Bump dompurify from 2.4.4 to 3.1.0

Bumps dompurify from 2.4.4 to 3.1.0.

Release notes

Sourced from dompurify's releases.

DOMPurify 3.1.0

• Added new setting SAFE_FOR_XML to enable better control over comment scrubbing
• Updated README to warn about happy-dom not being safe for use with DOMPurify yet
• Updated the LICENSE file to show the accurate year number
• Updated several build and test dependencies

DOMPurify 3.0.11

• Fixed another conditional bypass caused by Processing Instructions, thanks @​Ry0taK
• Fixed the regex for HTML Custom Element detection, thanks @​AlekseySolovey3T

DOMPurify 3.0.10

• Fixed two possible bypasses when sanitizing an XML document and later using it in HTML, thanks @​Slonser
• Bumped up some build and test dependencies

DOMPurify 3.0.9

• Fixed a problem with proper detection of Custom Elements, thanks @​kevin-mizu
• Refactored the hasOwnProperty logic, thanks @​ssi02014
• Removed a superfluous console.warn making HappyDom happier, thanks @​HugoPoi
• Modernized some of the demo hooks for better looks, thanks @​Steb95

DOMPurify 3.0.8

• Fixed errors caused by conditional exports, thanks @​ssi02014
• Fixed a type error when working with custom element config, thanks @​cpmotion

DOMPurify 3.0.7

• Added better protection against CSPP attacks, thanks @​kevin-mizu
• Updated browser versions for automated tests
• Updated Node versions for automated tests
• Refactored code base, thanks @​ssi02014
• Refactored build system & deployment, thanks @​ssi02014

DOMPurify 3.0.6

• Refactored the core code-base and several utilities, thanks @​ssi02014
• Updated and fixed several sections of the README, thanks @​ssi02014
• Updated several outdated build and test dependencies

DOMPurify 3.0.5

• Fixed a licensing issue spotted and reported by @​george-thomas-hill
• Updated several build and test dependencies

DOMPurify 3.0.4

• Fixed a bypass in jsdom 22 in case the noframes element is permitted, thanks @​leeN
• Fixed a typo with shadowrootmod which should be shadowrootmode, thanks @​masatokinugawa

DOMPurify 3.0.3

• Added new TRUSTED_TYPES_POLICY configuration option, thanks @​dejang
• Added feDropShadow to the SVG filter allow-list, thanks @​SelfMadeSystem

DOMPurify 3.0.2

• Fixed an issue with ALLOWED_URI_REGEXP not being reset, thanks @​mukilane

... (truncated)

Commits

• db19269 Merge pull request #936 from cure53/main
• 3375f4c docs: Updated the year in LICENSE file
• 1c32a11 Merge pull request #934 from cure53/main
• 0cf9d2d chore: Preparing 3.1.0 release
• 933b9de See #931
• bf1f5cf fix: Changed the SAFE_FOR_XML config assignment slightly
• e2c857e docs: Modified the README slightly regarding the happy-dom warning
• 3a00950 feature: Added new config option to control comment sanitization
• 1ebcfd4 fix: Removed the unnecessary clobbering check for elm.data
• fc3c781 fix: Rolling back changes from previous fixes, trying more aggressive comment...
• Additional commits viewable in compare view

---

Dependabot commands

You can trigger Dependabot actions by commenting on this MR

• $dependabot rebase will rebase this MR
• $dependabot recreate will recreate this MR rewriting all the manual changes and resolving conflicts