From f0ed2e15a30df8a5dc335ec8c2374cb7183c1b22 Mon Sep 17 00:00:00 2001 From: snyk-bot Date: Thu, 31 Oct 2024 21:32:39 +0000 Subject: [PATCH] fix: extensions/markdown-language-features/package.json & extensions/markdown-language-features/yarn.lock to reduce vulnerabilities The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-DOMPURIFY-8318045 --- extensions/markdown-language-features/package.json | 2 +- extensions/markdown-language-features/yarn.lock | 8 ++++---- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/extensions/markdown-language-features/package.json b/extensions/markdown-language-features/package.json index 19ce7e98f4bb1..89fbf43f43ca1 100644 --- a/extensions/markdown-language-features/package.json +++ b/extensions/markdown-language-features/package.json @@ -660,7 +660,7 @@ }, "dependencies": { "@vscode/extension-telemetry": "0.7.5", - "dompurify": "^2.4.1", + "dompurify": "^2.4.2", "highlight.js": "^11.4.0", "markdown-it": "^12.3.2", "markdown-it-front-matter": "^0.2.1", diff --git a/extensions/markdown-language-features/yarn.lock b/extensions/markdown-language-features/yarn.lock index e796e655baefc..cec7d2c18fcc4 100644 --- a/extensions/markdown-language-features/yarn.lock +++ b/extensions/markdown-language-features/yarn.lock @@ -352,10 +352,10 @@ diagnostic-channel@1.1.0: dependencies: semver "^5.3.0" -dompurify@^2.4.1: - version "2.4.1" - resolved "https://registry.yarnpkg.com/dompurify/-/dompurify-2.4.1.tgz#f9cb1a275fde9af6f2d0a2644ef648dd6847b631" - integrity sha512-ewwFzHzrrneRjxzmK6oVz/rZn9VWspGFRDb4/rRtIsM1n36t9AKma/ye8syCpcw+XJ25kOK/hOG7t1j2I2yBqA== +dompurify@^2.4.2: + version "2.5.7" + resolved "https://registry.yarnpkg.com/dompurify/-/dompurify-2.5.7.tgz#6e0d36b9177db5a99f18ade1f28579db5ab839d7" + integrity sha512-2q4bEI+coQM8f5ez7kt2xclg1XsecaV9ASJk/54vwlfRRNQfDqJz2pzQ8t0Ix/ToBpXlVjrRIx7pFC/o8itG2Q== emitter-listener@^1.0.1, emitter-listener@^1.1.1: version "1.1.2"