Skip to content

chore(deps): bump dompurify from 3.2.6 to 3.3.3#534

Closed
dependabot[bot] wants to merge 1 commit intomasterfrom
dependabot/npm_and_yarn/dompurify-3.3.3
Closed

chore(deps): bump dompurify from 3.2.6 to 3.3.3#534
dependabot[bot] wants to merge 1 commit intomasterfrom
dependabot/npm_and_yarn/dompurify-3.3.3

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot Bot commented on behalf of github Mar 28, 2026
edited
Loading

Bumps dompurify from 3.2.6 to 3.3.3.

Release notes

Sourced from dompurify's releases.

DOMPurify 3.3.3

  • Fixed an engine requirement for Node 20 which caused hiccups, thanks @​Rotzbua

DOMPurify 3.3.2

  • Fixed a possible bypass caused by jsdom's faulty raw-text tag parsing, thanks multiple reporters
  • Fixed a prototype pollution issue when working with custom elements, thanks @​christos-eth
  • Fixed a lenient config parsing in _isValidAttribute, thanks @​christos-eth
  • Bumped and removed several dependencies, thanks @​Rotzbua
  • Fixed the test suite after bumping dependencies, thanks @​Rotzbua

DOMPurify 3.3.1

  • Updated ADD_FORBID_CONTENTS setting to extend default list, thanks @​MariusRumpf
  • Updated the ESM import syntax to be more correct, thanks @​binhpv

DOMPurify 3.3.0

  • Added the SVG mask-type attribute to default allow-list, thanks @​prasadrajandran
  • Added support for ADD_ATTR and ADD_TAGS to accept functions, thanks @​nelstrom
  • Fixed an issue with the slot element being in both SVG and HTML allow-list, thanks @​Wim-Valgaeren

DOMPurify 3.2.7

  • Added new attributes and elements to default allow-list, thanks @​elrion018
  • Added tagName parameter to custom element attributeNameCheck, thanks @​nelstrom
  • Added better check for animated href attributes, thanks @​llamakko
  • Updated and improved the bundled types, thanks @​ssi02014
  • Updated several tests to better align with new browser encoding behaviors
  • Improved the handling of potentially risky content inside CDATA elements, thanks @​securityMB & @​terjanq
  • Improved the regular expression for raw-text elements to cover textareas, thanks @​securityMB & @​terjanq
Commits
  • 8bcbf73 chore: Preparing 3.3.3 release
  • 5faddd6 fix: engine requirement (#1210)
  • 0f91e3a Update README.md
  • d5ff1a8 Merge branch 'main' of github.com:cure53/DOMPurify
  • c3efd48 fix: moved back from jsdom 28 to jsdom 20
  • 988b888 fix: moved back from jsdom 28 to jsdom 20
  • 2726c74 chore: Preparing 3.3.2 release
  • 6202c7e build(deps): bump @​tootallnate/once and jsdom (#1204)
  • 302b51d fix: Expanded the regex ever so slightly to also cover script
  • cd85175 Merge branch 'main' of github.com:cure53/DOMPurify
  • Additional commits viewable in compare view

@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Mar 28, 2026
@cloudflare-workers-and-pages
Copy link
Copy Markdown

cloudflare-workers-and-pages Bot commented Mar 28, 2026
edited
Loading

Deploying note with  Cloudflare Pages  Cloudflare Pages

Latest commit: 7209b0c
Status: ✅  Deploy successful!
Preview URL: https://5905a38b.note-e01.pages.dev
Branch Preview URL: https://dependabot-npm-and-yarn-domp-vz4b.note-e01.pages.dev

View logs

@dependabot dependabot Bot mentioned this pull request Mar 28, 2026
Closed
@dependabot dependabot Bot changed the title build(deps): bump dompurify from 3.2.6 to 3.3.3 chore(deps): bump dompurify from 3.2.6 to 3.3.3 Apr 13, 2026
@dependabot dependabot Bot force-pushed the dependabot/npm_and_yarn/dompurify-3.3.3 branch from d39e5bd to 9fde7f3 Compare April 13, 2026 08:23
@dependabot dependabot Bot force-pushed the dependabot/npm_and_yarn/dompurify-3.3.3 branch from 9fde7f3 to 90a9d84 Compare April 15, 2026 07:52
@dependabot
build(deps): bump dompurify from 3.2.6 to 3.3.3
7209b0c 
Bumps [dompurify](https://github.com/cure53/DOMPurify) from 3.2.6 to 3.3.3.
- [Release notes](https://github.com/cure53/DOMPurify/releases)
- [Commits](cure53/DOMPurify@3.2.6...3.3.3)

---
updated-dependencies:
- dependency-name: dompurify
  dependency-version: 3.3.3
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot force-pushed the dependabot/npm_and_yarn/dompurify-3.3.3 branch from 90a9d84 to 7209b0c Compare April 15, 2026 07:55
@dependabot @github
Copy link
Copy Markdown
Contributor Author

dependabot Bot commented on behalf of github Apr 16, 2026

Superseded by #542.

@dependabot dependabot Bot closed this Apr 16, 2026
@dependabot dependabot Bot deleted the dependabot/npm_and_yarn/dompurify-3.3.3 branch April 16, 2026 02:48
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants