fix: update to latest version of sanitize-url

There's been a bunch of security issues in the older versions of sanitize-url that this resolves.
2022-03-03 14:51:20 +01:00 · 2022-03-03 14:51:20 +01:00 · 7b0c3c3cd5
parent 6223d3c470
commit 7b0c3c3cd5
4 changed files with 10 additions and 10 deletions
--- a/package.json
+++ b/package.json
@ -57,7 +57,7 @@
    ]
  },
  "dependencies": {
-    "@braintree/sanitize-url": "^3.1.0",
+    "@braintree/sanitize-url": "^6.0.0",
    "d3": "^7.0.0",
    "dagre": "^0.8.5",
    "dagre-d3": "^0.6.4",
--- a/src/diagrams/class/classDiagram.spec.js
+++ b/src/diagrams/class/classDiagram.spec.js
@ -746,7 +746,7 @@ foo()
      parser.parse(str);

      const testClass = parser.yy.getClass('Class1');
-      expect(testClass.link).toBe('about:blank'); //('google.com'); security needs to be set to 'loose' for this to work right
+      expect(testClass.link).toBe('google.com');
      expect(testClass.cssClasses.length).toBe(1);
      expect(testClass.cssClasses[0]).toBe('clickable');
    });
@ -760,7 +760,7 @@ foo()
      parser.parse(str);

      const testClass = parser.yy.getClass('Class1');
-      expect(testClass.link).toBe('about:blank'); //('google.com'); security needs to be set to 'loose' for this to work right
+      expect(testClass.link).toBe('google.com');
      expect(testClass.cssClasses.length).toBe(1);
      expect(testClass.cssClasses[0]).toBe('clickable');
    });
@ -774,7 +774,7 @@ foo()
      parser.parse(str);

      const testClass = parser.yy.getClass('Class1');
-      expect(testClass.link).toBe('about:blank'); //('google.com'); security needs to be set to 'loose' for this to work right
+      expect(testClass.link).toBe('google.com');
      expect(testClass.tooltip).toBe('A tooltip');
      expect(testClass.cssClasses.length).toBe(1);
      expect(testClass.cssClasses[0]).toBe('clickable');
@ -789,7 +789,7 @@ foo()
      parser.parse(str);

      const testClass = parser.yy.getClass('Class1');
-      expect(testClass.link).toBe('about:blank'); //('google.com'); security needs to be set to 'loose' for this to work right
+      expect(testClass.link).toBe('google.com');
      expect(testClass.tooltip).toBe('A tooltip');
      expect(testClass.cssClasses.length).toBe(1);
      expect(testClass.cssClasses[0]).toBe('clickable');
--- a/src/utils.spec.js
+++ b/src/utils.spec.js
@ -250,7 +250,7 @@ describe('when formatting urls', function () {

    config.securityLevel = 'strict';
    result = utils.formatUrl(url, config);
-    expect(result).toEqual('about:blank');
+    expect(result).toEqual(url);
  });
  it('should handle mailto', function () {
    const url = 'mailto:user@user.user';
--- a/yarn.lock
+++ b/yarn.lock
@ -1275,10 +1275,10 @@
  resolved "https://registry.yarnpkg.com/@bcoe/v8-coverage/-/v8-coverage-0.2.3.tgz#75a2e8b51cb758a7553d6804a5932d7aace75c39"
  integrity sha512-0hYQ8SB4Db5zvZB4axdMHGwEaQjkZzFjQiN9LVYvIFB2nSUHW9tYpxWriPrWDASIxiaXax83REcLxuSdnGPZtw==

-"@braintree/sanitize-url@^3.1.0":
-  version "3.1.0"
-  resolved "https://registry.yarnpkg.com/@braintree/sanitize-url/-/sanitize-url-3.1.0.tgz#8ff71d51053cd5ee4981e5a501d80a536244f7fd"
-  integrity sha512-GcIY79elgB+azP74j8vqkiXz8xLFfIzbQJdlwOPisgbKT00tviJQuEghOXSMVxJ00HoYJbGswr4kcllUc4xCcg==
+"@braintree/sanitize-url@^6.0.0":
+  version "6.0.0"
+  resolved "https://registry.yarnpkg.com/@braintree/sanitize-url/-/sanitize-url-6.0.0.tgz#fe364f025ba74f6de6c837a84ef44bdb1d61e68f"
+  integrity sha512-mgmE7XBYY/21erpzhexk4Cj1cyTQ9LzvnTxtzM17BJ7ERMNE6W72mQRo0I1Ud8eFJ+RVVIcBNhLFZ3GX4XFz5w==

 "@commitlint/cli@^16.0.0":
  version "16.2.1"