Skip to content

chore(deps): bump dompurify from 3.3.3 to 3.4.0 in /docs-site in the npm_and_yarn group across 1 directory#889

Merged
suisuss merged 1 commit intostagingfrom
dependabot/npm_and_yarn/docs-site/npm_and_yarn-2a73d1bbcf
Apr 21, 2026
Merged

chore(deps): bump dompurify from 3.3.3 to 3.4.0 in /docs-site in the npm_and_yarn group across 1 directory#889
suisuss merged 1 commit intostagingfrom
dependabot/npm_and_yarn/docs-site/npm_and_yarn-2a73d1bbcf

Conversation

@dependabot
Copy link
Copy Markdown

@dependabot dependabot bot commented on behalf of github Apr 17, 2026
edited
Loading

Bumps the npm_and_yarn group with 1 update in the /docs-site directory: dompurify.

Updates dompurify from 3.3.3 to 3.4.0

Release notes

Sourced from dompurify's releases.

DOMPurify 3.4.0

Most relevant changes:

  • Fixed a problem with FORBID_TAGS not winning over ADD_TAGS, thanks @​kodareef5
  • Fixed several minor problems and typos regarding MathML attributes, thanks @​DavidOliver
  • Fixed ADD_ATTR/ADD_TAGS function leaking into subsequent array-based calls, thanks @​1Jesper1
  • Fixed a missing SAFE_FOR_TEMPLATES scrub in RETURN_DOM path, thanks @​bencalif
  • Fixed a prototype pollution via CUSTOM_ELEMENT_HANDLING, thanks @​trace37labs
  • Fixed an issue with ADD_TAGS function form bypassing FORBID_TAGS, thanks @​eddieran
  • Fixed an issue with ADD_ATTR predicates skipping URI validation, thanks @​christos-eth
  • Fixed an issue with USE_PROFILES prototype pollution, thanks @​christos-eth
  • Fixed an issue leading to possible mXSS via Re-Contextualization, thanks @​researchatfluidattacks and others
  • Fixed an issue with closing tags leading to possible mXSS, thanks @​frevadiscor
  • Fixed a problem with the type dentition patcher after Node version bump
  • Fixed freezing BS runs by reducing the tested browsers array
  • Bumped several dependencies where possible
  • Added needed files for OpenSSF scorecard checks

Published Advisories are here: https://github.com/cure53/DOMPurify/security/advisories?state=published

Commits

@dependabot dependabot bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Apr 17, 2026
eskp
eskp previously approved these changes Apr 20, 2026
View reviewed changes
@suisuss suisuss mentioned this pull request Apr 21, 2026
Merged
4 tasks
@suisuss
Copy link
Copy Markdown

suisuss commented Apr 21, 2026

@dependabot rebase

@dependabot
chore(deps): bump dompurify
f064dc7 
Bumps the npm_and_yarn group with 1 update in the /docs-site directory: [dompurify](https://github.com/cure53/DOMPurify).


Updates `dompurify` from 3.3.3 to 3.4.0
- [Release notes](https://github.com/cure53/DOMPurify/releases)
- [Commits](cure53/DOMPurify@3.3.3...3.4.0)

---
updated-dependencies:
- dependency-name: dompurify
  dependency-version: 3.4.0
  dependency-type: indirect
  dependency-group: npm_and_yarn
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot force-pushed the dependabot/npm_and_yarn/docs-site/npm_and_yarn-2a73d1bbcf branch from c454ab0 to f064dc7 Compare April 21, 2026 04:58
@suisuss suisuss merged commit 2bd9b1f into staging Apr 21, 2026
31 checks passed
@suisuss suisuss deleted the dependabot/npm_and_yarn/docs-site/npm_and_yarn-2a73d1bbcf branch April 21, 2026 05:16
@github-actions
Copy link
Copy Markdown

github-actions bot commented Apr 21, 2026

🧹 PR Environment Cleaned Up

The PR environment has been successfully deleted.

Deleted Resources:

  • Namespace: pr-889
  • All Helm releases (Keeperhub, Scheduler, Event services)
  • PostgreSQL Database (including data)
  • LocalStack, Redis
  • All associated secrets and configs

All resources have been cleaned up and will no longer incur costs.

@github-actions
Copy link
Copy Markdown

github-actions bot commented Apr 21, 2026

ℹ️ No PR Environment to Clean Up

No PR environment was found for this PR. This is expected if:

  • The PR never had the deploy-pr-environment label
  • The environment was already cleaned up
  • The deployment never completed successfully

@eskp eskp mentioned this pull request Apr 21, 2026
Merged
4 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@eskp eskp eskp left review comments

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@suisuss @eskp