Skip to content

Add DOMPurify selectedcontent fixed references#8470

Open
cookesan wants to merge 2 commits into
github:cookesan/advisory-improvement-8470from
cookesan:dompurify-87xg-fixed-references
Open

Add DOMPurify selectedcontent fixed references#8470
cookesan wants to merge 2 commits into
github:cookesan/advisory-improvement-8470from
cookesan:dompurify-87xg-fixed-references

Conversation

@cookesan

@cookesan cookesan commented Jun 30, 2026

Copy link
Copy Markdown

Adds DOMPurify selectedcontent fixed references to GHSA-87xg-pxx2-7hvx.

Audit refresh, July 8, 2026:

  • Confirmed the live PR is open, ready for review, merge-clean, and the visible advisory check is green.
  • Rechecked the merge-base diff: exactly one advisory JSON file changes (advisories/github-reviewed/2026/06/GHSA-87xg-pxx2-7hvx/GHSA-87xg-pxx2-7hvx.json), JSON parses, git diff --check passes, and the exact-head worktree is clean.
  • Revalidated the added public references and package-version evidence in the diff; all resolve through their source site or registry.

@github-actions github-actions Bot changed the base branch from main to cookesan/advisory-improvement-8470 June 30, 2026 21:11
@cookesan

cookesan commented Jul 7, 2026

Copy link
Copy Markdown
Author

Revalidated July 8, 2026: this remains scoped to DOMPurify 3.4.5 fixed evidence for GHSA-87xg-pxx2-7hvx. npm confirms dompurify@3.4.5, the upstream release and source tag resolve, and GitHub's advisory record maps the GHSA to CVE-2026-47423. Local merge-base checks pass with a single advisory JSON file changed, JSON parsing, git diff --check, and a clean worktree.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant