Skip to content

build(deps): bump dompurify from 3.4.7 to 3.4.11 in /services/frontend in the frontend-security group across 1 directory#361

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/services/frontend/frontend-security-efda44a5db
Open

build(deps): bump dompurify from 3.4.7 to 3.4.11 in /services/frontend in the frontend-security group across 1 directory#361
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/services/frontend/frontend-security-efda44a5db

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jun 17, 2026

Copy link
Copy Markdown
Contributor

Bumps the frontend-security group with 1 update in the /services/frontend directory: dompurify.

Updates dompurify from 3.4.7 to 3.4.11

Release notes

Sourced from dompurify's releases.

DOMPurify 3.4.11

  • Fixed an issue with a leaky config for hooks via setConfig, thanks @​trace37labs
  • Bumped vulnerable development dependencies to arrive at plain 0 with npm audit
  • Updated the osv-scanner suppression list as no vulnerable dependencies are left for now
  • Updated up the linting tool-chain and removed now-redundant lint directives
  • Updated the documentation is several spots, README, wiki, etc.
  • Bumped several dependencies where possible

DOMPurify 3.4.10

  • Refactored codebase for clarity: extracted the public type declarations into types.ts
  • Decomposed the three largest sanitizer functions into focused helpers
  • Removed duplicated defaults and dead branches, consolidated SAFE_FOR_TEMPLATES scrubbing into single shared path
  • Improved per-node performance by hoisting the mXSS probe regexes and testing textContent before innerHTML
  • Added a deterministic micro-benchmark harness (npm run bench) with a --compare mode
  • Reduced CI cost by running the full three-engine browser suite once per PR
  • Refreshed the demos/ folder so every demo runs again, and added a SVG-via-<img> demo
  • Documented the bench and test:happydom scripts in the README
  • Completed the Attack Classes & Bypass History wiki page
  • Bumped several dependencies where possible

DOMPurify 3.4.9

  • Further improved the handling of Trusted Types config options, thanks @​offset
  • Further improved the handling of IN_PLACE sanitization, thanks @​mozfreddyb
  • Added more test coverage for IN_PLACE and Trusted Types related usage
  • Bumped several dependencies where possible
  • Updated README and wiki with more accurate documentation & attack samples

DOMPurify 3.4.8

  • Cleaned up the repository root, renamed some and removed unneeded files
  • Fixed an issue with handling of Trusted Types policies, thanks @​fulstadev
  • Fixed the node iterator for better template scrubbing, thanks @​IamLeandrooooo
  • Included formerly missing LICENSE-MPL in published npm package, thanks @​asamuzaK
  • Bumped several dependencies where possible
Commits

@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Jun 17, 2026
Bumps the frontend-security group with 1 update in the /services/frontend directory: [dompurify](https://github.com/cure53/DOMPurify).


Updates `dompurify` from 3.4.7 to 3.4.11
- [Release notes](https://github.com/cure53/DOMPurify/releases)
- [Commits](cure53/DOMPurify@3.4.7...3.4.11)

---
updated-dependencies:
- dependency-name: dompurify
  dependency-version: 3.4.9
  dependency-type: direct:production
  dependency-group: frontend-security
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot changed the title build(deps): bump dompurify from 3.4.7 to 3.4.9 in /services/frontend in the frontend-security group across 1 directory build(deps): bump dompurify from 3.4.7 to 3.4.11 in /services/frontend in the frontend-security group across 1 directory Jul 6, 2026
@dependabot dependabot Bot force-pushed the dependabot/npm_and_yarn/services/frontend/frontend-security-efda44a5db branch from b790a32 to ab8b6c8 Compare July 6, 2026 00:55
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants