build(deps): bump dompurify from 3.2.5 to 3.2.6
Merged
Number: #1995
Type: Pull Request
State: Merged
Type: Pull Request
State: Merged
Author:
![dependabot[bot]](https://github.com/dependabot.png)
dependabot[bot]
Association: Contributor
Comments: 0
dependabot[bot]Association: Contributor
Comments: 0
Created:
May 19, 2025 at 06:03 PM UTC
(about 1 year ago)
(about 1 year ago)
Updated:
May 19, 2025 at 08:09 PM UTC
(about 1 year ago)
(about 1 year ago)
Merged:
May 19, 2025 at 08:09 PM UTC
(about 1 year ago)
by petecooper
(about 1 year ago)
by petecooper
Time to Close:
about 2 hours
Labels:
dependencies javascript
dependencies javascript
Description:
Bumps dompurify from 3.2.5 to 3.2.6.
Release notes
Sourced from dompurify's releases.
DOMPurify 3.2.6
- Fixed several typos and removed clutter from our documentation, thanks
@Rotzbua- Added
matrix:as an allowed URI scheme, thanks@kleinesfilmroellchen- Added better config hardening against prototype pollution, thanks
@EffectRenan- Added better handling of attribute removal, thanks
@michalnieruchalski-tiugo- Added better configuration for aggressive mXSS scrubbing behavior, thanks
@BryanValverdeU- Removed the script that caused the fake entry CVE-2025-48050
Commits
32f765eMerge pull request #1105 from cure53/main6158ecbMerge pull request #1103 from cure53/main0f7ce14chore: Preparing 3.2.6 release848463bchore: removed unused test server scriptb0e0ebbUpdate README.mdf094f76Update README.md6bc6d60Merge pull request #1101 from odaysec/patch-1e9afd60Update server.js166151csee #1095ac7c594Merge pull request #1096 from Rotzbua/fix_missing- Additional commits viewable in compare view
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot mergewill merge this PR after your CI passes on it@dependabot squash and mergewill squash and merge this PR after your CI passes on it@dependabot cancel mergewill cancel a previously requested merge and block automerging@dependabot reopenwill reopen this PR if it is closed@dependabot closewill close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually@dependabot show <dependency name> ignore conditionswill show all of the ignore conditions of the specified dependency@dependabot ignore this major versionwill close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this minor versionwill close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this dependencywill close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Pull Request Statistics
Commits:
1
1
Files Changed:
1
1
Additions:
+1
+1
Deletions:
-1
-1
Package Dependencies
Technical Details
| ID: | 485037 |
| UUID: | 2529436639 |
| Node ID: | PR_kwDOAAJrmc6WxCPf |
| Host: | GitHub |
| Repository: | textpattern/textpattern |
| Merge State: | Unknown |