Skip to content

npm(deps): bump dompurify from 3.4.5 to 3.4.8#2779

Closed
dependabot[bot] wants to merge 1 commit into
developfrom
dependabot/npm_and_yarn/develop/dompurify-3.4.3
Closed

npm(deps): bump dompurify from 3.4.5 to 3.4.8#2779
dependabot[bot] wants to merge 1 commit into
developfrom
dependabot/npm_and_yarn/develop/dompurify-3.4.3

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot Bot commented on behalf of github May 14, 2026
edited
Loading

Bumps dompurify from 3.4.5 to 3.4.8.

Release notes

Sourced from dompurify's releases.

DOMPurify 3.4.8

  • Cleaned up the repository root, renamed some and removed unneeded files
  • Fixed an issue with handling of Trusted Types policies, thanks @​fulstadev
  • Fixed the node iterator for better template scrubbing, thanks @​IamLeandrooooo
  • Included formerly missing LICENSE-MPL in published npm package, thanks @​asamuzaK
  • Bumped several dependencies where possible

DOMPurify 3.4.7

  • Hardened the handling of Shadow Roots when using IN_PLACE, thanks @​GameZoneHacker
  • Removed a problem leading to permanent hook pollution, thanks @​offset
  • Refactored the test suite and expanded test coverage significantly

DOMPurify 3.4.6

  • Fixed several issues with DOM Clobbering in IN_PLACE mode, thanks @​offset & @​Bankde
  • Hardened the checks for cross-realm IN_PLACE and Shadow DOM sanitization, thanks @​offset & @​Bankde
  • Added more test coverage for IN_PLACE and general DOM Clobbering attacks
  • Bumped several dependencies where possible
Commits

@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code labels May 14, 2026
@github-actions github-actions Bot mentioned this pull request May 14, 2026
Closed
@dependabot dependabot Bot changed the title npm(deps): bump dompurify from 3.3.3 to 3.4.3 npm(deps): bump dompurify from 3.3.3 to 3.4.4 May 18, 2026
@dependabot dependabot Bot force-pushed the dependabot/npm_and_yarn/develop/dompurify-3.4.3 branch from c1d8e30 to 4b1e9f2 Compare May 18, 2026 00:06
@dependabot
npm(deps): bump dompurify from 3.4.5 to 3.4.8
6ef6ac4 
Bumps [dompurify](https://github.com/cure53/DOMPurify) from 3.4.5 to 3.4.8.
- [Release notes](https://github.com/cure53/DOMPurify/releases)
- [Commits](cure53/DOMPurify@3.4.5...3.4.8)

---
updated-dependencies:
- dependency-name: dompurify
  dependency-version: 3.4.3
  dependency-type: indirect
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot changed the title npm(deps): bump dompurify from 3.3.3 to 3.4.4 npm(deps): bump dompurify from 3.4.5 to 3.4.8 Jun 4, 2026
@dependabot dependabot Bot force-pushed the dependabot/npm_and_yarn/develop/dompurify-3.4.3 branch from 4b1e9f2 to 6ef6ac4 Compare June 4, 2026 03:40
@dependabot @github
Copy link
Copy Markdown
Contributor Author

dependabot Bot commented on behalf of github Jun 5, 2026

Superseded by #2802.

@dependabot dependabot Bot closed this Jun 5, 2026
@dependabot dependabot Bot deleted the dependabot/npm_and_yarn/develop/dompurify-3.4.3 branch June 5, 2026 00:05
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@daniel-mcadam-nhs daniel-mcadam-nhs Awaiting requested review from daniel-mcadam-nhs daniel-mcadam-nhs is a code owner

@kevinmason-nhs kevinmason-nhs Awaiting requested review from kevinmason-nhs kevinmason-nhs is a code owner

@EdwardWills-nhs EdwardWills-nhs Awaiting requested review from EdwardWills-nhs EdwardWills-nhs is a code owner

@georgeCraftReferrals georgeCraftReferrals Awaiting requested review from georgeCraftReferrals georgeCraftReferrals is a code owner

@csaw-nhs csaw-nhs Awaiting requested review from csaw-nhs csaw-nhs is a code owner

@petkopetkov2 petkopetkov2 Awaiting requested review from petkopetkov2 petkopetkov2 is a code owner

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants