mirror of
https://github.com/prowler-cloud/prowler.git
synced 2026-07-04 19:21:51 +00:00
fix(ui): bump transitive dompurify to 3.4.10 to patch XSS advisories (#11636)
This commit is contained in:
@@ -17,6 +17,7 @@ All notable changes to the **Prowler UI** are documented in this file.
|
||||
### 🔐 Security
|
||||
|
||||
- Bump vulnerable `Next.js`, React, AI SDK, `postcss`, `hono`, `qs`, `esbuild`, and Alpine OpenSSL packages (`libcrypto3` and `libssl3`) [(#11581)](https://github.com/prowler-cloud/prowler/pull/11581)
|
||||
- Bump transitive `dompurify` from 3.4.2 to 3.4.10, patching XSS sanitization bypass advisories [(#11636)](https://github.com/prowler-cloud/prowler/pull/11636)
|
||||
|
||||
---
|
||||
|
||||
|
||||
Generated
+5
-4
@@ -29,6 +29,7 @@ overrides:
|
||||
qs: 6.15.2
|
||||
express-rate-limit: 8.5.1
|
||||
uuid: 11.1.1
|
||||
dompurify: 3.4.10
|
||||
|
||||
importers:
|
||||
|
||||
@@ -5593,8 +5594,8 @@ packages:
|
||||
dom-helpers@5.2.1:
|
||||
resolution: {integrity: sha512-nRCa7CK3VTrM2NmGkIy4cbK7IZlgBE/PYMn55rrXefr5xXDP0LdtfPnblFDoVdcAfslJ7or6iqAUnx0CCGIWQA==}
|
||||
|
||||
dompurify@3.4.2:
|
||||
resolution: {integrity: sha512-lHeS9SA/IKeIFFyYciHBr2n0v1VMPlSj843HdLOwjb2OxNwdq9Xykxqhk+FE42MzAdHvInbAolSE4mhahPpjXA==}
|
||||
dompurify@3.4.10:
|
||||
resolution: {integrity: sha512-0xzNv0e7oYC6yyuOGZIABPM4qtg3QxLFniDNPP4ZP90wR8Yq3zgwpRbrNiT4N3IKqDbbYFEJLV+JWEs19aZ//w==}
|
||||
|
||||
dotenv-expand@12.0.3:
|
||||
resolution: {integrity: sha512-uc47g4b+4k/M/SeaW1y4OApx+mtLWl92l5LMPP0GNXctZqELk+YGgOPIIC5elYmUH4OuoK3JLhuRUYegeySiFA==}
|
||||
@@ -15168,7 +15169,7 @@ snapshots:
|
||||
'@babel/runtime': 7.28.6
|
||||
csstype: 3.2.3
|
||||
|
||||
dompurify@3.4.2:
|
||||
dompurify@3.4.10:
|
||||
optionalDependencies:
|
||||
'@types/trusted-types': 2.0.7
|
||||
|
||||
@@ -16682,7 +16683,7 @@ snapshots:
|
||||
d3-sankey: 0.12.3
|
||||
dagre-d3-es: 7.0.14
|
||||
dayjs: 1.11.19
|
||||
dompurify: 3.4.2
|
||||
dompurify: 3.4.10
|
||||
es-toolkit: 1.46.1
|
||||
katex: 0.16.27
|
||||
khroma: 2.1.0
|
||||
|
||||
@@ -45,6 +45,10 @@ overrides:
|
||||
# use the random v4 generator only, so the bug isn't reachable in practice,
|
||||
# but the override unifies the tree on a patched version.
|
||||
"uuid": "11.1.1"
|
||||
# GHSA-vxr8-fq34-vvx9 (+ several related XSS sanitization bypasses): DOMPurify < 3.4.9,
|
||||
# pulled in transitively via streamdown > mermaid (which wants ^3.3.1). Pinned to 3.4.10
|
||||
# (fixes all open advisories; 3.4.11 is < 24h old and blocked by minimumReleaseAge).
|
||||
"dompurify": "3.4.10"
|
||||
|
||||
# --- Level 1: Minimum Release Age ---
|
||||
# Packages must be published for at least 1 day before they can be installed.
|
||||
|
||||
Reference in New Issue
Block a user