Skip to content

build(deps): Bump dompurify from 3.2.6 to 3.3.2 in /docs in the npm_and_yarn group across 1 directory#3140

Merged
julienrbrt merged 1 commit intomainfrom
dependabot/npm_and_yarn/docs/npm_and_yarn-1a37318557
Mar 9, 2026
Merged

build(deps): Bump dompurify from 3.2.6 to 3.3.2 in /docs in the npm_and_yarn group across 1 directory#3140
julienrbrt merged 1 commit intomainfrom
dependabot/npm_and_yarn/docs/npm_and_yarn-1a37318557

Conversation

@dependabot
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Mar 9, 2026

Bumps the npm_and_yarn group with 1 update in the /docs directory: dompurify.

Updates dompurify from 3.2.6 to 3.3.2

Release notes

Sourced from dompurify's releases.

DOMPurify 3.3.2

  • Fixed a possible bypass caused by jsdom's faulty raw-text tag parsing, thanks multiple reporters
  • Fixed a prototype pollution issue when working with custom elements, thanks @​christos-eth
  • Fixed a lenient config parsing in _isValidAttribute, thanks @​christos-eth
  • Bumped and removed several dependencies, thanks @​Rotzbua
  • Fixed the test suite after bumping dependencies, thanks @​Rotzbua

DOMPurify 3.3.1

  • Updated ADD_FORBID_CONTENTS setting to extend default list, thanks @​MariusRumpf
  • Updated the ESM import syntax to be more correct, thanks @​binhpv

DOMPurify 3.3.0

  • Added the SVG mask-type attribute to default allow-list, thanks @​prasadrajandran
  • Added support for ADD_ATTR and ADD_TAGS to accept functions, thanks @​nelstrom
  • Fixed an issue with the slot element being in both SVG and HTML allow-list, thanks @​Wim-Valgaeren

DOMPurify 3.2.7

  • Added new attributes and elements to default allow-list, thanks @​elrion018
  • Added tagName parameter to custom element attributeNameCheck, thanks @​nelstrom
  • Added better check for animated href attributes, thanks @​llamakko
  • Updated and improved the bundled types, thanks @​ssi02014
  • Updated several tests to better align with new browser encoding behaviors
  • Improved the handling of potentially risky content inside CDATA elements, thanks @​securityMB & @​terjanq
  • Improved the regular expression for raw-text elements to cover textareas, thanks @​securityMB & @​terjanq
Commits
  • 5e56114 Getting 3.x branch ready for 3.3.2 release (#1208)
  • e8c95f4 fix: Fixed the broken package-lock.json
  • 9636037 Update package-lock.json
  • 5cad4ce Getting 3.x branch ready for 3.3.2 releas (#1205)
  • 6fc446a Merge pull request #1175 from cure53/main
  • 3b3bf91 Merge branch 'main' of github.com:cure53/DOMPurify
  • 9863f41 chore: Preparing 3.3.1 release
  • b4e0295 chore: Preparing 3.3.0 release
  • 077746b build(deps-dev): bump js-yaml from 4.1.0 to 4.1.1 (#1170)
  • 4de68bb build(deps): bump actions/checkout from 5 to 6 (#1171)
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions
    You can disable automated security fix PRs for this repo from the Security Alerts page.

@dependabot
build(deps): Bump dompurify
14b1213 
Bumps the npm_and_yarn group with 1 update in the /docs directory: [dompurify](https://github.com/cure53/DOMPurify).


Updates `dompurify` from 3.2.6 to 3.3.2
- [Release notes](https://github.com/cure53/DOMPurify/releases)
- [Commits](cure53/DOMPurify@3.2.6...3.3.2)

---
updated-dependencies:
- dependency-name: dompurify
  dependency-version: 3.3.2
  dependency-type: indirect
  dependency-group: npm_and_yarn
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Mar 9, 2026
julienrbrt
julienrbrt approved these changes Mar 9, 2026
View reviewed changes
Copy link
Member

@julienrbrt julienrbrt left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

utACK

@julienrbrt julienrbrt added this pull request to the merge queue Mar 9, 2026
@github-merge-queue github-merge-queue bot removed this pull request from the merge queue due to failed status checks Mar 9, 2026
@julienrbrt julienrbrt added this pull request to the merge queue Mar 9, 2026
Merged via the queue into main with commit 067718d Mar 9, 2026
28 of 29 checks passed
@julienrbrt julienrbrt deleted the dependabot/npm_and_yarn/docs/npm_and_yarn-1a37318557 branch March 9, 2026 10:42
@github-actions
Copy link
Contributor

github-actions bot commented Mar 9, 2026

PR Preview Action v1.8.1
Preview removed because the pull request was closed.
2026-03-09 10:43 UTC

alpe added a commit that referenced this pull request Mar 16, 2026
@alpe
Merge branch 'main' into marko/add-trivy-scan
5e5035d 
* main:
  fix(syncer): include in-flight and pending-cache work in PendingCount (#3162)
  chore: re-add replaces for development (#3161)
  build(deps): Bump quinn-proto from 0.11.13 to 0.11.14 in the cargo group across 1 directory (#3155)
  build(deps): bump execution/evm (#3160)
  build(deps): bump ev-node (#3159)
  chore: remove replaces from ev-node (#3158)
  chore: fix some function names in comment (#3156)
  fix: persist snapshot once for avoiding badger vlog (#3153)
  build(deps): Bump docker/setup-buildx-action from 3 to 4 (#3148)
  build(deps): Bump the all-go group across 5 directories with 8 updates (#3147)
  build(deps): Bump docker/login-action from 3 to 4 (#3149)
  build(deps): Bump docker/build-push-action from 6 to 7 (#3151)
  build(deps): Bump actions/setup-go from 6.2.0 to 6.3.0 (#3150)
  chore: prep evm rc.5 (#3145)
  build(deps): bump ev-node (#3144)
  feat(block): Event-Driven DA Follower with WebSocket Subscriptions (#3131)
  build(deps): Bump dompurify from 3.2.6 to 3.3.2 in /docs in the npm_and_yarn group across 1 directory (#3140)
  feat(benchmarking): adding gas burner test (#3115)
  chore: minor deduplication (#3139)
  refactor(store,cache)!: optimize cache restore as O(1) (#3134)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@julienrbrt julienrbrt julienrbrt approved these changes

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@julienrbrt