Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Update dependencies and refactor DOMPurify usage to default import #2606

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
developerkunal merged 7 commits into from
May 26, 2025
Merged

Update dependencies and refactor DOMPurify usage to default import #2606

developerkunal merged 7 commits into from
May 26, 2025

Conversation

@developerkunal
Copy link
Contributor

@developerkunal developerkunal commented May 15, 2025
edited
Loading

Changes

  • Upgraded dompurify from 2.5.4 to 3.2.5 to address known security vulnerabilities.

  • DOMPurify v3 introduced breaking changes, including:

    • Dropped support for Internet Explorer
    • Removed named exports such as sanitize

  • Refactored all DOMPurify imports to use the new default import syntax (import DOMPurify from 'dompurify').

  • Updated all sanitization calls to use DOMPurify.sanitize(...) for consistency and compatibility.

  • Updated ES target from ES5 to ES2017 to enable modern features like async/await, improve compatibility, and drop IE11 support for cleaner, more performant code.

  • Modified the following files:

    • src/connection/database/actions.js
    • src/i18n.js
    • src/sanitizer.js
    • src/ui/box/chrome.jsx

  • Also upgraded the following dependencies:

    • grunt-cli from 0.1.13 to 1.5.0
    • grunt-env from 0.4.4 to 1.0.1

References

Testing

  • Verified that the DOMPurify import refactor works correctly in all affected files.

  • Ran the full test suite to confirm no regressions.

  • This change adds unit test coverage

  • This change adds integration test coverage

  • This change has been tested on the latest version of the platform/language

Checklist

@developerkunal developerkunal requested a review from a team as a code owner May 15, 2025 09:48
@developerkunal developerkunal requested a review from Copilot May 15, 2025 11:18
Copilot AI reviewed May 15, 2025
View reviewed changes
Copy link

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull Request Overview

This PR upgrades the DOMPurify dependency to address security vulnerabilities while refactoring the import style to use the new default import syntax, as well as updating ES targets and other dependencies to support modern features and CI improvements.

  • Refactored DOMPurify imports and usage in multiple files
  • Upgraded dependencies (DOMPurify, grunt-cli, grunt-env) and updated ES target from ES5 to ES2017
  • Modified test configurations including Karma and GitHub Workflow adjustments

Reviewed Changes

Copilot reviewed 8 out of 8 changed files in this pull request and generated no comments.

Show a summary per file
File Description
src/ui/box/chrome.jsx Refactored DOMPurify import and usage in React components
src/sanitizer.js Updated addHook usage to use DOMPurify.default import
src/i18n.js Replaced named import sanitize with DOMPurify.sanitize in HTML rendering
src/connection/database/actions.js Updated sanitization call to use DOMPurify and improved safety with config
package.json Upgraded dependencies and changed ES target for compatibility
karma.conf.js Adjusted browser configurations for CI (added no-sandbox flag)
.github/workflows/test.yml Added CI environment variable for running end-to-end tests

arpit-jn
arpit-jn previously approved these changes May 16, 2025
View reviewed changes
Copy link
Contributor

@arpit-jn arpit-jn left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

gyaneshgouraw-okta
gyaneshgouraw-okta reviewed May 22, 2025
View reviewed changes
@developerkunal developerkunal merged commit 3680f63 into master May 26, 2025
8 checks passed
@developerkunal developerkunal deleted the chore/deps-and-dompurify-refactor branch May 26, 2025 12:36
@developerkunal developerkunal mentioned this pull request Jun 2, 2025
Merged
developerkunal added a commit that referenced this pull request Jun 2, 2025
@developerkunal
Release v14.0.0 (#2616)
5746a37 
**⚠️ BREAKING CHANGES**
- Dropped support for Internet Explorer (IE).
- Update dependencies and refactor DOMPurify usage to default import
[\#2606](#2606)
([developerkunal](https://github.com/developerkunal))

**Added**
- Add support for social connection Sign in with Shop
[\#2602](#2602)
([reinisb](https://github.com/reinisb))
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@gyaneshgouraw-okta gyaneshgouraw-okta gyaneshgouraw-okta approved these changes

@arpit-jn arpit-jn arpit-jn left review comments

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@developerkunal @gyaneshgouraw-okta @arpit-jn