DEV: Update xss.js package (#16398)

app/assets/javascripts/pretty-text/addon/sanitizer.js

@@ -76,7 +76,7 @@ export function sanitize(text, allowLister) {
   }
 
   let result = xss(text, {
-    whiteList: allowList.tagList,
+    allowList: allowList.tagList,
     stripIgnoreTag: true,
     stripIgnoreTagBody: ["script", "table"],
 

app/assets/javascripts/pretty-text/engines/discourse-markdown/upload-protocol.js

@@ -35,7 +35,7 @@ function findUploadsInHtml(uploads, blockToken) {
 
   let foundImage = false;
   const newContent = xss(blockToken.content, {
-    whiteList: fakeAllowList,
+    allowList: fakeAllowList,
     allowCommentTag: true,
     onTag(tag, html, options) {
       // We're not using this for sanitizing, so allow all tags through

app/assets/javascripts/pretty-text/package.json

@@ -18,7 +18,7 @@
     "ember-auto-import": "^2.2.4",
     "ember-cli-babel": "^7.13.0",
     "ember-cli-htmlbars": "^4.2.0",
-    "xss": "^1.0.8",
+    "xss": "^1.0.11",
     "webpack": "^5.67.0"
   },
   "devDependencies": {

app/assets/javascripts/yarn.lock

@@ -13864,6 +13864,14 @@ xmlhttprequest-ssl@~1.5.4:
   resolved "https://registry.yarnpkg.com/xmlhttprequest-ssl/-/xmlhttprequest-ssl-1.5.5.tgz#c2876b06168aadc40e57d97e81191ac8f4398b3e"
   integrity sha1-wodrBhaKrcQOV9l+gRkayPQ5iz4=
 
+xss@^1.0.11:
+  version "1.0.11"
+  resolved "https://registry.yarnpkg.com/xss/-/xss-1.0.11.tgz#211cb82e95b5071d4c75d597283c021157ebe46a"
+  integrity sha512-EimjrjThZeK2MO7WKR9mN5ZC1CSqivSl55wvUK5EtU6acf0rzEE1pN+9ZDrFXJ82BRp3JL38pPE6S4o/rpp1zQ==
+  dependencies:
+    commander "^2.20.3"
+    cssfilter "0.0.10"
+
 xss@^1.0.8:
   version "1.0.8"
   resolved "https://registry.yarnpkg.com/xss/-/xss-1.0.8.tgz#32feb87feb74b3dcd3d404b7a68ababf10700535"