[Snyk] Security upgrade dompurify from 2.4.5 to 2.5.4

[q1blue]

---

EntelligenceAI PR Summary

Updates the DOMPurify dependency in the gcalendar plugin to incorporate recent security patches and bug fixes.

• Bumped dompurify from ^2.3.6 to ^2.5.4 in plugins/gcalendar/package.json
• Minor version update maintains compatibility within the 2.x range
• Includes security patches for the HTML sanitization library

[codesandbox]

Review or Edit in CodeSandbox

Open the branch in Web Editor • VS Code • Insiders

Open Preview

[restack-app]

No applications have been configured for previews targeting branch: master. To do so go to restack console and configure your applications for previews.

[socket-security]

No dependency changes detected. Learn more about Socket for GitHub.

👍 No dependency changes detected in pull request

[github-actions]

This PR has been automatically marked as stale because it has not had recent activity from the author. It will be closed if no further activity occurs. If the PR was closed and you want it re-opened, let us know and we'll re-open the PR so that you can continue the contribution!

[snyk-io]

⛔ Snyk checks have failed. 97 issues have been found so far.

Status	Scanner	Critical	High	Medium	Low	Total (97)
⛔	Open Source Security	16	31	45	5	97 issues

💻 Catch issues earlier using the plugins for VS Code, JetBrains IDEs, Visual Studio, and Eclipse.

[github-actions]

This PR has been automatically marked as stale because it has not had recent activity from the author. It will be closed if no further activity occurs. If the PR was closed and you want it re-opened, let us know and we'll re-open the PR so that you can continue the contribution!

[entelligence-ai-pr-reviews]

🔒 Entelligence AI Vulnerability Scanner

✅ No security vulnerabilities found!

Your code passed our comprehensive security analysis.

---

[entelligence-ai-pr-reviews]

Walkthrough

This PR updates the DOMPurify dependency in the Google Calendar plugin from version 2.3.6 to version 2.5.4. DOMPurify is a critical security library used for sanitizing HTML content to prevent Cross-Site Scripting (XSS) attacks. This targeted update addresses potential security vulnerabilities while maintaining all other dependencies at their current versions, enhancing the overall security posture of the gcalendar plugin without introducing broader dependency changes.

Changes

File(s)	Summary
plugins/gcalendar/package.json	Updated dompurify dependency from version 2.3.6 to version 2.5.4 while maintaining all other dependencies at their current versions.

Sequence Diagram

This diagram shows the interactions between components:

sequenceDiagram
    title GCalendar Plugin DOMPurify Usage Flow
    
    participant User
    participant GCalendar as "GCalendar Plugin"
    participant DOMPurify as "DOMPurify v2.5.4"
    participant DOM as "DOM"
    
    User->>GCalendar: Interact with calendar
    Note over GCalendar: Plugin receives potentially<br/>unsafe HTML content
    
    GCalendar->>DOMPurify: sanitize(htmlContent)
    activate DOMPurify
    DOMPurify-->>GCalendar: Return sanitized HTML
    deactivate DOMPurify
    
    GCalendar->>DOM: Render sanitized content
    DOM-->>User: Display safe content
    
    Note over GCalendar,DOMPurify: Version updated from 2.3.6 to 2.5.4<br/>for security improvements

Loading

▶️ ⚡ AI Code Reviews for VS Code, Cursor, Windsurf
Install the extension

Note for Windsurf

Please change the default marketplace provider to the following in the windsurf settings:

Marketplace Extension Gallery Service URL: https://marketplace.visualstudio.com/_apis/public/gallery

Marketplace Gallery Item URL: https://marketplace.visualstudio.com/items

Entelligence.ai can learn from your feedback. Simply add 👍 / 👎 emojis to teach it your preferences. More shortcuts below

Emoji Descriptions:

• ⚠️ Potential Issue - May require further investigation.
• 🔒 Security Vulnerability - Fix to ensure system safety.
• 💻 Code Improvement - Suggestions to enhance code quality.
• 🔨 Refactor Suggestion - Recommendations for restructuring code.
• ℹ️ Others - General comments and information.

Interact with the Bot:

• Send a message or request using the format:
  @entelligenceai + *your message*

Example: @entelligenceai Can you suggest improvements for this code?

• Help the Bot learn by providing feedback on its responses.
  @entelligenceai + *feedback*

Example: @entelligenceai Do not comment on `save_auth` function !

Also you can trigger various commands with the bot by doing
@entelligenceai command

The current supported commands are

1. config - shows the current config
2. retrigger_review - retriggers the review

More commands to be added soon.

[entelligence-ai-pr-reviews]

LGTM 👍

[github-actions]

This PR has been automatically marked as stale because it has not had recent activity from the author. It will be closed if no further activity occurs. If the PR was closed and you want it re-opened, let us know and we'll re-open the PR so that you can continue the contribution!

[entelligence-ai-pr-reviews]

Walkthrough

This PR updates the DOMPurify dependency in the Google Calendar plugin from version 2.3.6 to version 2.5.4. DOMPurify is a critical security library used for sanitizing HTML content to prevent Cross-Site Scripting (XSS) attacks. This targeted update addresses potential security vulnerabilities while maintaining all other dependencies at their current versions, enhancing the overall security posture of the gcalendar plugin without introducing broader dependency changes.

Changes

File(s)	Summary
plugins/gcalendar/package.json	Updated dompurify dependency from version 2.3.6 to version 2.5.4 while maintaining all other dependencies at their current versions.

▶️ ⚡ AI Code Reviews for VS Code, Cursor, Windsurf
Install the extension

Note for Windsurf

Please change the default marketplace provider to the following in the windsurf settings:

Marketplace Extension Gallery Service URL: https://marketplace.visualstudio.com/_apis/public/gallery

Marketplace Gallery Item URL: https://marketplace.visualstudio.com/items

Entelligence.ai can learn from your feedback. Simply add 👍 / 👎 emojis to teach it your preferences. More shortcuts below

Emoji Descriptions:

• ⚠️ Potential Issue - May require further investigation.
• 🔒 Security Vulnerability - Fix to ensure system safety.
• 💻 Code Improvement - Suggestions to enhance code quality.
• 🔨 Refactor Suggestion - Recommendations for restructuring code.
• ℹ️ Others - General comments and information.

Interact with the Bot:

• Send a message or request using the format:
  @entelligenceai + *your message*

Example: @entelligenceai Can you suggest improvements for this code?

• Help the Bot learn by providing feedback on its responses.
  @entelligenceai + *feedback*

Example: @entelligenceai Do not comment on `save_auth` function !

Also you can trigger various commands with the bot by doing
@entelligenceai command

The current supported commands are

1. config - shows the current config
2. retrigger_review - retriggers the review

More commands to be added soon.

[entelligence-ai-pr-reviews]

LGTM 👍

[github-actions]

This PR has been automatically marked as stale because it has not had recent activity from the author. It will be closed if no further activity occurs. If the PR was closed and you want it re-opened, let us know and we'll re-open the PR so that you can continue the contribution!

[entelligence-ai-pr-reviews]

Walkthrough

This pull request updates the dompurify dependency in the gcalendar plugin from version 2.3.6 to 2.5.4. DOMPurify is an HTML sanitization library used to prevent XSS attacks by cleaning user-supplied HTML content. This minor version update likely includes important bug fixes, security patches, and improvements to the sanitization logic. The caret (^) prefix in the version specification ensures that future compatible patch and minor releases within the 2.x range will be automatically accepted, maintaining backward compatibility while receiving ongoing security updates.

Changes

File(s)	Summary
plugins/gcalendar/package.json	Updated dompurify dependency from version ^2.3.6 to ^2.5.4 to include bug fixes and security patches.

Sequence Diagram

This diagram shows the interactions between components:

sequenceDiagram
    participant App as GCalendar Plugin
    participant DOMPurify as DOMPurify Library (v2.5.4)
    participant HTML as HTML Content
    
    Note over App,DOMPurify: Dependency version updated from 2.3.6 to 2.5.4
    
    App->>HTML: Receive HTML content from calendar data
    App->>DOMPurify: sanitize(htmlContent)
    activate DOMPurify
    DOMPurify->>DOMPurify: Parse and clean HTML
    DOMPurify-->>App: Return sanitized HTML
    deactivate DOMPurify
    App->>App: Render safe HTML content
    
    Note over App,DOMPurify: No architectural changes<br/>Same interaction pattern with updated library version

Loading

▶️ ⚡ AI Code Reviews for VS Code, Cursor, Windsurf
Install the extension

Note for Windsurf

Please change the default marketplace provider to the following in the windsurf settings:

Marketplace Extension Gallery Service URL: https://marketplace.visualstudio.com/_apis/public/gallery

Marketplace Gallery Item URL: https://marketplace.visualstudio.com/items

Entelligence.ai can learn from your feedback. Simply add 👍 / 👎 emojis to teach it your preferences. More shortcuts below

Emoji Descriptions:

• ⚠️ Potential Issue - May require further investigation.
• 🔒 Security Vulnerability - Fix to ensure system safety.
• 💻 Code Improvement - Suggestions to enhance code quality.
• 🔨 Refactor Suggestion - Recommendations for restructuring code.
• ℹ️ Others - General comments and information.

Interact with the Bot:

• Send a message or request using the format:
  @entelligenceai + *your message*

Example: @entelligenceai Can you suggest improvements for this code?

• Help the Bot learn by providing feedback on its responses.
  @entelligenceai + *feedback*

Example: @entelligenceai Do not comment on `save_auth` function !

Also you can trigger various commands with the bot by doing
@entelligenceai command

The current supported commands are

1. config - shows the current config
2. retrigger_review - retriggers the review

More commands to be added soon.

[github-actions]

This PR has been automatically marked as stale because it has not had recent activity from the author. It will be closed if no further activity occurs. If the PR was closed and you want it re-opened, let us know and we'll re-open the PR so that you can continue the contribution!

[entelligence-ai-pr-reviews]

Walkthrough

This pull request updates the dompurify dependency in the gcalendar plugin from version 2.3.6 to 2.5.4. DOMPurify is an HTML sanitization library used to prevent XSS attacks by cleaning user-supplied HTML content. This minor version update likely includes important bug fixes, security patches, and improvements to the sanitization logic. The caret (^) prefix in the version specification ensures that future compatible patch and minor releases within the 2.x range will be automatically accepted, maintaining backward compatibility while receiving ongoing security updates.

Changes

File(s)	Summary
plugins/gcalendar/package.json	Updated dompurify dependency from version ^2.3.6 to ^2.5.4 to include bug fixes and security patches.

Sequence Diagram

This diagram shows the interactions between components:

sequenceDiagram
    participant App as GCalendar Plugin
    participant DP as DOMPurify Library
    
    Note over App,DP: Dependency Version Update: 2.3.6 → 2.5.4
    Note over App,DP: No changes to component interactions
    
    App->>DP: sanitize(htmlContent)
    activate DP
    DP-->>App: sanitizedHTML
    deactivate DP
    
    Note over App,DP: Usage pattern remains unchanged<br/>Only library version updated

Loading

▶️ ⚡ AI Code Reviews for VS Code, Cursor, Windsurf
Install the extension

Note for Windsurf

Please change the default marketplace provider to the following in the windsurf settings:

Marketplace Extension Gallery Service URL: https://marketplace.visualstudio.com/_apis/public/gallery

Marketplace Gallery Item URL: https://marketplace.visualstudio.com/items

Entelligence.ai can learn from your feedback. Simply add 👍 / 👎 emojis to teach it your preferences. More shortcuts below

Emoji Descriptions:

• ⚠️ Potential Issue - May require further investigation.
• 🔒 Security Vulnerability - Fix to ensure system safety.
• 💻 Code Improvement - Suggestions to enhance code quality.
• 🔨 Refactor Suggestion - Recommendations for restructuring code.
• ℹ️ Others - General comments and information.

Interact with the Bot:

• Send a message or request using the format:
  @entelligenceai + *your message*

Example: @entelligenceai Can you suggest improvements for this code?

• Help the Bot learn by providing feedback on its responses.
  @entelligenceai + *feedback*

Example: @entelligenceai Do not comment on `save_auth` function !

Also you can trigger various commands with the bot by doing
@entelligenceai command

The current supported commands are

1. config - shows the current config
2. retrigger_review - retriggers the review

More commands to be added soon.

[github-actions]

This PR has been automatically marked as stale because it has not had recent activity from the author. It will be closed if no further activity occurs. If the PR was closed and you want it re-opened, let us know and we'll re-open the PR so that you can continue the contribution!

[entelligence-ai-pr-reviews]

Walkthrough

This pull request updates the dompurify dependency in the gcalendar plugin from version 2.3.6 to 2.5.4. DOMPurify is an HTML sanitization library used to prevent XSS attacks by cleaning user-supplied HTML content. This minor version update likely includes important bug fixes, security patches, and improvements to the sanitization logic. The caret (^) prefix in the version specification ensures that future compatible patch and minor releases within the 2.x range will be automatically accepted, maintaining backward compatibility while receiving ongoing security updates.

Changes

File(s)	Summary
plugins/gcalendar/package.json	Updated dompurify dependency from version ^2.3.6 to ^2.5.4 to include bug fixes and security patches.

Sequence Diagram

This diagram shows the interactions between components:

sequenceDiagram
    participant App as GCalendar Plugin
    participant DOMPurify as DOMPurify Library (v2.5.4)
    participant HTML as HTML Content
    
    Note over App,DOMPurify: Dependency version updated from 2.3.6 to 2.5.4
    
    App->>HTML: Receive HTML content from calendar data
    App->>DOMPurify: sanitize(htmlContent)
    activate DOMPurify
    DOMPurify->>DOMPurify: Parse and clean HTML
    DOMPurify-->>App: Return sanitized HTML
    deactivate DOMPurify
    App->>App: Render safe HTML content
    
    Note over App,DOMPurify: No architectural changes<br/>Same interaction pattern with updated library version

Loading

▶️ ⚡ AI Code Reviews for VS Code, Cursor, Windsurf
Install the extension

Note for Windsurf

Please change the default marketplace provider to the following in the windsurf settings:

Marketplace Extension Gallery Service URL: https://marketplace.visualstudio.com/_apis/public/gallery

Marketplace Gallery Item URL: https://marketplace.visualstudio.com/items

Entelligence.ai can learn from your feedback. Simply add 👍 / 👎 emojis to teach it your preferences. More shortcuts below

Emoji Descriptions:

• ⚠️ Potential Issue - May require further investigation.
• 🔒 Security Vulnerability - Fix to ensure system safety.
• 💻 Code Improvement - Suggestions to enhance code quality.
• 🔨 Refactor Suggestion - Recommendations for restructuring code.
• ℹ️ Others - General comments and information.

Interact with the Bot:

• Send a message or request using the format:
  @entelligenceai + *your message*

Example: @entelligenceai Can you suggest improvements for this code?

• Help the Bot learn by providing feedback on its responses.
  @entelligenceai + *feedback*

Example: @entelligenceai Do not comment on `save_auth` function !

Also you can trigger various commands with the bot by doing
@entelligenceai command

The current supported commands are

1. config - shows the current config
2. retrigger_review - retriggers the review

More commands to be added soon.

[github-actions]

This PR has been automatically marked as stale because it has not had recent activity from the author. It will be closed if no further activity occurs. If the PR was closed and you want it re-opened, let us know and we'll re-open the PR so that you can continue the contribution!

[github-actions]

This PR has been automatically marked as stale because it has not had recent activity from the author. It will be closed if no further activity occurs. If the PR was closed and you want it re-opened, let us know and we'll re-open the PR so that you can continue the contribution!

[entelligence-ai-pr-reviews]

Walkthrough

This pull request updates the DOMPurify dependency in the gcalendar plugin from version 2.3.6 to 2.5.4. DOMPurify is an HTML sanitization library that helps prevent XSS attacks by cleaning potentially malicious content. This minor version bump brings the plugin up to date with recent bug fixes and security patches while maintaining backward compatibility within the 2.x version range through the caret (^) versioning prefix.

Changes

File(s)	Summary
plugins/gcalendar/package.json	Updated dompurify dependency from version ^2.3.6 to ^2.5.4 to incorporate bug fixes and security patches.

Sequence Diagram

This diagram shows the interactions between components:

sequenceDiagram
    participant User
    participant GCalendarPlugin
    participant DOMPurify
    participant DOM

    User->>GCalendarPlugin: Request calendar event data
    GCalendarPlugin->>GCalendarPlugin: Fetch event with HTML content
    Note over GCalendarPlugin: Event may contain<br/>HTML descriptions
    
    GCalendarPlugin->>DOMPurify: sanitize(htmlContent)
    Note over DOMPurify: Version upgraded<br/>2.3.6 → 2.5.4
    DOMPurify->>DOMPurify: Parse and clean HTML
    DOMPurify-->>GCalendarPlugin: Return sanitized HTML
    
    GCalendarPlugin->>DOM: Render sanitized content
    DOM-->>User: Display safe calendar event

Loading

▶️ ⚡ AI Code Reviews for VS Code, Cursor, Windsurf
Install the extension

Note for Windsurf

Please change the default marketplace provider to the following in the windsurf settings:

Marketplace Extension Gallery Service URL: https://marketplace.visualstudio.com/_apis/public/gallery

Marketplace Gallery Item URL: https://marketplace.visualstudio.com/items

Entelligence.ai can learn from your feedback. Simply add 👍 / 👎 emojis to teach it your preferences. More shortcuts below

Emoji Descriptions:

• ⚠️ Potential Issue - May require further investigation.
• 🔒 Security Vulnerability - Fix to ensure system safety.
• 💻 Code Improvement - Suggestions to enhance code quality.
• 🔨 Refactor Suggestion - Recommendations for restructuring code.
• ℹ️ Others - General comments and information.

Interact with the Bot:

• Send a message or request using the format:
  @entelligenceai + *your message*

Example: @entelligenceai Can you suggest improvements for this code?

• Help the Bot learn by providing feedback on its responses.
  @entelligenceai + *feedback*

Example: @entelligenceai Do not comment on `save_auth` function !

Also you can trigger various commands with the bot by doing
@entelligenceai command

The current supported commands are

1. config - shows the current config
2. retrigger_review - retriggers the review

More commands to be added soon.