov 14, 2022
    Configuration menu
    Copy the full SHA
    2c03b6c View commit details
    Browse the repository at this point in the history

  3. Merge pull request #732 from Pomierski/patch-1 

    chore: fix allowCustomizedBuiltInElements value in readme
    @cure53
    cure53 authored Nov 14, 2022
    Configuration menu
    Copy the full SHA
    9a751e4 View commit details
    Browse the repository at this point in the history

Commits on Nov 22, 2022

  1. build(deps): bump engine.io and socket.io 

    Bumps [engine.io](https://github.com/socketio/engine.io) and [socket.io](https://github.com/socketio/socket.io). These dependencies needed to be updated together.

Updates `engine.io` from 6.1.2 to 6.2.1
- [Release notes](https://github.com/socketio/engine.io/releases)
- [Changelog](https://github.com/socketio/engine.io/blob/main/CHANGELOG.md)
- [Commits](socketio/engine.io@6.1.2...6.2.1)

Updates `socket.io` from 4.4.1 to 4.5.3
- [Release notes](https://github.com/socketio/socket.io/releases)
- [Changelog](https://github.com/socketio/socket.io/blob/main/CHANGELOG.md)
- [Commits](socketio/socket.io@4.4.1...4.5.3)

---
updated-dependencies:
- dependency-name: engine.io
  dependency-type: indirect
- dependency-name: socket.io
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
    @dependabot
    dependabot[bot] authored Nov 22, 2022
    Configuration menu
    Copy the full SHA
    f3b68d9 View commit details
    Browse the repository at this point in the history

  2. Merge pull request #737 from cure53/dependabot/npm_and_yarn/engine.io… 

    …-and-socket.io-6.2.1

build(deps): bump engine.io and socket.io
    @cure53
    cure53 authored Nov 22, 2022
    Configuration menu
    Copy the full SHA
    2734b2d View commit details
    Browse the repository at this point in the history

Commits on Dec 9, 2022

  1. build(deps): bump qs and body-parser 

    Bumps [qs](https://github.com/ljharb/qs) and [body-parser](https://github.com/expressjs/body-parser). These dependencies needed to be updated together.

Updates `qs` from 6.7.0 to 6.11.0
- [Release notes](https://github.com/ljharb/qs/releases)
- [Changelog](https://github.com/ljharb/qs/blob/main/CHANGELOG.md)
- [Commits](ljharb/qs@v6.7.0...v6.11.0)

Updates `body-parser` from 1.19.0 to 1.20.1
- [Release notes](https://github.com/expressjs/body-parser/releases)
- [Changelog](https://github.com/expressjs/body-parser/blob/master/HISTORY.md)
- [Commits](expressjs/body-parser@1.19.0...1.20.1)

---
updated-dependencies:
- dependency-name: qs
  dependency-type: indirect
- dependency-name: body-parser
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
    @dependabot
    dependabot[bot] authored Dec 9, 2022
    Configuration menu
    Copy the full SHA
    7e9fcd9 View commit details
    Browse the repository at this point in the history

  2. Merge pull request #745 from cure53/dependabot/npm_and_yarn/qs-and-bo… 

    …dy-parser-6.11.0

build(deps): bump qs and body-parser
    @cure53
    cure53 authored Dec 9, 2022
    Configuration menu
    Copy the full SHA
    4945074 View commit details
    Browse the repository at this point in the history

Commits on Dec 19, 2022

  1. Fix Trusted Types Sink violation with empty input and NAMESPACE

    @tosmolka
    tosmolka committed Dec 19, 2022
    Configuration menu
    Copy the full SHA
    191cc00 View commit details
    Browse the repository at this point in the history

  2. Fix formatting

    @tosmolka
    tosmolka committed Dec 19, 2022
    Configuration menu
    Copy the full SHA
    7de86a0 View commit details
    Browse the repository at this point in the history

Commits on Dec 20, 2022

  1. Merge pull request #748 from tosmolka/tosmolka/747 

    Fix Trusted Types Sink violation with empty input and NAMESPACE
    @cure53
    cure53 authored Dec 20, 2022
    Configuration menu
    Copy the full SHA
    24d2a7f View commit details
    Browse the repository at this point in the history

Commits on Jan 5, 2023

  1. fix: Fixed a prototype pollution bug reported by @kevin_mizu

    @cure53
    cure53 committed Jan 5, 2023
    Configuration menu
    Copy the full SHA
    d1dd037 View commit details
    Browse the repository at this point in the history

  2. chore: Preparing 2.4.2 release

    @cure53
    cure53 committed Jan 5, 2023
    Configuration menu
    Copy the full SHA
    5267b04 View commit details
    Browse the repository at this point in the history

Commits on Jan 6, 2023

  1. Update README.md 

    docs: Fixed version number
    @cure53
    cure53 authored Jan 6, 2023
    Configuration menu
    Copy the full SHA
    7707778 View commit details
    Browse the repository at this point in the history

  2. fix: merged from latest main 

    Merge branch 'main' of github.com:cure53/DOMPurify
    @cure53
    cure53 committed Jan 6, 2023
    Configuration menu
    Copy the full SHA
    f1e180f View commit details
    Browse the repository at this point in the history

  3. build(deps): bump json5 from 1.0.1 to 1.0.2 

    Bumps [json5](https://github.com/json5/json5) from 1.0.1 to 1.0.2.
- [Release notes](https://github.com/json5/json5/releases)
- [Changelog](https://github.com/json5/json5/blob/main/CHANGELOG.md)
- [Commits](json5/json5@v1.0.1...v1.0.2)

---
updated-dependencies:
- dependency-name: json5
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
    @dependabot
    dependabot[bot] authored Jan 6, 2023
    Configuration menu
    Copy the full SHA
    3afe389 View commit details
    Browse the repository at this point in the history

  4. chore: Prepare 2.4.3, final feature release compatible w. MSIE10/11

    @cure53
    cure53 committed Jan 6, 2023
    Configuration menu
    Copy the full SHA
    fade506 View commit details
    Browse the repository at this point in the history

  5. Merge pull request #750 from cure53/dependabot/npm_and_yarn/json5-1.0.2 

    build(deps): bump json5 from 1.0.1 to 1.0.2
    @cure53
    cure53 authored Jan 6, 2023
    Configuration menu
    Copy the full SHA
    90326ef View commit details
    Browse the repository at this point in the history
Loading