Skip to content
Permalink

Comparing changes

Choose two branches to see what’s changed or to start a new pull request. If you need to, you can also or learn more about diff comparisons.

Open a pull request

Create a new pull request by comparing changes across two branches. If you need to, you can also . Learn more about diff comparisons here.
base repository: cure53/DOMPurify
Failed to load repositories. Confirm that selected base ref is valid, then try again.
Loading
base: 3.0.2
Choose a base ref
...
head repository: cure53/DOMPurify
Failed to load repositories. Confirm that selected head ref is valid, then try again.
Loading
compare: 3.0.3
Choose a head ref
  • 13 commits
  • 17 files changed
  • 4 contributors

Commits on Apr 25, 2023

  1. build(deps): bump yaml and xo 

    Removes [yaml](https://github.com/eemeli/yaml). It's no longer used after updating ancestor dependency [xo](https://github.com/xojs/xo). These dependencies need to be updated together.


Removes `yaml`

Updates `xo` from 0.48.0 to 0.54.1
- [Release notes](https://github.com/xojs/xo/releases)
- [Commits](xojs/xo@v0.48.0...v0.54.1)

---
updated-dependencies:
- dependency-name: yaml
  dependency-type: indirect
- dependency-name: xo
  dependency-type: direct:development
...

Signed-off-by: dependabot[bot] <support@github.com>
    @dependabot
    dependabot[bot] authored Apr 25, 2023
    Configuration menu
    Copy the full SHA
    c123ca3 View commit details
    Browse the repository at this point in the history

Commits on Apr 26, 2023

  1. Merge pull request #794 from cure53/dependabot/npm_and_yarn/yaml-and-… 

    …xo--removed

build(deps): bump yaml and xo
    @cure53
    cure53 authored Apr 26, 2023
    Configuration menu
    Copy the full SHA
    b49972b View commit details
    Browse the repository at this point in the history

  2. chore: fixed the tests after bumping xo and dropping yaml deps

    @cure53
    cure53 committed Apr 26, 2023
    Configuration menu
    Copy the full SHA
    60202c7 View commit details
    Browse the repository at this point in the history

  3. Moved feDropShadow to the svg filter allowlist 

    The reason it was there was because "If I remember correctly there was some mXSS risk connected to those", however I searched and couldn't find one (and neither could cure53 #573 (comment)) and so I change it back.
    @SelfMadeSystem
    SelfMadeSystem authored Apr 26, 2023
    Configuration menu
    Copy the full SHA
    d507666 View commit details
    Browse the repository at this point in the history

Commits on Apr 27, 2023

  1. Merge pull request #795 from SelfMadeSystem/patch-1 

    Moved feDropShadow to the svg filter allowlist
    @cure53
    cure53 authored Apr 27, 2023
    Configuration menu
    Copy the full SHA
    f3a5f0c View commit details
    Browse the repository at this point in the history

Commits on May 1, 2023

  1. support TRUSTED_TYPES_POLICY configuration option

    @dejang
    dejang committed May 1, 2023
    Configuration menu
    Copy the full SHA
    8dc24e4 View commit details
    Browse the repository at this point in the history

Commits on May 2, 2023

  1. Merge pull request #800 from dejang/configurable-trusted-types-policy 

    support TRUSTED_TYPES_POLICY configuration option
    @cure53
    cure53 authored May 2, 2023
    Configuration menu
    Copy the full SHA
    bb04683 View commit details
    Browse the repository at this point in the history

Commits on May 3, 2023

  1. create internal trustedTypes policy only if not specified via config … 

    …object
    @dejang
    dejang committed May 3, 2023
    Configuration menu
    Copy the full SHA
    2377fc5 View commit details
    Browse the repository at this point in the history

Commits on May 4, 2023

  1. build(deps): bump engine.io and socket.io 

    Bumps [engine.io](https://github.com/socketio/engine.io) and [socket.io](https://github.com/socketio/socket.io). These dependencies needed to be updated together.

Updates `engine.io` from 6.2.1 to 6.4.2
- [Release notes](https://github.com/socketio/engine.io/releases)
- [Changelog](https://github.com/socketio/engine.io/blob/main/CHANGELOG.md)
- [Commits](socketio/engine.io@6.2.1...6.4.2)

Updates `socket.io` from 4.5.3 to 4.6.1
- [Release notes](https://github.com/socketio/socket.io/releases)
- [Changelog](https://github.com/socketio/socket.io/blob/main/CHANGELOG.md)
- [Commits](socketio/socket.io@4.5.3...4.6.1)

---
updated-dependencies:
- dependency-name: engine.io
  dependency-type: indirect
- dependency-name: socket.io
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
    @dependabot
    dependabot[bot] authored May 4, 2023
    Configuration menu
    Copy the full SHA
    8a2ca66 View commit details
    Browse the repository at this point in the history

Commits on May 5, 2023

  1. Merge pull request #803 from cure53/dependabot/npm_and_yarn/engine.io… 

    …-and-socket.io-6.4.2

build(deps): bump engine.io and socket.io
    @cure53
    cure53 authored May 5, 2023
    Configuration menu
    Copy the full SHA
    e7895b4 View commit details
    Browse the repository at this point in the history

Commits on May 6, 2023

  1. Merge pull request #801 from dejang/refactor-policy-creation-order 

    create internal trustedTypes policy only if not specified via config object
    @cure53
    cure53 authored May 6, 2023
    Configuration menu
    Copy the full SHA
    ad1bdd4 View commit details
    Browse the repository at this point in the history

  2. chore: preparing 3.0.3 release

    @cure53
    cure53 committed May 6, 2023
    Configuration menu
    Copy the full SHA
    ca67d37 View commit details
    Browse the repository at this point in the history

  3. Merge pull request #805 from cure53/main 

    Merge main into 3.x
    @cure53
    cure53 authored May 6, 2023
    Configuration menu
    Copy the full SHA
    c70f8c5 View commit details
    Browse the repository at this point in the history
Loading