⬆️ Bump dompurify from 2.0.17 to 2.3.6

[dependabot]

Bumps dompurify from 2.0.17 to 2.3.6.

Release notes

Sourced from dompurify's releases.

DOMPurify 2.3.6

• Added an option to allow HTML5 doctypes, thanks @​tosmolka
• Bumped several dependencies, thanks @​is2ei
• Updated documentation to cover recently added flags, thanks @​is2ei

DOMPurify 2.3.5

• Performed several chores and cleanups, thanks @​is2ei
• Fixed a bug when working with Trusted Types, thanks @​tosmolka
• Fixed a bug with weird behavior on insecure nodes in IN_PLACE mode, thanks @​tosmolka
• Added more SVG attributes to allow-list, thanks @​rzhade3

DOMPurify 2.3.4

• Added support for Custom Elements, thanks @​franktopel
• Added new config settings to control Custom Element sanitizing, thanks @​franktopel
• Added faster clobber checks, thanks @​GrantGryczan
• Allow-listed SVG feImage elements, thanks @​ydaniv
• Updated test suite
• Update supported Node versions
• Updated README

DOMPurify 2.3.3

• Fixed a bug in the handing of PARSER_MEDIA_TYPE spotted by @​securitum-mb
• Adjusted the tests for MSIE to make sure the results are as expected now

DOMPurify 2.3.2

• Added new config option PARSER_MEDIA_TYPE, thanks @​tosmolka

DOMPurify 2.3.1

• Added code to make FORBID_CONTENTS setting configurable
• Added role to URI-safe attributes
• Added more paranoid handling for template elements

DOMPurify 2.3.0

• Added better handling of document creation on Firefox
• Added better handling of version numbers in license file
• Added two new browser versions to test suite config
• Fixed a bug with handling of custom data attributes

DOMPurify 2.2.9

• Fixed some minor issues related to the NAMESPACE config
• Fixed some minor issues relating to empty input
• Fixed some minor issues relating to handling of invalid XML

DOMPurify 2.2.8

• Added NAMESPACE config option, thanks @​NateScarlet
• Added better fallback for older browsers & PhantomJS, thanks @​albanx
• Extended allow-list for SVG attributes a bit

DOMPurify 2.2.7

• Fixed handling of unsupported browsers, i.e. Safari 9 and older

... (truncated)

Commits

• c84f6e4 chore: preparing 2.3.6 release
• 82e3c38 chore: added missing eslint exception
• a0c2d08 Merge pull request #651 from tosmolka/tosmolka/fix-doctype
• 1237e91 Merge pull request #650 from is2ei/fix-unused-variable
• 0194e87 chore: use unused variable
• 9821fd2 Revert formatting in test/fixtures/expect.js
• f8f7e0c Build new version
• 8d57807 Fix lint error
• eae08f5 Merge branch 'main' of https://github.com/cure53/DOMPurify into tosmolka/fix-...
• 94ba86d Allow only html doctype
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[dependabot]

Superseded by #370.