Bump the npm_and_yarn group across 6 directories with 8 updates

[dependabot]

Bumps the npm_and_yarn group with 2 updates in the /binary directory: brace-expansion and tar-fs.
Bumps the npm_and_yarn group with 4 updates in the /core directory: brace-expansion, @mozilla/readability, esbuild and vitest.
Bumps the npm_and_yarn group with 2 updates in the /docs directory: brace-expansion and prismjs.
Bumps the npm_and_yarn group with 1 update in the /extensions/vscode directory: tar-fs.
Bumps the npm_and_yarn group with 4 updates in the /gui directory: brace-expansion, tough-cookie, prismjs and dompurify.
Bumps the npm_and_yarn group with 1 update in the /packages/continue-sdk directory: brace-expansion.

Updates brace-expansion from 1.1.11 to 2.0.2

Release notes

Sourced from brace-expansion's releases.

v2.0.2

• pkg: publish on tag 2.x 14f1d91
• fmt ed7780a
• Fix potential ReDoS Vulnerability or Inefficient Regular Expression (#65) 36603d5

---

juliangruber/brace-expansion@v2.0.1...v2.0.2

v1.1.12

• pkg: publish on tag 1.x c460dbd
• fmt ccb8ac6
• Fix potential ReDoS Vulnerability or Inefficient Regular Expression (#65) c3c73c8

---

juliangruber/brace-expansion@v1.1.11...v1.1.12

Commits

• c85b8ad 4.0.1
• 5a5cc17 fmt
• 0b6a978 Fix potential ReDoS Vulnerability or Inefficient Regular Expression (#65)
• 6a39bdd 4.0.0
• dd72a59 fmt
• 278132b feat: use string replaces instead of splits (#64)
• 70e4c1b add tea.yaml
• b01a637 3.0.0
• 9e781e9 node 16 is EOL
• 6dad209 docs
• Additional commits viewable in compare view

Updates brace-expansion from 2.0.1 to 2.0.2

Release notes

Sourced from brace-expansion's releases.

v2.0.2

• pkg: publish on tag 2.x 14f1d91
• fmt ed7780a
• Fix potential ReDoS Vulnerability or Inefficient Regular Expression (#65) 36603d5

---

juliangruber/brace-expansion@v2.0.1...v2.0.2

v1.1.12

• pkg: publish on tag 1.x c460dbd
• fmt ccb8ac6
• Fix potential ReDoS Vulnerability or Inefficient Regular Expression (#65) c3c73c8

---

juliangruber/brace-expansion@v1.1.11...v1.1.12

Commits

• c85b8ad 4.0.1
• 5a5cc17 fmt
• 0b6a978 Fix potential ReDoS Vulnerability or Inefficient Regular Expression (#65)
• 6a39bdd 4.0.0
• dd72a59 fmt
• 278132b feat: use string replaces instead of splits (#64)
• 70e4c1b add tea.yaml
• b01a637 3.0.0
• 9e781e9 node 16 is EOL
• 6dad209 docs
• Additional commits viewable in compare view

Updates tar-fs from 2.1.2 to 2.1.3

Commits

• 4b7e868 2.1.3
• 266194b hardlink tweak from main
• See full diff in compare view

Updates brace-expansion from 1.1.11 to 1.1.12

Release notes

Sourced from brace-expansion's releases.

v2.0.2

• pkg: publish on tag 2.x 14f1d91
• fmt ed7780a
• Fix potential ReDoS Vulnerability or Inefficient Regular Expression (#65) 36603d5

---

juliangruber/brace-expansion@v2.0.1...v2.0.2

v1.1.12

• pkg: publish on tag 1.x c460dbd
• fmt ccb8ac6
• Fix potential ReDoS Vulnerability or Inefficient Regular Expression (#65) c3c73c8

---

juliangruber/brace-expansion@v1.1.11...v1.1.12

Commits

• c85b8ad 4.0.1
• 5a5cc17 fmt
• 0b6a978 Fix potential ReDoS Vulnerability or Inefficient Regular Expression (#65)
• 6a39bdd 4.0.0
• dd72a59 fmt
• 278132b feat: use string replaces instead of splits (#64)
• 70e4c1b add tea.yaml
• b01a637 3.0.0
• 9e781e9 node 16 is EOL
• 6dad209 docs
• Additional commits viewable in compare view

Updates @mozilla/readability from 0.5.0 to 0.6.0

Changelog

Sourced from @​mozilla/readability's changelog.

[0.6.0] - 2025-03-03

• Add Parsely tags as a fallback metadata source
• Fix the case that jsonld parse process is ignored when context url include the trailing slash
• Improve data table support
• Fixed situations where short paragraphs of legitimate content would be excluded
• Add an option to modify link density value
• Byline metadata should lead to not deleting lookalike non-byline content
• Avoid removing headers on gitlab
• Improved HTML character unescaping
• Various performance improvements: #894, #892, #893, #915,
• Fix broken JSONLD context handling
• Include Jekyll footnotes in output
• Handle schema.org context objects
• Fix invalid attributes breaking parsing
• Include article:author metadata
• Handle itemprop=name for author metadata
• Improve typescript definitions
• Handle JSONLD Arrays

Commits

• 04fd32f Release 0.6.0
• 4d5dd0b Include recent changes in CHANGELOG.md
• 1c4d63b Make use of regular expressions in title processing more effective. (#959)
• 04abc79 Bump the npm_and_yarn group with 2 updates (#953)
• 118f015 Handle JSONLD arrays (fixes #908) (#947)
• 8c0ff87 Add null | undefined to parse results. Fixes #937 (#944)
• 706c3d1 Extract author name from itemprop='name'. (#943)
• af54155 Drop flagged key copied from public website.
• fbcc3bc More changelog goodness.
• b6ff1b6 Handle article:author meta tag. Fixes #938 (#942)
• Additional commits viewable in compare view

Updates esbuild from 0.17.19 to 0.25.0

Release notes

Sourced from esbuild's releases.

v0.25.0

This release deliberately contains backwards-incompatible changes. To avoid automatically picking up releases like this, you should either be pinning the exact version of esbuild in your package.json file (recommended) or be using a version range syntax that only accepts patch upgrades such as ^0.24.0 or ~0.24.0. See npm's documentation about semver for more information.

• Restrict access to esbuild's development server (GHSA-67mh-4wv8-2f99)

  This change addresses esbuild's first security vulnerability report. Previously esbuild set the Access-Control-Allow-Origin header to * to allow esbuild's development server to be flexible in how it's used for development. However, this allows the websites you visit to make HTTP requests to esbuild's local development server, which gives read-only access to your source code if the website were to fetch your source code's specific URL. You can read more information in the report.

  Starting with this release, CORS will now be disabled, and requests will now be denied if the host does not match the one provided to --serve=. The default host is 0.0.0.0, which refers to all of the IP addresses that represent the local machine (e.g. both 127.0.0.1 and 192.168.0.1). If you want to customize anything about esbuild's development server, you can put a proxy in front of esbuild and modify the incoming and/or outgoing requests.

  In addition, the serve() API call has been changed to return an array of hosts instead of a single host string. This makes it possible to determine all of the hosts that esbuild's development server will accept.

  Thanks to @​sapphi-red for reporting this issue.

• Delete output files when a build fails in watch mode (#3643)

  It has been requested for esbuild to delete files when a build fails in watch mode. Previously esbuild left the old files in place, which could cause people to not immediately realize that the most recent build failed. With this release, esbuild will now delete all output files if a rebuild fails. Fixing the build error and triggering another rebuild will restore all output files again.

• Fix correctness issues with the CSS nesting transform (#3620, #3877, #3933, #3997, #4005, #4037, #4038)

  This release fixes the following problems:

  • Naive expansion of CSS nesting can result in an exponential blow-up of generated CSS if each nesting level has multiple selectors. Previously esbuild sometimes collapsed individual nesting levels using :is() to limit expansion. However, this collapsing wasn't correct in some cases, so it has been removed to fix correctness issues.

    /* Original code */
    .parent {
      > .a,
      > .b1 > .b2 {
        color: red;
      }
    }
    /* Old output (with --supported:nesting=false) */
    .parent > :is(.a, .b1 > .b2) {
    color: red;
    }
    /* New output (with --supported:nesting=false) */
    .parent > .a,
    .parent > .b1 > .b2 {
    color: red;
    }

    Thanks to @​tim-we for working on a fix.

  • The & CSS nesting selector can be repeated multiple times to increase CSS specificity. Previously esbuild ignored this possibility and incorrectly considered && to have the same specificity as &. With this release, this should now work correctly:

    /* Original code (color should be red) */

... (truncated)

Changelog

Sourced from esbuild's changelog.

Changelog: 2023

This changelog documents all esbuild versions published in the year 2023 (versions 0.16.13 through 0.19.11).

0.19.11

• Fix TypeScript-specific class transform edge case (#3559)

  The previous release introduced an optimization that avoided transforming super() in the class constructor for TypeScript code compiled with useDefineForClassFields set to false if all class instance fields have no initializers. The rationale was that in this case, all class instance fields are omitted in the output so no changes to the constructor are needed. However, if all of this is the case and there are #private instance fields with initializers, those private instance field initializers were still being moved into the constructor. This was problematic because they were being inserted before the call to super() (since super() is now no longer transformed in that case). This release introduces an additional optimization that avoids moving the private instance field initializers into the constructor in this edge case, which generates smaller code, matches the TypeScript compiler's output more closely, and avoids this bug:

  // Original code
  class Foo extends Bar {
    #private = 1;
    public: any;
    constructor() {
      super();
    }
  }
  // Old output (with esbuild v0.19.9)
  class Foo extends Bar {
  constructor() {
  super();
  this.#private = 1;
  }
  #private;
  }
  // Old output (with esbuild v0.19.10)
  class Foo extends Bar {
  constructor() {
  this.#private = 1;
  super();
  }
  #private;
  }
  // New output
  class Foo extends Bar {
  #private = 1;
  constructor() {
  super();
  }
  }

• Minifier: allow reording a primitive past a side-effect (#3568)

  The minifier previously allowed reordering a side-effect past a primitive, but didn't handle the case of reordering a primitive past a side-effect. This additional case is now handled:

... (truncated)

Commits

• e9174d6 publish 0.25.0 to npm
• c27dbeb fix hosts in plugin-tests.js
• 6794f60 fix hosts in node-unref-tests.js
• de85afd Merge commit from fork
• da1de1b fix #4065: bitwise operators can return bigints
• f4e9d19 switch case liveness: default is always last
• 7aa47c3 fix #4028: minify live/dead switch cases better
• 22ecd30 minify: more constant folding for strict equality
• 4cdf03c fix #4053: reordering of .tsx in node_modules
• dc71977 fix #3692: 0 now picks a random ephemeral port
• Additional commits viewable in compare view

Updates vitest from 3.1.4 to 3.2.3

Release notes

Sourced from vitest's releases.

v3.2.3

   🚀 Features

• browser: Use base url instead of vitest  -  by @​sheremet-va in vitest-dev/vitest#8126 (1d8eb)
• ui: Show test annotations and metadata in the test report tab  -  by @​sheremet-va in vitest-dev/vitest#8093 (c69be)

   🐞 Bug Fixes

• Rerun tests when project's setup file is changed  -  by @​sheremet-va in vitest-dev/vitest#8097 (0f335)
• Revert expect.any return type  -  by @​sheremet-va in vitest-dev/vitest#8129 (47514)
• Run only the name plugin last, not all config plugins  -  by @​sheremet-va in vitest-dev/vitest#8130 (83862)
• pool:
  • Throw if user's tests use process.send()  -  by @​AriPerkkio in vitest-dev/vitest#8125 (dfe81)
• runner:
  • Fast sequential task updates missing  -  by @​AriPerkkio in vitest-dev/vitest#8121 (7bd11)
  • Comments between fixture destructures  -  by @​AriPerkkio in vitest-dev/vitest#8127 (dc469)
• vite-node:
  • Unable to handle errors where sourcemap mapping empty  -  by @​blake-newman and @​hi-ogawa in vitest-dev/vitest#8071 (8aa25)

    View changes on GitHub

v3.2.2

   🚀 Features

• Support rolldown-vite  -  by @​sheremet-va and @​hi-ogawa in vitest-dev/vitest#7509 (c8d62)

   🐞 Bug Fixes

• browser:
  • Calculate prepare time from createTesters call on the main thread  -  by @​sheremet-va in vitest-dev/vitest#8101 (142c7)
  • Optimize build output and always prebundle vitest  -  by @​sheremet-va (00a39)
  • Make custom locators available in vitest-browser-* packages  -  by @​sheremet-va in vitest-dev/vitest#8103 (247ef)
• expect:
  • Ensure we can always self toEqual  -  by @​dubzzz in vitest-dev/vitest#8094 (02ec8)
• reporter:
  • Allow dot reporter to work in non interactive terminals  -  by @​bstephen1 and @​AriPerkkio in vitest-dev/vitest#7994 (6db9f)

    View changes on GitHub

v3.2.1

   🐞 Bug Fixes

• Use sha1 instead of md5 for hashing  -  by @​sheremet-va (e4c73)
• expect:
  • Fix chai import in dts  -  by @​hi-ogawa in vitest-dev/vitest#8077 (a7593)
  • Export DeeplyAllowMatchers  -  by @​sheremet-va in vitest-dev/vitest#8078 (30ab4)

    View changes on GitHub

v3.2.0

... (truncated)

Commits

• b87ee3e chore: release v3.2.3
• 83862d4 fix: run only the name plugin last, not all config plugins (#8130)
• dc469f2 fix(runner): comments between fixture destructures (#8127)
• 1d8ebf9 feat(browser): use base url instead of vitest (#8126)
• dfe81a6 fix(pool): throw if user's tests use process.send() (#8125)
• 0f33506 fix: rerun tests when project's setup file is changed (#8097)
• 7ddcd33 chore: release v3.2.2
• 33f7120 Revert "fix(browser): optimize build output and always prebundle vitest"
• 00a3916 fix(browser): optimize build output and always prebundle vitest
• 142c735 fix(browser): calculate prepare time from createTesters call on the main th...
• Additional commits viewable in compare view

Updates brace-expansion from 1.1.11 to 1.1.12

Release notes

Sourced from brace-expansion's releases.

v2.0.2

• pkg: publish on tag 2.x 14f1d91
• fmt ed7780a
• Fix potential ReDoS Vulnerability or Inefficient Regular Expression (#65) 36603d5

---

juliangruber/brace-expansion@v2.0.1...v2.0.2

v1.1.12

• pkg: publish on tag 1.x c460dbd
• fmt ccb8ac6
• Fix potential ReDoS Vulnerability or Inefficient Regular Expression (#65) c3c73c8

---

juliangruber/brace-expansion@v1.1.11...v1.1.12

Commits

• c85b8ad 4.0.1
• 5a5cc17 fmt
• 0b6a978 Fix potential ReDoS Vulnerability or Inefficient Regular Expression (#65)
• 6a39bdd 4.0.0
• dd72a59 fmt
• 278132b feat: use string replaces instead of splits (#64)
• 70e4c1b add tea.yaml
• b01a637 3.0.0
• 9e781e9 node 16 is EOL
• 6dad209 docs
• Additional commits viewable in compare view

Updates prismjs from 1.29.0 to 1.30.0

Release notes

Sourced from prismjs's releases.

v1.30.0

What's Changed

• check that currentScript is set by a script tag by @​lkuechler in PrismJS/prism#3863

New Contributors

• @​lkuechler made their first contribution in PrismJS/prism#3863

Full Changelog: PrismJS/prism@v1.29.0...v1.30.0

Changelog

Sourced from prismjs's changelog.

Prism Changelog

Commits

• 76dde18 Release 1.30.0
• 93cca40 npm pkg fix
• 99c5ca9 Add release script
• 8e8b935 check that currentScript is set by a script tag (#3863)
• f894dc2 Fix logo in the footer
• ac38dce Delete CNAME
• 9b5b09a Enable CORS
• See full diff in compare view

Maintainer changes

This version was pushed to npm by dmitrysharabin, a new releaser for prismjs since your current version.

Updates tar-fs from 2.1.2 to 2.1.3

Commits

• 4b7e868 2.1.3
• 266194b hardlink tweak from main
• See full diff in compare view

Updates tar-fs from 1.16.4 to 2.1.3

Commits

• 4b7e868 2.1.3
• 266194b hardlink tweak from main
• See full diff in compare view

Updates brace-expansion from 1.1.11 to 1.1.12

Release notes

Sourced from brace-expansion's releases.

v2.0.2

• pkg: publish on tag 2.x 14f1d91
• fmt ed7780a
• Fix potential ReDoS Vulnerability or Inefficient Regular Expression (#65) 36603d5

---

juliangruber/brace-expansion@v2.0.1...v2.0.2

v1.1.12

• pkg: publish on tag 1.x c460dbd
• fmt ccb8ac6
• Fix potential ReDoS Vulnerability or Inefficient Regular Expression (#65) c3c73c8

---

juliangruber/brace-expansion@v1.1.11...v1.1.12

Commits

• c85b8ad 4.0.1
• 5a5cc17 fmt
• 0b6a978 Fix potential ReDoS Vulnerability or Inefficient Regular Expression (#65)
• 6a39bdd 4.0.0
• dd72a59 fmt
• 278132b feat: use string replaces instead of splits (#64)
• 70e4c1b add tea.yaml
• b01a637 3.0.0
• 9e781e9 node 16 is EOL
• 6dad209 docs
• Additional commits viewable in compare view

Updates tough-cookie from 5.0.0 to 5.1.2

Release notes

Sourced from tough-cookie's releases.

v5.1.2

What's Changed

• Fix regression bug in domainMatch by @​colincasey in salesforce/tough-cookie#500
• Prepare v5.1.2 by @​colincasey in salesforce/tough-cookie#501

Full Changelog: salesforce/tough-cookie@v5.1.1...v5.1.2

v5.1.1

What's Changed

• chore: avoid nodejs modules by @​wjhsf in salesforce/tough-cookie#487
• Bump the dev-dependencies group with 7 updates by @​dependabot in salesforce/tough-cookie#490
• Bump tldts from 6.1.71 to 6.1.76 in the production-dependencies group by @​dependabot in salesforce/tough-cookie#489
• Bump eslint-config-prettier from 9.1.0 to 10.0.1 by @​dependabot in salesforce/tough-cookie#491
• isolated modules and almost isolated declarations by @​wjhsf in salesforce/tough-cookie#486
• chore: auto-close spam PRs by @​wjhsf in salesforce/tough-cookie#493

Full Changelog: salesforce/tough-cookie@v5.1.0...v5.1.1

v5.1.0

What's Changed

• Scheduled integration test with jsdom by @​colincasey in salesforce/tough-cookie#450
• Update README.md by @​colincasey in salesforce/tough-cookie#454
• fix: remove cookies that expire at epoch time of 0 by @​colincasey in salesforce/tough-cookie#457
• Restore missing expiryDate method by @​colincasey in salesforce/tough-cookie#459
• Bump tldts from 6.1.41 to 6.1.48 in the production-dependencies group by @​dependabot in salesforce/tough-cookie#461
• Bump the dev-dependencies group with 7 updates by @​dependabot in salesforce/tough-cookie#462
• fix(path-match): avoid parsing path as regex by @​wjhsf in salesforce/tough-cookie#465
• Bump tldts from 6.1.48 to 6.1.57 in the production-dependencies group by @​dependabot in salesforce/tough-cookie#466
• Bump the dev-dependencies group with 8 updates by @​dependabot in salesforce/tough-cookie#467
• Bump tldts from 6.1.57 to 6.1.65 in the production-dependencies group by @​dependabot in salesforce/tough-cookie#468
• Bump the dev-dependencies group across 1 directory with 8 updates by @​dependabot in salesforce/tough-cookie#471
• chore: streamline package publishing by @​wjhsf in salesforce/tough-cookie#453
• Bump the dev-dependencies group across 1 directory with 8 updates by @​dependabot in salesforce/tough-cookie#476
• Bump tldts from 6.1.65 to 6.1.71 in the production-dependencies group across 1 directory by @​dependabot in salesforce/tough-cookie#478
• Fix npm token config for publish by @​colincasey in salesforce/tough-cookie#482
• Give permissions for provenance generation by @​colincasey in salesforce/tough-cookie#483
• revert: use runtime-agnostic domainToASCII by @​wjhsf in salesforce/tough-cookie#480
• Prepare release v5.1.0 by @​colincasey in salesforce/tough-cookie#484

Full Changelog: salesforce/tough-cookie@v5.0.0...v5.1.0

v5.1.0-rc.0

What's Changed

• Scheduled integration test with jsdom by @​colincasey in salesforce/tough-cookie#450
• Update README.md by @​colincasey in salesforce/tough-cookie#454
• fix: remove cookies that expire at epoch time of 0 by @​colincasey in salesforce/tough-cookie#457
• Restore missing expiryDate method by @​colincasey in salesforce/tough-cookie#459

... (truncated)

Commits

• a2c72ef Merge pull request #501 from salesforce/prepare_v5.1.2
• 7034c22 5.1.2
• 824b401 Merge pull request #500 from salesforce/499_domain_match_fix
• a312820 Fix regression bug in domainMatch
• 9328fc4 Merge pull request #497 from salesforce/wjh/release-v5.1.1
• 2899336 5.1.1
• 4954aed chore: npm audit fix
• bb3e137 chore: auto-close spam PRs (#493)
• 55ba3c6 isolated modules and almost isolated declarations (#486)
• 9fc37ef Merge pull request #491 from salesforce/dependabot/npm_and_yarn/eslint-config...
• Additional commits viewable in compare view

Updates prismjs from 1.29.0 to 1.30.0

Release notes

Sourced from prismjs's releases.

v1.30.0

What's Changed

• check that currentScript is set by a script tag by @​lkuechler in PrismJS/prism#3863

New Contributors

• @​lkuechler made their first contribution in PrismJS/prism#3863

Full Changelog: PrismJS/prism@v1.29.0...v1.30.0

Changelog

Sourced from prismjs's changelog.

Prism Changelog

Commits

• 76dde18 Release 1.30.0
• 93cca40 npm pkg fix
• 99c5ca9 Add release script
• 8e8b935 check that currentScript is set by a script tag (#3863)
• f894dc2 Fix logo in the footer
• ac38dce Delete CNAME
• 9b5b09a Enable CORS
• See full diff in compare view

Maintainer changes

This version was pushed to npm by dmitrysharabin, a new releaser for prismjs since your current version.

Updates dompurify from 3.1.6 to 3.2.6

Release notes

Sourced from dompurify's releases.

DOMPurify 3.2.6

• Fixed several typos and removed clutter from our documentation, thanks @​Rotzbua
• Added matrix: as an allowed URI scheme, thanks @​kleinesfilmroellchen
• Added better config hardening against prototype pollution, thanks @​EffectRenan
• Added better handling of attribute removal, thanks @​michalnieruchalski-tiugo
• Added better configuration for aggressive mXSS scrubbing behavior, thanks @​BryanValverdeU
• Removed the script that caused the fake entry CVE-2025-48050

DOMPurify 3.2.5

• Added a check to the mXSS detection regex to be more strict, thanks @​masatokinugawa
• Added ESM type imports in source, removes patch function, thanks @​donmccurdy
• Added script to verify various TypeScript configurations, thanks @​reduckted
• Added more modern browsers to the Karma launchers list
• Added Node 23.x to tested runtimes, removed Node 17.x
• Fixed the generation of source maps, thanks @​reduckted
• Fixed an unexpected behavior with ALLOWED_URI_REGEXP using the 'g' flag, thanks @​hhk-png
• Fixed a few typos in the README file

DOMPurify 3.2.4

• Fixed a conditional and config dependent mXSS-style bypass reported by @​nsysean
• Added a new feature to allow specific hook removal, thanks @​davecardwell
• Added purify.js and purify.min.js to exports, thanks @​Aetherinox
• Added better logic in case no window object is president, thanks @​yehuya
• Updated some dependencies called out by dependabot
• Updated license files etc to show the correct year

DOMPurify 3.2.3

• Fixed two conditional sanitizer bypasses discovered by @​parrot409 and @​Slonser
• Updated the attribute clobbering checks to prevent future bypasses, thanks @​parrot409

DOMPurify 3.2.2

• Fixed a possible bypass in case a rather specific config for custom elements is set, thanks @​yaniv-git
• Fixed several minor issues with the type definitions, thanks again @​reduckted
• Fixed a minor issue with the types reference for trusted types, thanks @​reduckted
• Fixed a minor problem with the template detection regex on some systems, thanks @​svdb99

DOMPurify 3.2.1

• Fixed several minor issues with the type definitions, thanks @​reduckted @​ghiscoding @​asamuzaK @​MiniDigger
• Fixed an issue with non-minified dist files and order of imports, thanks @​reduckted

DOMPurify 3.2.0

• Added type declarations, thanks @​reduckted , @​philmayfield, @​aloisklink, @​ssi02014 and others
• Fixed a minor issue with the handling of hooks, thanks @​kevin-mizu

DOMPurify 3.1.7

• Fixed an issue with comment detection and possible bypasses with specific config settings, thanks @​masatokinugawa
• Fixed several smaller typos in documentation and test & build files, thanks @​christianhg
• Added better support for Angular compiler, thanks @​jeroen1602
• Added several new attributes to HTML and SVG allow-list, thanks @​Gigabyte5671 and @​Rotzbua

... (truncated)

Commits

• 32f765e Merge pull request #1105 from cure53/main