Skip to content

deps: bump the production-minor-patch group across 1 directory with 3 updates#7

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/production-minor-patch-ce47bf0f18
Open

deps: bump the production-minor-patch group across 1 directory with 3 updates#7
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/production-minor-patch-ce47bf0f18

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jul 6, 2026

Copy link
Copy Markdown

Bumps the production-minor-patch group with 3 updates in the / directory: dompurify, iconv-lite and mailparser.

Updates dompurify from 3.4.10 to 3.4.11

Release notes

Sourced from dompurify's releases.

DOMPurify 3.4.11

  • Fixed an issue with a leaky config for hooks via setConfig, thanks @​trace37labs
  • Bumped vulnerable development dependencies to arrive at plain 0 with npm audit
  • Updated the osv-scanner suppression list as no vulnerable dependencies are left for now
  • Updated up the linting tool-chain and removed now-redundant lint directives
  • Updated the documentation is several spots, README, wiki, etc.
  • Bumped several dependencies where possible
Commits

Updates iconv-lite from 0.7.2 to 0.7.3

Release notes

Sourced from iconv-lite's releases.

0.7.3

🚀 Improvements

🐞 Bug fixes

  • Fix UTF-32 streaming across chunk boundaries - by @​spokodev and @​bjohansebas in #393

    When decoding a UTF-32 stream, a 4-byte code unit split across a chunk boundary was decoded incorrectly, and a truncated trailing unit is now replaced with U+FFFD instead of being dropped. When encoding, a surrogate held over between chunks no longer throws. Whole-buffer decode/encode were unaffected.

New Contributors

Full Changelog: pillarjs/iconv-lite@v0.7.2...v0.7.3

Changelog

Sourced from iconv-lite's changelog.

0.7.3

🚀 Improvements

🐞 Bug fixes

  • Fix UTF-32 streaming across chunk boundaries - by @​spokodev and @​bjohansebas in #393

    When decoding a UTF-32 stream, a 4-byte code unit split across a chunk boundary was decoded incorrectly, and a truncated trailing unit is now replaced with U+FFFD instead of being dropped. When encoding, a surrogate held over between chunks no longer throws. Whole-buffer decode/encode were unaffected.

Commits
  • 43694e2 release: 0.7.3 (#411)
  • 11e96b5 fix(utf32): reassemble split codepoint from overflow buffer, not source index...
  • b52b9d3 feat: support iso-8859-8-i and iso-8859-8-e charset labels (#394)
  • 2bfa5ab ci: fix workflow configuration for v0.x branch (#404)
  • See full diff in compare view

Updates mailparser from 3.9.9 to 3.9.14

Changelog

Sourced from mailparser's changelog.

3.9.14 (2026-07-05)

Bug Fixes

  • update dependencies (@​zone-eu/mailsplit 5.4.14) (595b150)

3.9.13 (2026-07-05)

Bug Fixes

  • update dependencies (nodemailer 9.0.3, iconv-lite 0.7.3, libmime 5.4.1) (999e77b)

3.9.12 (2026-06-25)

Bug Fixes

  • decode iso-8859-8-i and iso-8859-8-e charsets as iso-8859-8 (3e4b7fc)

3.9.11 (2026-06-19)

Bug Fixes

  • bump nodemailer to 9.0.1 (020f140)

3.9.10 (2026-06-15)

Bug Fixes

  • bump dependencies (nodemailer 9, eslint 10.5, prettier 3.8.4) (262ecff)
Commits
  • b82a24e chore(master): release 3.9.14 [skip-ci] (#429)
  • 595b150 fix: update dependencies (@​zone-eu/mailsplit 5.4.14)
  • e9578af chore(master): release 3.9.13 [skip-ci] (#428)
  • 999e77b fix: update dependencies (nodemailer 9.0.3, iconv-lite 0.7.3, libmime 5.4.1)
  • cf7dd8d chore(master): release 3.9.12 [skip-ci] (#427)
  • 3e4b7fc fix: decode iso-8859-8-i and iso-8859-8-e charsets as iso-8859-8
  • 04116f0 chore(master): release 3.9.11 [skip-ci] (#425)
  • 020f140 fix: bump nodemailer to 9.0.1
  • b890336 docs: add PGP-signed SECURITY.txt (RFC 9116) [skip ci]
  • 705c237 chore(master): release 3.9.10 [skip-ci] (#424)
  • Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

… updates

Bumps the production-minor-patch group with 3 updates in the / directory: [dompurify](https://github.com/cure53/DOMPurify), [iconv-lite](https://github.com/pillarjs/iconv-lite) and [mailparser](https://github.com/nodemailer/mailparser).


Updates `dompurify` from 3.4.10 to 3.4.11
- [Release notes](https://github.com/cure53/DOMPurify/releases)
- [Commits](cure53/DOMPurify@3.4.10...3.4.11)

Updates `iconv-lite` from 0.7.2 to 0.7.3
- [Release notes](https://github.com/pillarjs/iconv-lite/releases)
- [Changelog](https://github.com/pillarjs/iconv-lite/blob/v0.7.3/Changelog.md)
- [Commits](pillarjs/iconv-lite@v0.7.2...v0.7.3)

Updates `mailparser` from 3.9.9 to 3.9.14
- [Release notes](https://github.com/nodemailer/mailparser/releases)
- [Changelog](https://github.com/nodemailer/mailparser/blob/master/CHANGELOG.md)
- [Commits](nodemailer/mailparser@v3.9.9...v3.9.14)

---
updated-dependencies:
- dependency-name: dompurify
  dependency-version: 3.4.11
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: production-minor-patch
- dependency-name: iconv-lite
  dependency-version: 0.7.3
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: production-minor-patch
- dependency-name: mailparser
  dependency-version: 3.9.14
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: production-minor-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Jul 6, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants