Skip to content

Bump dompurify from 2.3.6 to 2.3.9#998

Closed
dependabot[bot] wants to merge 1 commit intodevfrom
dependabot/npm_and_yarn/dev/dompurify-2.3.9
Closed

Bump dompurify from 2.3.6 to 2.3.9#998
dependabot[bot] wants to merge 1 commit intodevfrom
dependabot/npm_and_yarn/dev/dompurify-2.3.9

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot bot commented on behalf of github Jul 11, 2022

Bumps dompurify from 2.3.6 to 2.3.9.

Release notes

Sourced from dompurify's releases.

DOMPurify 2.3.9

  • Made TAG and ATTR config options case-sensitive when parsing XHTML, thanks @​tosmolka
  • Bumped some dependencies, thanks @​is2ei
  • Included github-actions in the dependabot config, thanks @​nathannaveen

DOMPurify 2.3.8

  • Cleaned up a minor issue with the 2.3.7 release, thanks @​johnbirds

No other changes compared to 2.3.7 release, which entail:

Commits
  • 52c8eb1 chore: Updated website
  • 6ec9e42 chore: Preparing 2.3.9 release
  • 912245b Merge pull request #695 from cure53/dependabot/npm_and_yarn/shell-quote-1.7.3
  • 2686662 build(deps): bump shell-quote from 1.7.2 to 1.7.3
  • abf6295 Merge pull request #693 from is2ei/run-format
  • a49f13d format code
  • 2ac0802 See #692
  • e1e04f3 See #692
  • 79e622c Merge pull request #692 from tosmolka/tosmolka/xhtml-lowercase
  • 3ad7750 Make TAG and ATTR cfg options case-sensitive when parsing XHTML
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot
Bump dompurify from 2.3.6 to 2.3.9
dede367 
Bumps [dompurify](https://github.com/cure53/DOMPurify) from 2.3.6 to 2.3.9.
- [Release notes](https://github.com/cure53/DOMPurify/releases)
- [Commits](cure53/DOMPurify@2.3.6...2.3.9)

---
updated-dependencies:
- dependency-name: dompurify
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code labels Jul 11, 2022
@dependabot dependabot bot requested a review from ZsgsDesign July 11, 2022 21:43
@dependabot dependabot bot mentioned this pull request Jul 11, 2022
Closed
@dependabot @github
Copy link
Copy Markdown
Contributor Author

dependabot bot commented on behalf of github Jul 18, 2022

Superseded by #1001.

@dependabot dependabot bot closed this Jul 18, 2022
@dependabot dependabot bot deleted the dependabot/npm_and_yarn/dev/dompurify-2.3.9 branch July 18, 2022 21:56
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@ZsgsDesign ZsgsDesign Awaiting requested review from ZsgsDesign

Assignees

@ZsgsDesign ZsgsDesign

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@ZsgsDesign