[Snyk] Security upgrade dompurify from 2.4.5 to 2.5.4

[snyk-io]

---

EntelligenceAI PR Summary

Updates the dompurify dependency in the techdocs plugin to address security vulnerabilities and bug fixes.

• Bumped dompurify from ^2.2.9 to ^2.5.4 in plugins/techdocs/package.json
• Maintains compatibility with future 2.x minor and patch releases
• Includes security patches and bug fixes for HTML sanitization functionality

[codesandbox]

Review or Edit in CodeSandbox

Open the branch in Web Editor • VS Code • Insiders

Open Preview

[sourcery-ai]

Reviewer's Guide

This PR upgrades the dompurify dependency in plugins/techdocs from version 2.2.9 to 2.5.4 by modifying the version spec in package.json, fixing a high-severity prototype pollution vulnerability; reviewers should confirm dependency behavior and run yarn to update the lockfile and cache.

File-Level Changes

Change	Details	Files
Bump dompurify to 2.5.4 to remediate prototype pollution	Changed dompurify version from ^2.2.9 to ^2.5.4 in dependencies Addressed SNYK-JS-DOMPURIFY-7984421 vulnerability	plugins/techdocs/package.json

---

Tips and commands

Interacting with Sourcery

• Trigger a new review: Comment @sourcery-ai review on the pull request.
• Continue discussions: Reply directly to Sourcery's review comments.
• Generate a GitHub issue from a review comment: Ask Sourcery to create an
  issue from a review comment by replying to it. You can also reply to a
  review comment with @sourcery-ai issue to create an issue from it.
• Generate a pull request title: Write @sourcery-ai anywhere in the pull
  request title to generate a title at any time. You can also comment
  @sourcery-ai title on the pull request to (re-)generate the title at any time.
• Generate a pull request summary: Write @sourcery-ai summary anywhere in
  the pull request body to generate a PR summary at any time exactly where you
  want it. You can also comment @sourcery-ai summary on the pull request to
  (re-)generate the summary at any time.
• Generate reviewer's guide: Comment @sourcery-ai guide on the pull
  request to (re-)generate the reviewer's guide at any time.
• Resolve all Sourcery comments: Comment @sourcery-ai resolve on the
  pull request to resolve all Sourcery comments. Useful if you've already
  addressed all the comments and don't want to see them anymore.
• Dismiss all Sourcery reviews: Comment @sourcery-ai dismiss on the pull
  request to dismiss all existing Sourcery reviews. Especially useful if you
  want to start fresh with a new review - don't forget to comment
  @sourcery-ai review to trigger a new review!

Customizing Your Experience

Access your dashboard to:

• Enable or disable review features such as the Sourcery-generated pull request
  summary, the reviewer's guide, and others.
• Change the review language.
• Add, remove or edit custom review instructions.
• Adjust other review settings.

Getting Help

• Contact our support team for questions or feedback.
• Visit our documentation for detailed guides and information.
• Keep in touch with the Sourcery team by following us on X/Twitter, LinkedIn or GitHub.

[snyk-io]

⛔ Snyk checks have failed. 97 issues have been found so far.

Status	Scanner	Critical	High	Medium	Low	Total (97)
⛔	Open Source Security	16	31	45	5	97 issues

💻 Catch issues earlier using the plugins for VS Code, JetBrains IDEs, Visual Studio, and Eclipse.

[github-actions]

This PR has been automatically marked as stale because it has not had recent activity from the author. It will be closed if no further activity occurs. If the PR was closed and you want it re-opened, let us know and we'll re-open the PR so that you can continue the contribution!

[github-actions]

This PR has been automatically marked as stale because it has not had recent activity from the author. It will be closed if no further activity occurs. If the PR was closed and you want it re-opened, let us know and we'll re-open the PR so that you can continue the contribution!

[socket-security]

No dependency changes detected. Learn more about Socket for GitHub.

👍 No dependency changes detected in pull request

[github-actions]

This PR has been automatically marked as stale because it has not had recent activity from the author. It will be closed if no further activity occurs. If the PR was closed and you want it re-opened, let us know and we'll re-open the PR so that you can continue the contribution!

[entelligence-ai-pr-reviews]

🔒 Entelligence AI Vulnerability Scanner

✅ No security vulnerabilities found!

Your code passed our comprehensive security analysis.

---

[entelligence-ai-pr-reviews]

Walkthrough

This PR updates the DOMPurify dependency in the techdocs plugin from version ^2.2.9 to ^2.5.4. DOMPurify is a critical security library used for sanitizing HTML content to prevent XSS (Cross-Site Scripting) attacks. This version bump likely addresses security vulnerabilities or includes performance improvements in the HTML sanitization process. The update is a straightforward dependency version change that doesn't require any code modifications in the consuming application.

Changes

File(s)	Summary
plugins/techdocs/package.json	Updated dompurify dependency from ^2.2.9 to ^2.5.4

Sequence Diagram

This diagram shows the interactions between components:

sequenceDiagram
    title TechDocs DOMPurify Sanitization Flow
    
    participant User
    participant Browser
    participant TechDocsReader as "TechDocs Reader Component"
    participant DOMPurify as "DOMPurify v2.5.4"
    participant Backend as "TechDocs Backend"
    
    User->>Browser: Navigate to documentation page
    Browser->>TechDocsReader: Render documentation
    TechDocsReader->>Backend: Request documentation content
    Backend-->>TechDocsReader: Return HTML content
    
    Note over TechDocsReader,DOMPurify: DOMPurify version updated from 2.2.9 to 2.5.4
    
    TechDocsReader->>DOMPurify: sanitize(htmlContent)
    activate DOMPurify
    DOMPurify-->>TechDocsReader: Return sanitized HTML
    deactivate DOMPurify
    
    TechDocsReader->>Browser: Render sanitized content
    Browser-->>User: Display safe documentation

Loading

▶️ ⚡ AI Code Reviews for VS Code, Cursor, Windsurf
Install the extension

Note for Windsurf

Please change the default marketplace provider to the following in the windsurf settings:

Marketplace Extension Gallery Service URL: https://marketplace.visualstudio.com/_apis/public/gallery

Marketplace Gallery Item URL: https://marketplace.visualstudio.com/items

Entelligence.ai can learn from your feedback. Simply add 👍 / 👎 emojis to teach it your preferences. More shortcuts below

Emoji Descriptions:

• ⚠️ Potential Issue - May require further investigation.
• 🔒 Security Vulnerability - Fix to ensure system safety.
• 💻 Code Improvement - Suggestions to enhance code quality.
• 🔨 Refactor Suggestion - Recommendations for restructuring code.
• ℹ️ Others - General comments and information.

Interact with the Bot:

• Send a message or request using the format:
  @entelligenceai + *your message*

Example: @entelligenceai Can you suggest improvements for this code?

• Help the Bot learn by providing feedback on its responses.
  @entelligenceai + *feedback*

Example: @entelligenceai Do not comment on `save_auth` function !

Also you can trigger various commands with the bot by doing
@entelligenceai command

The current supported commands are

1. config - shows the current config
2. retrigger_review - retriggers the review

More commands to be added soon.

[entelligence-ai-pr-reviews]

LGTM 👍

[github-actions]

This PR has been automatically marked as stale because it has not had recent activity from the author. It will be closed if no further activity occurs. If the PR was closed and you want it re-opened, let us know and we'll re-open the PR so that you can continue the contribution!

[entelligence-ai-pr-reviews]

Walkthrough

This PR updates the DOMPurify dependency in the techdocs plugin from version ^2.2.9 to ^2.5.4. DOMPurify is a critical security library used for sanitizing HTML content to prevent XSS (Cross-Site Scripting) attacks. This version bump likely addresses security vulnerabilities or includes performance improvements in the HTML sanitization process. The update is a straightforward dependency version change that doesn't require any code modifications in the consuming application.

Changes

File(s)	Summary
plugins/techdocs/package.json	Updated dompurify dependency from ^2.2.9 to ^2.5.4

▶️ ⚡ AI Code Reviews for VS Code, Cursor, Windsurf
Install the extension

Note for Windsurf

Please change the default marketplace provider to the following in the windsurf settings:

Marketplace Extension Gallery Service URL: https://marketplace.visualstudio.com/_apis/public/gallery

Marketplace Gallery Item URL: https://marketplace.visualstudio.com/items

Entelligence.ai can learn from your feedback. Simply add 👍 / 👎 emojis to teach it your preferences. More shortcuts below

Emoji Descriptions:

• ⚠️ Potential Issue - May require further investigation.
• 🔒 Security Vulnerability - Fix to ensure system safety.
• 💻 Code Improvement - Suggestions to enhance code quality.
• 🔨 Refactor Suggestion - Recommendations for restructuring code.
• ℹ️ Others - General comments and information.

Interact with the Bot:

• Send a message or request using the format:
  @entelligenceai + *your message*

Example: @entelligenceai Can you suggest improvements for this code?

• Help the Bot learn by providing feedback on its responses.
  @entelligenceai + *feedback*

Example: @entelligenceai Do not comment on `save_auth` function !

Also you can trigger various commands with the bot by doing
@entelligenceai command

The current supported commands are

1. config - shows the current config
2. retrigger_review - retriggers the review

More commands to be added soon.

[entelligence-ai-pr-reviews]

LGTM 👍

[entelligence-ai-pr-reviews]

Walkthrough

This pull request updates the dompurify dependency in the techdocs plugin from version 2.2.9 to 2.5.4. This is a minor version upgrade that brings the HTML sanitization library up to date with recent security patches and bug fixes. The caret (^) version prefix is maintained, allowing automatic updates to future compatible patch and minor releases within the 2.x major version range. This update ensures the techdocs plugin benefits from improved security and stability in HTML sanitization functionality.

Changes

File(s)	Summary
plugins/techdocs/package.json	Updated dompurify dependency from version ^2.2.9 to ^2.5.4 to incorporate security patches and bug fixes.

Sequence Diagram

This diagram shows the interactions between components:

sequenceDiagram
    participant User
    participant TechDocs as TechDocs Plugin
    participant DOMPurify as DOMPurify (v2.5.4)
    participant DOM as Browser DOM

    User->>TechDocs: Request documentation page
    activate TechDocs
    
    TechDocs->>TechDocs: Fetch documentation content
    Note over TechDocs: Raw HTML/Markdown content retrieved
    
    TechDocs->>DOMPurify: sanitize(htmlContent)
    activate DOMPurify
    Note over DOMPurify: Version upgraded from 2.2.9 to 2.5.4<br/>Enhanced sanitization capabilities
    DOMPurify->>DOMPurify: Parse and clean HTML
    DOMPurify-->>TechDocs: Return sanitized HTML
    deactivate DOMPurify
    
    TechDocs->>DOM: Render sanitized content
    activate DOM
    DOM-->>User: Display documentation
    deactivate DOM
    deactivate TechDocs

Loading

▶️ ⚡ AI Code Reviews for VS Code, Cursor, Windsurf
Install the extension

Note for Windsurf

Please change the default marketplace provider to the following in the windsurf settings:

Marketplace Extension Gallery Service URL: https://marketplace.visualstudio.com/_apis/public/gallery

Marketplace Gallery Item URL: https://marketplace.visualstudio.com/items

Entelligence.ai can learn from your feedback. Simply add 👍 / 👎 emojis to teach it your preferences. More shortcuts below

Emoji Descriptions:

• ⚠️ Potential Issue - May require further investigation.
• 🔒 Security Vulnerability - Fix to ensure system safety.
• 💻 Code Improvement - Suggestions to enhance code quality.
• 🔨 Refactor Suggestion - Recommendations for restructuring code.
• ℹ️ Others - General comments and information.

Interact with the Bot:

• Send a message or request using the format:
  @entelligenceai + *your message*

Example: @entelligenceai Can you suggest improvements for this code?

• Help the Bot learn by providing feedback on its responses.
  @entelligenceai + *feedback*

Example: @entelligenceai Do not comment on `save_auth` function !

Also you can trigger various commands with the bot by doing
@entelligenceai command

The current supported commands are

1. config - shows the current config
2. retrigger_review - retriggers the review

More commands to be added soon.

[github-actions]

This PR has been automatically marked as stale because it has not had recent activity from the author. It will be closed if no further activity occurs. If the PR was closed and you want it re-opened, let us know and we'll re-open the PR so that you can continue the contribution!

[entelligence-ai-pr-reviews]

Walkthrough

This pull request updates the dompurify dependency in the techdocs plugin from version 2.2.9 to 2.5.4. This is a minor version upgrade that brings the HTML sanitization library up to date with recent security patches and bug fixes. The caret (^) version prefix is maintained, allowing automatic updates to future compatible patch and minor releases within the 2.x major version range. This update ensures the techdocs plugin benefits from improved security and stability in HTML sanitization functionality.

Changes

File(s)	Summary
plugins/techdocs/package.json	Updated dompurify dependency from version ^2.2.9 to ^2.5.4 to incorporate security patches and bug fixes.

Sequence Diagram

This diagram shows the interactions between components:

sequenceDiagram
    participant User
    participant TechDocs as TechDocs Plugin
    participant DOMPurify as DOMPurify (v2.5.4)
    participant DOM as Browser DOM

    User->>TechDocs: Request documentation page
    activate TechDocs
    
    TechDocs->>TechDocs: Fetch documentation content
    Note over TechDocs: Raw HTML/Markdown content retrieved
    
    TechDocs->>DOMPurify: sanitize(htmlContent)
    activate DOMPurify
    Note over DOMPurify: Version upgraded from 2.2.9 to 2.5.4<br/>Enhanced sanitization capabilities
    DOMPurify->>DOMPurify: Parse and clean HTML
    DOMPurify-->>TechDocs: Return sanitized HTML
    deactivate DOMPurify
    
    TechDocs->>DOM: Render sanitized content
    activate DOM
    DOM-->>User: Display documentation
    deactivate DOM
    deactivate TechDocs

Loading

▶️ ⚡ AI Code Reviews for VS Code, Cursor, Windsurf
Install the extension

Note for Windsurf

Please change the default marketplace provider to the following in the windsurf settings:

Marketplace Extension Gallery Service URL: https://marketplace.visualstudio.com/_apis/public/gallery

Marketplace Gallery Item URL: https://marketplace.visualstudio.com/items

Entelligence.ai can learn from your feedback. Simply add 👍 / 👎 emojis to teach it your preferences. More shortcuts below

Emoji Descriptions:

• ⚠️ Potential Issue - May require further investigation.
• 🔒 Security Vulnerability - Fix to ensure system safety.
• 💻 Code Improvement - Suggestions to enhance code quality.
• 🔨 Refactor Suggestion - Recommendations for restructuring code.
• ℹ️ Others - General comments and information.

Interact with the Bot:

• Send a message or request using the format:
  @entelligenceai + *your message*

Example: @entelligenceai Can you suggest improvements for this code?

• Help the Bot learn by providing feedback on its responses.
  @entelligenceai + *feedback*

Example: @entelligenceai Do not comment on `save_auth` function !

Also you can trigger various commands with the bot by doing
@entelligenceai command

The current supported commands are

1. config - shows the current config
2. retrigger_review - retriggers the review

More commands to be added soon.

[github-actions]

This PR has been automatically marked as stale because it has not had recent activity from the author. It will be closed if no further activity occurs. If the PR was closed and you want it re-opened, let us know and we'll re-open the PR so that you can continue the contribution!

[entelligence-ai-pr-reviews]

Walkthrough

This pull request updates the dompurify dependency in the techdocs plugin from version 2.2.9 to 2.5.4. This represents a minor version upgrade that brings the HTML sanitization library up to date with recent security patches and bug fixes. The update maintains backward compatibility within the 2.x major version range through the use of the caret (^) version prefix, allowing automatic updates for future patch and minor releases while preventing breaking changes from major version updates.

Changes

File(s)	Summary
plugins/techdocs/package.json	Updated dompurify dependency from version ^2.2.9 to ^2.5.4 to incorporate security patches and bug fixes.

Sequence Diagram

This diagram shows the interactions between components:

sequenceDiagram
    participant User
    participant TechDocs as TechDocs Plugin
    participant DOMPurify as DOMPurify (v2.5.4)
    participant DOM as Browser DOM

    User->>TechDocs: Request documentation page
    activate TechDocs
    
    TechDocs->>TechDocs: Fetch documentation content
    Note over TechDocs: Raw HTML/Markdown content retrieved
    
    TechDocs->>DOMPurify: sanitize(htmlContent)
    activate DOMPurify
    Note over DOMPurify: Version upgraded from 2.2.9 to 2.5.4<br/>Enhanced sanitization capabilities
    DOMPurify->>DOMPurify: Parse and clean HTML
    DOMPurify-->>TechDocs: Return sanitized HTML
    deactivate DOMPurify
    
    TechDocs->>DOM: Render sanitized content
    activate DOM
    DOM-->>User: Display documentation
    deactivate DOM
    deactivate TechDocs

Loading

▶️ ⚡ AI Code Reviews for VS Code, Cursor, Windsurf
Install the extension

Note for Windsurf

Please change the default marketplace provider to the following in the windsurf settings:

Marketplace Extension Gallery Service URL: https://marketplace.visualstudio.com/_apis/public/gallery

Marketplace Gallery Item URL: https://marketplace.visualstudio.com/items

Entelligence.ai can learn from your feedback. Simply add 👍 / 👎 emojis to teach it your preferences. More shortcuts below

Emoji Descriptions:

• ⚠️ Potential Issue - May require further investigation.
• 🔒 Security Vulnerability - Fix to ensure system safety.
• 💻 Code Improvement - Suggestions to enhance code quality.
• 🔨 Refactor Suggestion - Recommendations for restructuring code.
• ℹ️ Others - General comments and information.

Interact with the Bot:

• Send a message or request using the format:
  @entelligenceai + *your message*

Example: @entelligenceai Can you suggest improvements for this code?

• Help the Bot learn by providing feedback on its responses.
  @entelligenceai + *feedback*

Example: @entelligenceai Do not comment on `save_auth` function !

Also you can trigger various commands with the bot by doing
@entelligenceai command

The current supported commands are

1. config - shows the current config
2. retrigger_review - retriggers the review

More commands to be added soon.

[github-actions]

This PR has been automatically marked as stale because it has not had recent activity from the author. It will be closed if no further activity occurs. If the PR was closed and you want it re-opened, let us know and we'll re-open the PR so that you can continue the contribution!

[github-actions]

This PR has been automatically marked as stale because it has not had recent activity from the author. It will be closed if no further activity occurs. If the PR was closed and you want it re-opened, let us know and we'll re-open the PR so that you can continue the contribution!

[entelligence-ai-pr-reviews]

Walkthrough

This PR updates the dompurify dependency in the techdocs plugin from version 2.2.9 to 2.5.4. This is a minor version upgrade that brings security patches and bug fixes to the HTML sanitization library. The update maintains backward compatibility within the 2.x major version range through the caret (^) versioning prefix, allowing automatic updates for future patch and minor releases while preventing breaking changes from major version updates.

Changes

File(s)	Summary
plugins/techdocs/package.json	Updated dompurify dependency from version ^2.2.9 to ^2.5.4 to include security patches and bug fixes.

Sequence Diagram

This diagram shows the interactions between components:

sequenceDiagram
    participant User
    participant TechDocsReader as TechDocs Reader
    participant DOMPurify as DOMPurify (v2.5.4)
    participant ContentSource as Content Source
    participant DOM as Browser DOM

    User->>TechDocsReader: Request documentation page
    TechDocsReader->>ContentSource: Fetch documentation content
    ContentSource-->>TechDocsReader: Return raw HTML/Markdown content
    
    Note over TechDocsReader,DOMPurify: Upgraded from v2.2.9 to v2.5.4
    
    TechDocsReader->>DOMPurify: sanitize(rawContent)
    activate DOMPurify
    Note over DOMPurify: Remove potentially harmful<br/>HTML elements and attributes
    DOMPurify-->>TechDocsReader: Return sanitized HTML
    deactivate DOMPurify
    
    TechDocsReader->>DOM: Render sanitized content
    DOM-->>User: Display documentation page

Loading

▶️ ⚡ AI Code Reviews for VS Code, Cursor, Windsurf
Install the extension

Note for Windsurf

Please change the default marketplace provider to the following in the windsurf settings:

Marketplace Extension Gallery Service URL: https://marketplace.visualstudio.com/_apis/public/gallery

Marketplace Gallery Item URL: https://marketplace.visualstudio.com/items

Entelligence.ai can learn from your feedback. Simply add 👍 / 👎 emojis to teach it your preferences. More shortcuts below

Emoji Descriptions:

• ⚠️ Potential Issue - May require further investigation.
• 🔒 Security Vulnerability - Fix to ensure system safety.
• 💻 Code Improvement - Suggestions to enhance code quality.
• 🔨 Refactor Suggestion - Recommendations for restructuring code.
• ℹ️ Others - General comments and information.

Interact with the Bot:

• Send a message or request using the format:
  @entelligenceai + *your message*

Example: @entelligenceai Can you suggest improvements for this code?

• Help the Bot learn by providing feedback on its responses.
  @entelligenceai + *feedback*

Example: @entelligenceai Do not comment on `save_auth` function !

Also you can trigger various commands with the bot by doing
@entelligenceai command

The current supported commands are

1. config - shows the current config
2. retrigger_review - retriggers the review

More commands to be added soon.