Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix(sec): remove MSIE support to allow upgrading to vuln-free dompurify v3 #3827

Merged
merged 6 commits into from
Feb 19, 2025
Merged

fix(sec): remove MSIE support to allow upgrading to vuln-free dompurify v3 #3827

merged 6 commits into from
Feb 19, 2025
+37 −169

Conversation

hainenber
Copy link
Contributor

@hainenber hainenber commented Feb 18, 2025
edited
Loading

Resolve #3819

Remove MSIE support as CVE-2025-26791 affects dompurify v2 and the only resolution is to bump to dompurify v3. However, the new major version dropped support for MSIE so jspdf must do the same.

@hainenber
fix(sec): remove MSIE support to allow upgrading to vuln-free `dompur…
Loading
Loading status checks…
300c21b 
…ify` v3

Signed-off-by: hainenber <dotronghai96@gmail.com>
@hainenber
Copy link
Contributor Author

hainenber commented Feb 18, 2025
edited
Loading

wait, hold up. There are more IE support references across the codebase. One more commit incoming

Above statement is obsolete. All MSIE ref removed

@hainenber
feat: remove all IE11 verifiers in src and examples
Loading
Loading status checks…
3af136c 
Signed-off-by: hainenber <dotronghai96@gmail.com>
@hainenber
chore(ci): remove IE11 as browser testing target
Loading
Loading status checks…
6c270d1 
Signed-off-by: hainenber <dotronghai96@gmail.com>
@hainenber
Copy link
Contributor Author

I removed all proper MSIE references in the codebase. The generated polyfills might not needed anymore but I keep it as safe harness since older browsers can constitute Chrome/Firefox early versions as well.

@hainenber
chore: remove obsolete isOldIE verifiers
Loading
Loading status checks…
58e8c95 
Signed-off-by: hainenber <dotronghai96@gmail.com>
@hainenber
chore(ci): remove IE as browser testing target in Karma's common config
Loading
Loading status checks…
b344dc1 
Signed-off-by: hainenber <dotronghai96@gmail.com>
@hainenber hainenber force-pushed the fix/remove-msie-support-to-fix-sec-vuln branch 3 times, most recently from afa6c67 to b344dc1 Compare February 18, 2025 15:05
Rylab
Rylab approved these changes Feb 19, 2025
View reviewed changes
Copy link

@Rylab Rylab left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thank you!

@HackbrettXXX HackbrettXXX merged commit 7aa332e into parallax:master Feb 19, 2025
7 checks passed
@HackbrettXXX
Copy link
Collaborator

Thank you for the PR. I'll release it now.

@hainenber hainenber deleted the fix/remove-msie-support-to-fix-sec-vuln branch March 22, 2025 03:48
@hainenber hainenber mentioned this pull request Mar 22, 2025
Merged
9 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Rylab Rylab

@HackbrettXXX HackbrettXXX

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Dompurify dependency
3 participants
@hainenber @HackbrettXXX @Rylab