Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

chore: update deps #1402

Merged
merged 1 commit into from
Jun 4, 2024
Merged

chore: update deps #1402

merged 1 commit into from
Jun 4, 2024

Conversation

seaerchin
Copy link
Contributor

Problem

We have an outdated dompurify dependency which exposes us to template injection

Solution

update isomorphic-dompurify to 2.x. This drops MSIE support and changes the way they detect server/web env but i don't think it's applicable to us

Tests

  • go into any repo
  • update some content
  • click save
  • the save should be successful

@seaerchin
chore: build
9932767 
update dompurify
@seaerchin seaerchin requested a review from a team June 3, 2024 08:51
harishv7
harishv7 reviewed Jun 3, 2024
View reviewed changes
package.json
@@ -73,7 +73,7 @@
"hot-shots": "^10.0.0",
"http-errors": "~1.8.0",
"is-svg": "^4.4.0",
"isomorphic-dompurify": "^0.27.0",
"isomorphic-dompurify": "^2.0.0",
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

seems to be 2 major versions ahead, any breaking changes?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

See write up! They drop internet explorer support from 0.x to 1 and they change server/web detection in 1 to 2

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Idt it affects us tbh

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

okay can, if you tested your test flow on local then shld be good

harishv7
harishv7 approved these changes Jun 3, 2024
View reviewed changes
Copy link
Contributor

@harishv7 harishv7 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

approved with a comment on any breaking changes

@seaerchin seaerchin merged commit 928679e into develop Jun 4, 2024
18 of 19 checks passed
@seaerchin seaerchin deleted the snyk branch June 4, 2024 08:54
@alexanderleegs alexanderleegs mentioned this pull request Jun 13, 2024
Merged
9 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@harishv7 harishv7 harishv7 approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@seaerchin @harishv7