Skip to content

Chore(deps): Bump dompurify from 3.4.6 to 3.4.8#8058

Open
dependabot[bot] wants to merge 1 commit into
stable33from
dependabot/npm_and_yarn/stable33/dompurify-3.4.7
Open

Chore(deps): Bump dompurify from 3.4.6 to 3.4.8#8058
dependabot[bot] wants to merge 1 commit into
stable33from
dependabot/npm_and_yarn/stable33/dompurify-3.4.7

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jun 13, 2026
edited
Loading

Copy link
Copy Markdown
Contributor

Bumps dompurify from 3.4.6 to 3.4.8.

Release notes

Sourced from dompurify's releases.

DOMPurify 3.4.8

  • Cleaned up the repository root, renamed some and removed unneeded files
  • Fixed an issue with handling of Trusted Types policies, thanks @​fulstadev
  • Fixed the node iterator for better template scrubbing, thanks @​IamLeandrooooo
  • Included formerly missing LICENSE-MPL in published npm package, thanks @​asamuzaK
  • Bumped several dependencies where possible

DOMPurify 3.4.7

  • Hardened the handling of Shadow Roots when using IN_PLACE, thanks @​GameZoneHacker
  • Removed a problem leading to permanent hook pollution, thanks @​offset
  • Refactored the test suite and expanded test coverage significantly
Commits

@dependabot
Chore(deps): Bump dompurify from 3.4.6 to 3.4.8
6f00ae0 
Bumps [dompurify](https://github.com/cure53/DOMPurify) from 3.4.6 to 3.4.8.
- [Release notes](https://github.com/cure53/DOMPurify/releases)
- [Commits](cure53/DOMPurify@3.4.6...3.4.8)

---
updated-dependencies:
- dependency-name: dompurify
  dependency-version: 3.4.7
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot changed the title Chore(deps): Bump dompurify from 3.3.3 to 3.4.7 Chore(deps): Bump dompurify from 3.4.6 to 3.4.8 Jun 15, 2026
@dependabot dependabot Bot force-pushed the dependabot/npm_and_yarn/stable33/dompurify-3.4.7 branch from baa9259 to 6f00ae0 Compare June 15, 2026 12:59
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@github-actions github-actions[bot] github-actions[bot] approved these changes

@luka-nextcloud luka-nextcloud Awaiting requested review from luka-nextcloud luka-nextcloud is a code owner

@grnd-alt grnd-alt Awaiting requested review from grnd-alt grnd-alt is a code owner

Assignees

No one assigned

Labels

3. to review dependencies

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants