From dd884dbfd5d46503b2fd5ccddf30f8e3ee4e44cf Mon Sep 17 00:00:00 2001
From: Todd Treece <360020+toddtreece@users.noreply.github.com>
Date: Tue, 21 Dec 2021 10:55:36 -0500
Subject: [PATCH] @grafana/data: Update xss dependency (#43423)

---
 packages/grafana-data/package.json         |  2 +-
 packages/grafana-data/src/text/sanitize.ts | 11 +++++------
 yarn.lock                                  | 16 ++++++++--------
 3 files changed, 14 insertions(+), 15 deletions(-)

diff --git a/packages/grafana-data/package.json b/packages/grafana-data/package.json
index d846c3dcc90..bb5679008b0 100644
--- a/packages/grafana-data/package.json
+++ b/packages/grafana-data/package.json
@@ -39,7 +39,7 @@
     "rxjs": "7.3.0",
     "tslib": "2.3.1",
     "uplot": "1.6.16",
-    "xss": "1.0.6"
+    "xss": "1.0.10"
   },
   "devDependencies": {
     "@grafana/tsconfig": "^1.0.0-rc1",
diff --git a/packages/grafana-data/src/text/sanitize.ts b/packages/grafana-data/src/text/sanitize.ts
index d32c4a96178..2a689fbc794 100644
--- a/packages/grafana-data/src/text/sanitize.ts
+++ b/packages/grafana-data/src/text/sanitize.ts
@@ -1,13 +1,12 @@
-import xss from 'xss';
+import { FilterXSS, whiteList, IWhiteList } from 'xss';
 import { sanitizeUrl as braintreeSanitizeUrl } from '@braintree/sanitize-url';
 
-const XSSWL = Object.keys(xss.whiteList).reduce((acc, element) => {
-  // @ts-ignore
-  acc[element] = xss.whiteList[element].concat(['class', 'style']);
+const XSSWL = Object.keys(whiteList).reduce((acc, element) => {
+  acc[element] = whiteList[element]?.concat(['class', 'style']);
   return acc;
-}, {});
+}, {} as IWhiteList);
 
-const sanitizeXSS = new xss.FilterXSS({
+const sanitizeXSS = new FilterXSS({
   whiteList: XSSWL,
 });
 
diff --git a/yarn.lock b/yarn.lock
index d945d2560da..6e535f888ca 100644
--- a/yarn.lock
+++ b/yarn.lock
@@ -3472,7 +3472,7 @@ __metadata:
     tslib: 2.3.1
     typescript: 4.4.3
     uplot: 1.6.16
-    xss: 1.0.6
+    xss: 1.0.10
   languageName: unknown
   linkType: soft
 
@@ -14181,7 +14181,7 @@ __metadata:
   languageName: node
   linkType: hard
 
-"commander@npm:2, commander@npm:^2.19.0, commander@npm:^2.20.0, commander@npm:^2.7.1, commander@npm:^2.9.0":
+"commander@npm:2, commander@npm:^2.19.0, commander@npm:^2.20.0, commander@npm:^2.20.3, commander@npm:^2.7.1, commander@npm:^2.9.0":
   version: 2.20.3
   resolution: "commander@npm:2.20.3"
   checksum: ab8c07884e42c3a8dbc5dd9592c606176c7eb5c1ca5ff274bcf907039b2c41de3626f684ea75ccf4d361ba004bbaff1f577d5384c155f3871e456bdf27becf9e
@@ -36112,15 +36112,15 @@ __metadata:
   languageName: node
   linkType: hard
 
-"xss@npm:1.0.6":
-  version: 1.0.6
-  resolution: "xss@npm:1.0.6"
+"xss@npm:1.0.10":
+  version: 1.0.10
+  resolution: "xss@npm:1.0.10"
   dependencies:
-    commander: ^2.9.0
+    commander: ^2.20.3
     cssfilter: 0.0.10
   bin:
-    xss: ./bin/xss
-  checksum: 529baa20ee4cd82e45e0aca26d0069e2b80ae82c9eaff06b39cd2e3d1320031e53b8f001e5024e880796927e0bb450bc36d47607d44e25aa0c86f2ee049b76db
+    xss: bin/xss
+  checksum: 0dbc70a716020d854569610d5bc949ba9d3b7f530b7af5508ffe84edaea228c34a4e1227f71cb3a4741373b1c49c3cb691f69dddefda45a594a31f112ae6a738
   languageName: node
   linkType: hard