Skip to content

chore(deps): bump dompurify and @types/dompurify#103

Closed
dependabot[bot] wants to merge 1 commit into
masterfrom
dependabot/npm_and_yarn/multi-c2a6adffb5
Closed

chore(deps): bump dompurify and @types/dompurify#103
dependabot[bot] wants to merge 1 commit into
masterfrom
dependabot/npm_and_yarn/multi-c2a6adffb5

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Mar 16, 2026
edited
Loading

Copy link
Copy Markdown
Contributor

Bumps dompurify and @types/dompurify. These dependencies needed to be updated together.
Updates dompurify from 3.3.2 to 3.3.3

Release notes

Sourced from dompurify's releases.

DOMPurify 3.3.3

  • Fixed an engine requirement for Node 20 which caused hiccups, thanks @​Rotzbua
Commits
  • 8bcbf73 chore: Preparing 3.3.3 release
  • 5faddd6 fix: engine requirement (#1210)
  • 0f91e3a Update README.md
  • d5ff1a8 Merge branch 'main' of github.com:cure53/DOMPurify
  • c3efd48 fix: moved back from jsdom 28 to jsdom 20
  • 988b888 fix: moved back from jsdom 28 to jsdom 20
  • 2726c74 chore: Preparing 3.3.2 release
  • 6202c7e build(deps): bump @​tootallnate/once and jsdom (#1204)
  • 302b51d fix: Expanded the regex ever so slightly to also cover script
  • cd85175 Merge branch 'main' of github.com:cure53/DOMPurify
  • Additional commits viewable in compare view

Updates @types/dompurify from 3.0.5 to 3.2.0

Commits

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Mar 16, 2026
@dependabot dependabot Bot requested a review from devartifex as a code owner March 16, 2026 13:45
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Mar 16, 2026
@dependabot dependabot Bot force-pushed the dependabot/npm_and_yarn/multi-c2a6adffb5 branch from 003414b to 973439f Compare March 22, 2026 10:59
@dependabot
chore(deps): bump dompurify and @types/dompurify
d56e4e6 
Bumps [dompurify](https://github.com/cure53/DOMPurify) and [@types/dompurify](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/dompurify). These dependencies needed to be updated together.

Updates `dompurify` from 3.3.2 to 3.3.3
- [Release notes](https://github.com/cure53/DOMPurify/releases)
- [Commits](cure53/DOMPurify@3.3.2...3.3.3)

Updates `@types/dompurify` from 3.0.5 to 3.2.0
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases)
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/dompurify)

---
updated-dependencies:
- dependency-name: dompurify
  dependency-version: 3.3.3
  dependency-type: direct:production
  update-type: version-update:semver-patch
- dependency-name: "@types/dompurify"
  dependency-version: 3.2.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot force-pushed the dependabot/npm_and_yarn/multi-c2a6adffb5 branch from 973439f to d56e4e6 Compare March 22, 2026 11:24
@devartifex

devartifex commented Mar 22, 2026

Copy link
Copy Markdown
Owner

Resolved manually in master (dompurify 3.3.3)

@devartifex devartifex closed this Mar 22, 2026
@devartifex devartifex deleted the dependabot/npm_and_yarn/multi-c2a6adffb5 branch March 22, 2026 11:25
@dependabot @github

dependabot Bot commented on behalf of github Mar 22, 2026

Copy link
Copy Markdown
Contributor Author

OK, I won't notify you again about this release, but will get in touch when a new version is available. You can also ignore all major, minor, or patch releases for a dependency by adding an ignore condition with the desired update_types to your config file.

If you change your mind, just re-open this PR and I'll resolve any conflicts on it.

devartifex added a commit that referenced this pull request Mar 22, 2026
@devartifex
chore(deps): update dompurify 3.3.3, isomorphic-dompurify 3.6.0, @typ…
a88135f 
…es/dompurify 3.2.0

Security: resolves dompurify advisories from Dependabot PRs #103, #105.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@devartifex devartifex Awaiting requested review from devartifex devartifex is a code owner

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@devartifex