Bump dompurify from 2.3.6 to 2.4.2

[dependabot]

Bumps dompurify from 2.3.6 to 2.4.2.

Release notes

Sourced from dompurify's releases.

DOMPurify 2.4.2

• Fixed a Trusted Types sink violation with empty input and NAMESPACE , thanks @​tosmolka
• Fixed a Prototype Pollution issue discovered and reported by @​kevin-mizu

DOMPurify 2.4.1

• Added new config option ALLOWED_NAMESPACES for better XML handling, thanks @​kevin-deyoungster @​tosmolka
• Added better detection of template literals when SAFE_FOR_TEMPLATES is true
• Fixed an exception caused by DOM clobbering, thanks @​masatokinugawa
• Bumped some dependencies, thanks @​marcpenya-tf

DOMPurify 2.4.0

• Removed bundled types again as they caused too much trouble

DOMPurify 2.3.12

• Fixed an issue in 2.3.11 causing errors w. TypeScript, see #712, thanks @​Mirco469, @​brentkeller, @​aryanisml

DOMPurify 2.3.11

• Added generated type definitions for better compatibility
• Added SANITIZE_NAMED_PROPS config option, thanks @​SoheilKhodayari
• Updated README and config documentation, thanks @​0xedward
• Updated test suite with newer Node versions

DOMPurify 2.3.10

• Added support for sanitization of attributes requiring Trusted Types, thanks @​tosmolka

DOMPurify 2.3.9

• Made TAG and ATTR config options case-sensitive when parsing XHTML, thanks @​tosmolka
• Bumped some dependencies, thanks @​is2ei
• Included github-actions in the dependabot config, thanks @​nathannaveen

DOMPurify 2.3.8

• Cleaned up a minor issue with the 2.3.7 release, thanks @​johnbirds

No other changes compared to 2.3.7 release, which entail:

• Fixes around a bug in Safari, thanks @​sybrew
• Slightly improved performance, thanks @​tiny-ben-tran
• Lots of chores, bumps and typo fixes, thanks @​is2ei
• Removed unnecessary string trimming, thanks @​christopherehlen

Commits

• d1dd037 fix: Fixed a prototype pollution bug reported by @​kevin_mizu
• 24d2a7f Merge pull request #748 from tosmolka/tosmolka/747
• 7de86a0 Fix formatting
• 191cc00 Fix Trusted Types Sink violation with empty input and NAMESPACE
• 4945074 Merge pull request #745 from cure53/dependabot/npm_and_yarn/qs-and-body-parse...
• 7e9fcd9 build(deps): bump qs and body-parser
• 2734b2d Merge pull request #737 from cure53/dependabot/npm_and_yarn/engine.io-and-soc...
• f3b68d9 build(deps): bump engine.io and socket.io
• 9a751e4 Merge pull request #732 from Pomierski/patch-1
• 2c03b6c fix
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[dependabot]

Superseded by #1065.