fix(deps): update dependency dompurify to v3.2.0 j:kit-282 (#4724)

This PR contains the following updates: | Package | Change | Age | Adoption | Passing | Confidence | |---|---|---|---|---|---| | [dompurify](https://redirect.github.com/cure53/DOMPurify) | [`3.1.6` -> `3.2.0`](https://renovatebot.com/diffs/npm/dompurify/3.1.6/3.2.0) | [![age](https://developer.mend.io/api/mc/badges/age/npm/dompurify/3.2.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/dompurify/3.2.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/dompurify/3.1.6/3.2.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/dompurify/3.1.6/3.2.0?slim=true)](https://docs.renovatebot.com/merge-confidence/) | --- ### Release Notes <details> <summary>cure53/DOMPurify (dompurify)</summary> ### [`v3.2.0`](https://redirect.github.com/cure53/DOMPurify/releases/tag/3.2.0): DOMPurify 3.2.0 [Compare Source](https://redirect.github.com/cure53/DOMPurify/compare/3.1.7...3.2.0) - Added type declarations, thanks [@reduckted](https://redirect.github.com/reduckted) , [@philmayfield](https://redirect.github.com/philmayfield), [@aloisklink](https://redirect.github.com/aloisklink), [@ssi02014](https://redirect.github.com/ssi02014) and others - Fixed a minor issue with the handling of hooks, thanks [@kevin-mizu](https://redirect.github.com/kevin-mizu) ### [`v3.1.7`](https://redirect.github.com/cure53/DOMPurify/releases/tag/3.1.7): DOMPurify 3.1.7 [Compare Source](https://redirect.github.com/cure53/DOMPurify/compare/3.1.6...3.1.7) - Fixed an issue with comment detection and possible bypasses with specific config settings, thanks [@masatokinugawa](https://redirect.github.com/masatokinugawa) - Fixed several smaller typos in documentation and test & build files, thanks [@christianhg](https://redirect.github.com/christianhg) - Added better support for Angular compiler, thanks [@jeroen1602](https://redirect.github.com/jeroen1602) - Added several new attributes to HTML and SVG allow-list, thanks [@Gigabyte5671](https://redirect.github.com/Gigabyte5671) and [@Rotzbua](https://redirect.github.com/Rotzbua) - Removed the `foreignObject` element from the list of HTML entry-points, thanks [@masatokinugawa](https://redirect.github.com/masatokinugawa) - Bumped several dependencies to be more up to date </details> --- ### Configuration 📅 **Schedule**: Branch creation - "before 4:00am on Tuesday" in timezone America/Toronto, Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] If you want to rebase/retry this PR, check this box --- This PR has been generated by [Renovate Bot](https://redirect.github.com/renovatebot/renovate).  --------- Co-authored-by: renovate-coveo[bot] <115253437+renovate-coveo[bot]@users.noreply.github.com> Co-authored-by: Alex Prudhomme <[email protected]>
coveo · Nov 26, 2024 · 290a8b6 · 290a8b6
1 parent 8b708d9
commit 290a8b6
Show file tree

Hide file tree

Showing 7 changed files with 16 additions and 26 deletions.
diff --git a/package-lock.json b/package-lock.json
diff --git a/packages/atomic/cypress/e2e/icon-assertions.ts b/packages/atomic/cypress/e2e/icon-assertions.ts
@@ -1,4 +1,4 @@
-import {sanitize} from 'dompurify';
+import DOMPurify from 'dompurify';
 import {getSvg} from './icon-utils';
 
 function getSortedClone(element: Element) {
@@ -22,7 +22,7 @@ export function assertRendersIcon(
       selector().should(([actualSvgElement]) =>
         expect(getSortedClone(actualSvgElement).outerHTML).to.eq(
           getSortedClone(
-            sanitize(expectedSvg, {
+            DOMPurify.sanitize(expectedSvg, {
               USE_PROFILES: {svg: true, svgFilters: true},
               RETURN_DOM_FRAGMENT: true,
             }).querySelector('svg')!

diff --git a/packages/atomic/package.json b/packages/atomic/package.json
@@ -71,7 +71,7 @@
     "@salesforce-ux/design-system": "^2.16.1",
     "@stencil/store": "2.0.16",
     "dayjs": "1.11.12",
-    "dompurify": "3.1.6",
+    "dompurify": "3.2.0",
     "escape-html": "1.0.3",
     "focus-visible": "5.2.0",
     "i18next": "23.12.2",
@@ -115,7 +115,6 @@
     "@swc/core": "~1.7.0",
     "@swc/helpers": "~0.5.2",
     "@types/core-js": "2.5.8",
-    "@types/dompurify": "3.0.5",
     "@types/escape-html": "1.0.4",
     "@types/jest": "29.5.12",
     "@types/lodash": "4.17.7",

diff --git a/packages/atomic/src/components/common/atomic-icon/atomic-icon.tsx b/packages/atomic/src/components/common/atomic-icon/atomic-icon.tsx
@@ -8,7 +8,7 @@ import {
   State,
   Watch,
 } from '@stencil/core';
-import {sanitize} from 'dompurify';
+import DOMPurify from 'dompurify';
 import {
   InitializableComponent,
   InitializeBindings,
@@ -102,7 +102,7 @@ export class AtomicIcon implements InitializableComponent<AnyBindings> {
       this.validateSVG(svg);
     }
     const sanitizedSvg = svg
-      ? sanitize(svg, {
+      ? DOMPurify.sanitize(svg, {
           USE_PROFILES: {svg: true, svgFilters: true},
         })
       : null;

diff --git a/...ponents/common/smart-snippets/atomic-smart-snippet-answer/atomic-smart-snippet-answer.tsx b/...ponents/common/smart-snippets/atomic-smart-snippet-answer/atomic-smart-snippet-answer.tsx
@@ -8,7 +8,7 @@ import {
   Host,
   Element,
 } from '@stencil/core';
-import {sanitize} from 'dompurify';
+import DOMPurify from 'dompurify';
 import {sanitizeStyle} from '../../../../utils/utils';
 import {bindAnalyticsToLink} from '../../item-link/item-link';
 
@@ -125,7 +125,7 @@ export class AtomicSmartSnippetAnswer {
       >
         {/* deepcode ignore ReactSetInnerHtml: Sanitized by back-end + dompurify */}
         <div
-          innerHTML={sanitize(this.htmlContent, {
+          innerHTML={DOMPurify.sanitize(this.htmlContent, {
             USE_PROFILES: {html: true},
           })}
           ref={(element) => element && this.bindAnalyticsToLinks(element)}

diff --git a/packages/atomic/src/utils/utils.ts b/packages/atomic/src/utils/utils.ts
@@ -1,6 +1,6 @@
 import {getAssetPath} from '@stencil/core';
 import {NODE_TYPES} from '@stencil/core/mock-doc';
-import {sanitize} from 'dompurify';
+import DOMPurify from 'dompurify';
 
 /**
  * Returns a function that can be executed only once
@@ -149,7 +149,7 @@ export const sortByDocumentPosition = (a: Node, b: Node): 1 | -1 =>
   a.compareDocumentPosition(b) & Node.DOCUMENT_POSITION_FOLLOWING ? -1 : 1;
 
 export function sanitizeStyle(style: string) {
-  const purifiedOuterHTML = sanitize(`<style>${style}</style>`, {
+  const purifiedOuterHTML = DOMPurify.sanitize(`<style>${style}</style>`, {
     ALLOWED_TAGS: ['style'],
     ALLOWED_ATTR: [],
     FORCE_BODY: true,

diff --git a/packages/quantic/package.json b/packages/quantic/package.json
@@ -48,7 +48,7 @@
   "dependencies": {
     "@coveo/bueno": "1.0.6",
     "@coveo/headless": "3.10.0",
-    "dompurify": "3.1.6",
+    "dompurify": "3.2.0",
     "marked": "12.0.2",
     "fs-extra": "11.2.0"
   },