From 154d9e975d91e74521bc732a27fe70bbbee80cc8 Mon Sep 17 00:00:00 2001
From: DarkSky <25152247+darkskygit@users.noreply.github.com>
Date: Thu, 18 Jun 2026 14:41:48 +0800
Subject: [PATCH] fix: deps & config (#15126)
---
.github/renovate.json | 1 -
.../src/__tests__/utils/svg.unit.spec.ts | 6 +
blocksuite/affine/shared/src/utils/svg.ts | 56 +-
package.json | 17 +-
packages/backend/server/package.json | 35 +-
.../bridge.spec.ts | 36 +-
.../media-capture-playground/package.json | 2 +-
yarn.lock | 846 ++++++++----------
8 files changed, 491 insertions(+), 508 deletions(-)
diff --git a/.github/renovate.json b/.github/renovate.json
index 685fe800a1..3a5722ca33 100644
--- a/.github/renovate.json
+++ b/.github/renovate.json
@@ -31,7 +31,6 @@
"groupSlug": "all-minor-patch",
"matchUpdateTypes": ["minor", "patch"],
"matchManagers": ["npm"],
- "matchPackageNames": ["*"],
"excludePackagePatterns": ["^@blocksuite/", "^oxlint$"]
},
{
diff --git a/blocksuite/affine/shared/src/__tests__/utils/svg.unit.spec.ts b/blocksuite/affine/shared/src/__tests__/utils/svg.unit.spec.ts
index f6ad9de0d3..840e3c022a 100644
--- a/blocksuite/affine/shared/src/__tests__/utils/svg.unit.spec.ts
+++ b/blocksuite/affine/shared/src/__tests__/utils/svg.unit.spec.ts
@@ -59,6 +59,12 @@ describe('sanitizeSvg', () => {
expect(sanitizeSvg('
')).toBe('');
});
+ test('rejects malformed doctype prefixes without regexp backtracking', () => {
+ const maliciousPrefix = '`)).toBe('');
+ });
+
test('keeps internal glyph references and safe image data urls', () => {
const sanitized = sanitizeSvg(`