Skip to content

Update dependency dompurify to v3.4.10#1254

Open
renovate[bot] wants to merge 1 commit into
developmentfrom
renovate/dompurify-3.x
Open

Update dependency dompurify to v3.4.10#1254
renovate[bot] wants to merge 1 commit into
developmentfrom
renovate/dompurify-3.x

Conversation

@renovate

@renovate renovate Bot commented Apr 27, 2026
edited
Loading

Copy link
Copy Markdown
Contributor

This PR contains the following updates:

Package Change Age Confidence
dompurify 3.4.63.4.10 age confidence

Release Notes

cure53/DOMPurify (dompurify)

v3.4.10: DOMPurify 3.4.10

Compare Source

  • Refactored codebase for clarity: extracted the public type declarations into types.ts
  • Decomposed the three largest sanitizer functions into focused helpers
  • Removed duplicated defaults and dead branches, consolidated SAFE_FOR_TEMPLATES scrubbing into single shared path
  • Improved per-node performance by hoisting the mXSS probe regexes and testing textContent before innerHTML
  • Added a deterministic micro-benchmark harness (npm run bench) with a --compare mode
  • Reduced CI cost by running the full three-engine browser suite once per PR
  • Refreshed the demos/ folder so every demo runs again, and added a SVG-via-<img> demo
  • Documented the bench and test:happydom scripts in the README
  • Completed the Attack Classes & Bypass History wiki page
  • Bumped several dependencies where possible

v3.4.9

Compare Source

v3.4.8: DOMPurify 3.4.8

Compare Source

  • Cleaned up the repository root, renamed some and removed unneeded files
  • Fixed an issue with handling of Trusted Types policies, thanks @​fulstadev
  • Fixed the node iterator for better template scrubbing, thanks @​IamLeandrooooo
  • Included formerly missing LICENSE-MPL in published npm package, thanks @​asamuzaK
  • Bumped several dependencies where possible

v3.4.7: DOMPurify 3.4.7

Compare Source

  • Hardened the handling of Shadow Roots when using IN_PLACE, thanks @​GameZoneHacker
  • Removed a problem leading to permanent hook pollution, thanks @​offset
  • Refactored the test suite and expanded test coverage significantly

Configuration

📅 Schedule: (in timezone America/Los_Angeles)

  • Branch creation
    • "before 5am on monday"
  • Automerge
    • At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@renovate renovate Bot force-pushed the renovate/dompurify-3.x branch 2 times, most recently from 5b04c5e to df1e67c Compare April 29, 2026 16:58
@renovate renovate Bot changed the title Update dependency dompurify to v3.4.1 Update dependency dompurify to v3.4.2 Apr 30, 2026
@renovate renovate Bot force-pushed the renovate/dompurify-3.x branch 7 times, most recently from 46c49ae to faefafa Compare May 7, 2026 16:48
@renovate renovate Bot force-pushed the renovate/dompurify-3.x branch 3 times, most recently from d5f28b9 to 27a2558 Compare May 11, 2026 23:10
@renovate renovate Bot changed the title Update dependency dompurify to v3.4.2 Update dependency dompurify to v3.4.3 May 13, 2026
@renovate renovate Bot force-pushed the renovate/dompurify-3.x branch 3 times, most recently from 5af11cc to 860f8e8 Compare May 15, 2026 00:22
@renovate renovate Bot changed the title Update dependency dompurify to v3.4.3 Update dependency dompurify to v3.4.4 May 17, 2026
@renovate renovate Bot force-pushed the renovate/dompurify-3.x branch from 860f8e8 to ede94d5 Compare May 17, 2026 12:49
@renovate renovate Bot changed the title Update dependency dompurify to v3.4.4 Update dependency dompurify to v3.4.5 May 18, 2026
@renovate renovate Bot force-pushed the renovate/dompurify-3.x branch 5 times, most recently from 539a02f to 8119a30 Compare May 20, 2026 18:43
@renovate renovate Bot changed the title Update dependency dompurify to v3.4.5 Update dependency dompurify to v3.4.6 May 26, 2026
@renovate renovate Bot force-pushed the renovate/dompurify-3.x branch 2 times, most recently from 85a2581 to 31b3758 Compare May 26, 2026 15:39
@renovate renovate Bot changed the title Update dependency dompurify to v3.4.6 Update dependency dompurify to v3.4.7 May 27, 2026
@renovate renovate Bot force-pushed the renovate/dompurify-3.x branch from 31b3758 to b44add6 Compare May 27, 2026 14:08
@renovate renovate Bot force-pushed the renovate/dompurify-3.x branch 3 times, most recently from 25b0792 to f2a2f86 Compare June 2, 2026 19:45
@renovate renovate Bot changed the title Update dependency dompurify to v3.4.7 Update dependency dompurify to v3.4.8 Jun 3, 2026
@renovate renovate Bot force-pushed the renovate/dompurify-3.x branch 3 times, most recently from 32beebb to 2f42b61 Compare June 5, 2026 23:21
@renovate renovate Bot changed the title Update dependency dompurify to v3.4.8 Update dependency dompurify to v3.4.9 Jun 10, 2026
@renovate renovate Bot force-pushed the renovate/dompurify-3.x branch 2 times, most recently from f0645a0 to 7c57c1b Compare June 12, 2026 12:41
@renovate renovate Bot changed the title Update dependency dompurify to v3.4.9 Update dependency dompurify to v3.4.10 Jun 12, 2026
@renovate renovate Bot force-pushed the renovate/dompurify-3.x branch from 7c57c1b to b17df18 Compare June 12, 2026 13:03
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants