Skip to content

chore(deps): update dependency dompurify to v3.4.2#5799

Merged
thomhurst merged 1 commit intomainfrom
renovate/dompurify-3.x
Apr 30, 2026
Merged

chore(deps): update dependency dompurify to v3.4.2#5799
thomhurst merged 1 commit intomainfrom
renovate/dompurify-3.x

Conversation

@thomhurst
Copy link
Copy Markdown
Owner

@thomhurst thomhurst commented Apr 30, 2026

This PR contains the following updates:

Package Type Update Change
dompurify resolutions patch 3.4.13.4.2

Release Notes

cure53/DOMPurify (dompurify)

v3.4.2: DOMPurify 3.4.2

Compare Source

  • Fixed an issue with URI validation on attributes allowed via ADD_ATTR callback, thanks @​nelstrom
  • Fixed an issue with source maps referring to non-existing files, thanks @​cmdcolin
  • Updated existing workflows, fuzzer, release signing, etc., added more tests
  • Bumped several dependencies where possible

Configuration

📅 Schedule: (UTC)

  • Branch creation
    • At any time (no schedule defined)
  • Automerge
    • At any time (no schedule defined)

🚦 Automerge: Enabled.

Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

  • If you want to rebase/retry this PR, check this box

This PR has been generated by Mend Renovate.

@thomhurst thomhurst added dependencies Pull requests that update a dependency file PATCH renovate-bot labels Apr 30, 2026
@thomhurst thomhurst enabled auto-merge (squash) April 30, 2026 16:04
@codacy-production
Copy link
Copy Markdown

codacy-production Bot commented Apr 30, 2026

Up to standards ✅

🟢 Issues 0 issues

Results:
0 new issues

View in Codacy

NEW Get contextual insights on your PRs based on Codacy's metrics, along with PR and Jira context, without leaving GitHub. Enable AI reviewer
TIP This summary will be updated as you push new changes.

claude[bot]
claude Bot reviewed Apr 30, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

@claude claude Bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Dependency Update Review: dompurify 3.4.1 → 3.4.2

This is a straightforward Renovate-generated patch update to dompurify in the docs/ site.

What changed:

  • docs/package.json: version pin bumped from 3.4.13.4.2
  • docs/yarn.lock: hash and resolved URL updated accordingly

Assessment: ✅ Safe to merge.

Why this is fine:

  • Patch-level bump only — semver signals no breaking changes or new APIs.
  • The 3.4.2 release notes describe two bug fixes (URI validation on ADD_ATTR callback attributes, and broken source map references), plus internal maintenance (workflows, fuzzer, deps). Neither fix affects TUnit's docs usage pattern.
  • dompurify is a security-focused HTML sanitiser. Keeping it current is good hygiene, and this patch closes a minor URI-validation gap.
  • Auto-merge is already enabled; the change is limited to the docs package tree and has no effect on the .NET test framework or any generated artefacts.

No concerns here.

@thomhurst thomhurst merged commit e7ae155 into main Apr 30, 2026
15 checks passed
@thomhurst thomhurst deleted the renovate/dompurify-3.x branch April 30, 2026 16:36
This was referenced May 2, 2026
Open
Open
Open
Open
Open
Merged
Open
Open
Open
Open
Closed
Merged
Merged
Open
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@claude claude[bot] claude[bot] left review comments

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file PATCH renovate-bot

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@thomhurst @renovate-bot