admin/twenty
1
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity

60 fix svg xcc vulnerability (#4660)

Browse Source 
* Add domPurify

* Sanitize svg files

* Add is-svg package

* Use isSvg package

* Revert "Use isSvg package"

This reverts commit 05014b51076505d8766ca8c4c3233f6563869b17.

* Revert "Add is-svg package"

This reverts commit ad3e206ea6b09c2579bd79ac570b69694936fb7b.

* Code review returns
This commit is contained in:
martmull
2024-03-26 16:10:45 +01:00
committed by GitHub
parent 279d99487c
commit ab028b8c22
3 changed files with 49 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

25
yarn.lock
View File

@ -16068,6 +16068,15 @@ __metadata:
languageName: node
linkType: hard
"@types/dompurify@npm:^3.0.5":
version: 3.0.5
resolution: "@types/dompurify@npm:3.0.5"
dependencies:
"@types/trusted-types": "npm:*"
checksum: a34dcc4498ca250815ccf9aecbe82df96ba5db247d0440cf266a876757d47c52519c240db3475e794d7deb0d6b1af23328e02879be368ad0e26b20c0f0865dba
languageName: node
linkType: hard
"@types/ejs@npm:^3.1.1":
version: 3.1.5
resolution: "@types/ejs@npm:3.1.5"
@ -17258,6 +17267,13 @@ __metadata:
languageName: node
linkType: hard
"@types/trusted-types@npm:*":
version: 2.0.7
resolution: "@types/trusted-types@npm:2.0.7"
checksum: 4c4855f10de7c6c135e0d32ce462419d8abbbc33713b31d294596c0cc34ae1fa6112a2f9da729c8f7a20707782b0d69da3b1f8df6645b0366d08825ca1522e0c
languageName: node
linkType: hard
"@types/type-is@npm:^1.6.3":
version: 1.6.6
resolution: "@types/type-is@npm:1.6.6"
@ -24726,6 +24742,13 @@ __metadata:
languageName: node
linkType: hard
"dompurify@npm:^3.0.11":
version: 3.0.11
resolution: "dompurify@npm:3.0.11"
checksum: 38740deed057da8076e85026853635312a6720a21430218a85875e5f43e453c78637d93aa08c744460b0e91c652b06c736efb481c408a8f9c81894d8f76e0de1
languageName: node
linkType: hard
"domutils@npm:^1.5.1":
version: 1.7.0
resolution: "domutils@npm:1.7.0"
@ -45948,6 +45971,7 @@ __metadata:
"@types/better-sqlite3": "npm:^7.6.8"
"@types/bytes": "npm:^3.1.1"
"@types/deep-equal": "npm:^1.0.1"
"@types/dompurify": "npm:^3.0.5"
"@types/express": "npm:^4.17.13"
"@types/facepaint": "npm:^1.2.5"
"@types/graphql-fields": "npm:^1.3.6"
@ -46010,6 +46034,7 @@ __metadata:
debounce: "npm:^2.0.0"
deep-equal: "npm:^2.2.2"
docusaurus-node-polyfills: "npm:^1.0.0"
dompurify: "npm:^3.0.11"
dotenv-cli: "npm:^7.2.1"
drizzle-kit: "npm:^0.20.14"
drizzle-orm: "npm:^0.29.3"