Skip to content

chore(deps): Bump dompurify from 3.2.6 to 3.3.3#90

Closed
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/npm_and_yarn/dompurify-3.3.3
Closed

chore(deps): Bump dompurify from 3.2.6 to 3.3.3#90
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/npm_and_yarn/dompurify-3.3.3

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot bot commented on behalf of github Mar 28, 2026
edited
Loading

Bumps dompurify from 3.2.6 to 3.3.3.

Release notes

Sourced from dompurify's releases.

DOMPurify 3.3.3

  • Fixed an engine requirement for Node 20 which caused hiccups, thanks @​Rotzbua

DOMPurify 3.3.2

  • Fixed a possible bypass caused by jsdom's faulty raw-text tag parsing, thanks multiple reporters
  • Fixed a prototype pollution issue when working with custom elements, thanks @​christos-eth
  • Fixed a lenient config parsing in _isValidAttribute, thanks @​christos-eth
  • Bumped and removed several dependencies, thanks @​Rotzbua
  • Fixed the test suite after bumping dependencies, thanks @​Rotzbua

DOMPurify 3.3.1

  • Updated ADD_FORBID_CONTENTS setting to extend default list, thanks @​MariusRumpf
  • Updated the ESM import syntax to be more correct, thanks @​binhpv

DOMPurify 3.3.0

  • Added the SVG mask-type attribute to default allow-list, thanks @​prasadrajandran
  • Added support for ADD_ATTR and ADD_TAGS to accept functions, thanks @​nelstrom
  • Fixed an issue with the slot element being in both SVG and HTML allow-list, thanks @​Wim-Valgaeren

DOMPurify 3.2.7

  • Added new attributes and elements to default allow-list, thanks @​elrion018
  • Added tagName parameter to custom element attributeNameCheck, thanks @​nelstrom
  • Added better check for animated href attributes, thanks @​llamakko
  • Updated and improved the bundled types, thanks @​ssi02014
  • Updated several tests to better align with new browser encoding behaviors
  • Improved the handling of potentially risky content inside CDATA elements, thanks @​securityMB & @​terjanq
  • Improved the regular expression for raw-text elements to cover textareas, thanks @​securityMB & @​terjanq
Commits
  • 8bcbf73 chore: Preparing 3.3.3 release
  • 5faddd6 fix: engine requirement (#1210)
  • 0f91e3a Update README.md
  • d5ff1a8 Merge branch 'main' of github.com:cure53/DOMPurify
  • c3efd48 fix: moved back from jsdom 28 to jsdom 20
  • 988b888 fix: moved back from jsdom 28 to jsdom 20
  • 2726c74 chore: Preparing 3.3.2 release
  • 6202c7e build(deps): bump @​tootallnate/once and jsdom (#1204)
  • 302b51d fix: Expanded the regex ever so slightly to also cover script
  • cd85175 Merge branch 'main' of github.com:cure53/DOMPurify
  • Additional commits viewable in compare view

@dependabot dependabot bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Mar 28, 2026
@dependabot
chore(deps): Bump dompurify from 3.2.6 to 3.3.3
6d61bd5 
Bumps [dompurify](https://github.com/cure53/DOMPurify) from 3.2.6 to 3.3.3.
- [Release notes](https://github.com/cure53/DOMPurify/releases)
- [Commits](cure53/DOMPurify@3.2.6...3.3.3)

---
updated-dependencies:
- dependency-name: dompurify
  dependency-version: 3.3.3
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot force-pushed the dependabot/npm_and_yarn/dompurify-3.3.3 branch from 092ac28 to 6d61bd5 Compare April 4, 2026 16:22
@github-actions
Copy link
Copy Markdown

github-actions bot commented Apr 4, 2026

Note

Coverage shown for affected projects only. Per-file thresholds (80%) are enforced by vitest.

Code Coverage

Package Line Rate Branch Rate Complexity Health
app 100% 100% 0
app.debug 83% 100% 0
src 100% 100% 0
src.lib.components.counter 100% 100% 0
src.lib.components.counter-container 100% 100% 0
src.lib.state 100% 100% 0
src 100% 100% 0
src.lib.login 100% 100% 0
src.lib.state 100% 100% 0
src 100% 100% 0
src.lib.components 98% 89% 0
src.lib.state 100% 100% 0
src.lib.testing 100% 100% 0
src 100% 100% 0
src.lib.components.forecast-table 100% 100% 0
src.lib.components.weather-forecast 100% 100% 0
src.lib.models 100% 100% 0
src.lib.services 100% 100% 0
src.lib.state 100% 100% 0
src 100% 100% 0
src.lib.services 100% 100% 0
src.lib.state 100% 100% 0
src 100% 100% 0
src.lib.home 100% 100% 0
Summary 99% (373 / 377) 99% (107 / 111) 0

@chrisjwalk
Copy link
Copy Markdown
Owner

chrisjwalk commented Apr 4, 2026

Closing in favour of consolidated update PR on feat/consolidate-deps-94

@chrisjwalk chrisjwalk closed this Apr 4, 2026
@chrisjwalk chrisjwalk deleted the dependabot/npm_and_yarn/dompurify-3.3.3 branch April 4, 2026 16:25
@dependabot @github
Copy link
Copy Markdown
Contributor Author

dependabot bot commented on behalf of github Apr 4, 2026

OK, I won't notify you again about this release, but will get in touch when a new version is available. If you'd rather skip all updates until the next major or minor version, let me know by commenting @dependabot ignore this major version or @dependabot ignore this minor version. You can also ignore all major, minor, or patch releases for a dependency by adding an ignore condition with the desired update_types to your config file.

If you change your mind, just re-open this PR and I'll resolve any conflicts on it.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@chrisjwalk