Skip to content

Bump dompurify from 3.4.7 to 3.4.9#16183

Closed
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/dompurify-3.4.9
Closed

Bump dompurify from 3.4.7 to 3.4.9#16183
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/dompurify-3.4.9

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jun 17, 2026
edited
Loading

Copy link
Copy Markdown
Contributor

Bumps dompurify from 3.4.7 to 3.4.9.

Release notes

Sourced from dompurify's releases.

DOMPurify 3.4.9

  • Further improved the handling of Trusted Types config options, thanks @​offset
  • Further improved the handling of IN_PLACE sanitization, thanks @​mozfreddyb
  • Added more test coverage for IN_PLACE and Trusted Types related usage
  • Bumped several dependencies where possible
  • Updated README and wiki with more accurate documentation & attack samples

DOMPurify 3.4.8

  • Cleaned up the repository root, renamed some and removed unneeded files
  • Fixed an issue with handling of Trusted Types policies, thanks @​fulstadev
  • Fixed the node iterator for better template scrubbing, thanks @​IamLeandrooooo
  • Included formerly missing LICENSE-MPL in published npm package, thanks @​asamuzaK
  • Bumped several dependencies where possible
Commits

@dependabot dependabot Bot added Dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code labels Jun 17, 2026
@dependabot dependabot Bot requested a review from a team as a code owner June 17, 2026 09:25
@github-actions

github-actions Bot commented Jun 17, 2026

Copy link
Copy Markdown

Hello 👋! When you're ready to run Chromatic, please apply the run_chromatic label to this PR.

You will need to reapply the label each time you want to run Chromatic.

Click here to see the Chromatic project.

@github-actions

github-actions Bot commented Jun 17, 2026
edited
Loading

Copy link
Copy Markdown

Deploy build 28277 of dotcom:rendering-all to CODE

All deployment options

From guardian/actions-riff-raff.

@dependabot
Bump dompurify from 3.4.7 to 3.4.9
67ade8d 
Bumps [dompurify](https://github.com/cure53/DOMPurify) from 3.4.7 to 3.4.9.
- [Release notes](https://github.com/cure53/DOMPurify/releases)
- [Commits](cure53/DOMPurify@3.4.7...3.4.9)

---
updated-dependencies:
- dependency-name: dompurify
  dependency-version: 3.4.9
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot force-pushed the dependabot/npm_and_yarn/dompurify-3.4.9 branch from 68db1a0 to 67ade8d Compare June 18, 2026 11:13
@github-actions

github-actions Bot commented Jun 18, 2026

Copy link
Copy Markdown

Deploy build 1881 of dotcom:ab-testing to CODE

All deployment options

From guardian/actions-riff-raff.

@dependabot @github

dependabot Bot commented on behalf of github Jun 19, 2026

Copy link
Copy Markdown
Contributor Author

Superseded by #16221.

@dependabot dependabot Bot closed this Jun 19, 2026
@dependabot dependabot Bot deleted the dependabot/npm_and_yarn/dompurify-3.4.9 branch June 19, 2026 10:42
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

Dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants