fix: update to latest version of sanitize-url
There's been a bunch of security issues in the older versions of sanitize-url that this resolves.
This commit is contained in:
parent
6223d3c470
commit
7b0c3c3cd5
|
@ -57,7 +57,7 @@
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
"dependencies": {
|
"dependencies": {
|
||||||
"@braintree/sanitize-url": "^3.1.0",
|
"@braintree/sanitize-url": "^6.0.0",
|
||||||
"d3": "^7.0.0",
|
"d3": "^7.0.0",
|
||||||
"dagre": "^0.8.5",
|
"dagre": "^0.8.5",
|
||||||
"dagre-d3": "^0.6.4",
|
"dagre-d3": "^0.6.4",
|
||||||
|
|
|
@ -746,7 +746,7 @@ foo()
|
||||||
parser.parse(str);
|
parser.parse(str);
|
||||||
|
|
||||||
const testClass = parser.yy.getClass('Class1');
|
const testClass = parser.yy.getClass('Class1');
|
||||||
expect(testClass.link).toBe('about:blank'); //('google.com'); security needs to be set to 'loose' for this to work right
|
expect(testClass.link).toBe('google.com');
|
||||||
expect(testClass.cssClasses.length).toBe(1);
|
expect(testClass.cssClasses.length).toBe(1);
|
||||||
expect(testClass.cssClasses[0]).toBe('clickable');
|
expect(testClass.cssClasses[0]).toBe('clickable');
|
||||||
});
|
});
|
||||||
|
@ -760,7 +760,7 @@ foo()
|
||||||
parser.parse(str);
|
parser.parse(str);
|
||||||
|
|
||||||
const testClass = parser.yy.getClass('Class1');
|
const testClass = parser.yy.getClass('Class1');
|
||||||
expect(testClass.link).toBe('about:blank'); //('google.com'); security needs to be set to 'loose' for this to work right
|
expect(testClass.link).toBe('google.com');
|
||||||
expect(testClass.cssClasses.length).toBe(1);
|
expect(testClass.cssClasses.length).toBe(1);
|
||||||
expect(testClass.cssClasses[0]).toBe('clickable');
|
expect(testClass.cssClasses[0]).toBe('clickable');
|
||||||
});
|
});
|
||||||
|
@ -774,7 +774,7 @@ foo()
|
||||||
parser.parse(str);
|
parser.parse(str);
|
||||||
|
|
||||||
const testClass = parser.yy.getClass('Class1');
|
const testClass = parser.yy.getClass('Class1');
|
||||||
expect(testClass.link).toBe('about:blank'); //('google.com'); security needs to be set to 'loose' for this to work right
|
expect(testClass.link).toBe('google.com');
|
||||||
expect(testClass.tooltip).toBe('A tooltip');
|
expect(testClass.tooltip).toBe('A tooltip');
|
||||||
expect(testClass.cssClasses.length).toBe(1);
|
expect(testClass.cssClasses.length).toBe(1);
|
||||||
expect(testClass.cssClasses[0]).toBe('clickable');
|
expect(testClass.cssClasses[0]).toBe('clickable');
|
||||||
|
@ -789,7 +789,7 @@ foo()
|
||||||
parser.parse(str);
|
parser.parse(str);
|
||||||
|
|
||||||
const testClass = parser.yy.getClass('Class1');
|
const testClass = parser.yy.getClass('Class1');
|
||||||
expect(testClass.link).toBe('about:blank'); //('google.com'); security needs to be set to 'loose' for this to work right
|
expect(testClass.link).toBe('google.com');
|
||||||
expect(testClass.tooltip).toBe('A tooltip');
|
expect(testClass.tooltip).toBe('A tooltip');
|
||||||
expect(testClass.cssClasses.length).toBe(1);
|
expect(testClass.cssClasses.length).toBe(1);
|
||||||
expect(testClass.cssClasses[0]).toBe('clickable');
|
expect(testClass.cssClasses[0]).toBe('clickable');
|
||||||
|
|
|
@ -250,7 +250,7 @@ describe('when formatting urls', function () {
|
||||||
|
|
||||||
config.securityLevel = 'strict';
|
config.securityLevel = 'strict';
|
||||||
result = utils.formatUrl(url, config);
|
result = utils.formatUrl(url, config);
|
||||||
expect(result).toEqual('about:blank');
|
expect(result).toEqual(url);
|
||||||
});
|
});
|
||||||
it('should handle mailto', function () {
|
it('should handle mailto', function () {
|
||||||
const url = 'mailto:user@user.user';
|
const url = 'mailto:user@user.user';
|
||||||
|
|
|
@ -1275,10 +1275,10 @@
|
||||||
resolved "https://registry.yarnpkg.com/@bcoe/v8-coverage/-/v8-coverage-0.2.3.tgz#75a2e8b51cb758a7553d6804a5932d7aace75c39"
|
resolved "https://registry.yarnpkg.com/@bcoe/v8-coverage/-/v8-coverage-0.2.3.tgz#75a2e8b51cb758a7553d6804a5932d7aace75c39"
|
||||||
integrity sha512-0hYQ8SB4Db5zvZB4axdMHGwEaQjkZzFjQiN9LVYvIFB2nSUHW9tYpxWriPrWDASIxiaXax83REcLxuSdnGPZtw==
|
integrity sha512-0hYQ8SB4Db5zvZB4axdMHGwEaQjkZzFjQiN9LVYvIFB2nSUHW9tYpxWriPrWDASIxiaXax83REcLxuSdnGPZtw==
|
||||||
|
|
||||||
"@braintree/sanitize-url@^3.1.0":
|
"@braintree/sanitize-url@^6.0.0":
|
||||||
version "3.1.0"
|
version "6.0.0"
|
||||||
resolved "https://registry.yarnpkg.com/@braintree/sanitize-url/-/sanitize-url-3.1.0.tgz#8ff71d51053cd5ee4981e5a501d80a536244f7fd"
|
resolved "https://registry.yarnpkg.com/@braintree/sanitize-url/-/sanitize-url-6.0.0.tgz#fe364f025ba74f6de6c837a84ef44bdb1d61e68f"
|
||||||
integrity sha512-GcIY79elgB+azP74j8vqkiXz8xLFfIzbQJdlwOPisgbKT00tviJQuEghOXSMVxJ00HoYJbGswr4kcllUc4xCcg==
|
integrity sha512-mgmE7XBYY/21erpzhexk4Cj1cyTQ9LzvnTxtzM17BJ7ERMNE6W72mQRo0I1Ud8eFJ+RVVIcBNhLFZ3GX4XFz5w==
|
||||||
|
|
||||||
"@commitlint/cli@^16.0.0":
|
"@commitlint/cli@^16.0.0":
|
||||||
version "16.2.1"
|
version "16.2.1"
|
||||||
|
|
Loading…
Reference in New Issue