We read every piece of feedback, and take your input very seriously.
To see all available qualifiers, see our documentation.
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
No response
Our OWASP scan detected an issue in DOMPurify@3.0.5 CVE-2024-45801 which seems to be used by the Monaco editor (VSCode): https://github.com/microsoft/vscode/blob/main/src/vs/base/browser/dompurify/dompurify.js
Please update to DOMPurify@3.1.3 to get rid of that vulnerability.
Thanks
There should be no vulnerability issues.
The text was updated successfully, but these errors were encountered:
It looks like DOMPurify was bumped here https://github.com/microsoft/vscode/pull/228773/files but not yet vendored like in this other DOMPurify bump PR - https://github.com/microsoft/vscode/pull/189368/files
Sorry, something went wrong.
@rzhao271 Just wanted to at you as you merged in the version update for DOMPurify
rzhao271
mjbvz
No branches or pull requests
Reproducible in vscode.dev or in VS Code Desktop?
Reproducible in the monaco editor playground?
Monaco Editor Playground Link
No response
Monaco Editor Playground Code
No response
Reproduction Steps
No response
Actual (Problematic) Behavior
Our OWASP scan detected an issue in DOMPurify@3.0.5 CVE-2024-45801 which seems to be used by the Monaco editor (VSCode): https://github.com/microsoft/vscode/blob/main/src/vs/base/browser/dompurify/dompurify.js
Please update to DOMPurify@3.1.3 to get rid of that vulnerability.
Thanks
Expected Behavior
There should be no vulnerability issues.
Additional Context
No response
The text was updated successfully, but these errors were encountered: