Skip to content

npm(deps): bump dompurify from 3.2.6 to 3.2.7#2513

Merged
sudhanshu-arya1 merged 1 commit intodevelopfrom
dependabot/npm_and_yarn/develop/dompurify-3.2.7
Sep 23, 2025
Merged

npm(deps): bump dompurify from 3.2.6 to 3.2.7#2513
sudhanshu-arya1 merged 1 commit intodevelopfrom
dependabot/npm_and_yarn/develop/dompurify-3.2.7

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot Bot commented on behalf of github Sep 18, 2025
edited
Loading

⚠️ Dependabot is rebasing this PR ⚠️

Rebasing might not happen immediately, so don't worry if this takes some time.

Note: if you make any changes to this PR yourself, they will take precedence over the rebase.

Bumps dompurify from 3.2.6 to 3.2.7.

Release notes

Sourced from dompurify's releases.

DOMPurify 3.2.7

  • Added new attributes and elements to default allow-list, thanks @​elrion018
  • Added tagName parameter to custom element attributeNameCheck, thanks @​nelstrom
  • Added better check for animated href attributes, thanks @​llamakko
  • Updated and improved the bundled types, thanks @​ssi02014
  • Updated several tests to better align with new browser encoding behaviors
  • Improved the handling of potentially risky content inside CDATA elements, thanks @​securityMB & @​terjanq
  • Improved the regular expression for raw-text elements to cover textareas, thanks @​securityMB & @​terjanq
Commits
  • eaa0bdb Merge pull request #1144 from cure53/main
  • f712593 fix: removed a possibly dossy regex
  • eb9b3b6 Merge branch 'main' of github.com:cure53/DOMPurify
  • ce006f7 chore: Preparing 3.2.7 release
  • ef0e0cb chore: Preparing 3.2.6 release
  • 2f09cd3 Update README.md
  • 6a795bc Merge pull request #1142 from cure53/dependabot/github_actions/actions/setup-...
  • 2458bbd build(deps): bump actions/setup-node from 4 to 5
  • e43d3f3 Merge pull request #1136 from cure53/dependabot/github_actions/actions/checko...
  • 6f5be37 build(deps): bump actions/checkout from 4 to 5
  • Additional commits viewable in compare view

Dependabot compatibility score

You can trigger a rebase of this PR by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot
npm(deps): bump dompurify from 3.2.6 to 3.2.7
46d1e05 
Bumps [dompurify](https://github.com/cure53/DOMPurify) from 3.2.6 to 3.2.7.
- [Release notes](https://github.com/cure53/DOMPurify/releases)
- [Commits](cure53/DOMPurify@3.2.6...3.2.7)

---
updated-dependencies:
- dependency-name: dompurify
  dependency-version: 3.2.7
  dependency-type: indirect
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code labels Sep 18, 2025
@dependabot dependabot Bot added the javascript Pull requests that update Javascript code label Sep 18, 2025
@github-actions github-actions Bot mentioned this pull request Sep 23, 2025
Merged
@sudhanshu-arya1 sudhanshu-arya1 merged commit 747a791 into develop Sep 23, 2025
3 of 4 checks passed
@dependabot dependabot Bot deleted the dependabot/npm_and_yarn/develop/dompurify-3.2.7 branch September 23, 2025 08:27
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@daniel-mcadam-nhs daniel-mcadam-nhs Awaiting requested review from daniel-mcadam-nhs daniel-mcadam-nhs is a code owner

@kevinmason-nhs kevinmason-nhs Awaiting requested review from kevinmason-nhs kevinmason-nhs is a code owner

@sudhanshu-arya1 sudhanshu-arya1 Awaiting requested review from sudhanshu-arya1

@adamoldfield-nhs adamoldfield-nhs Awaiting requested review from adamoldfield-nhs

@nhsd-jack-wainwright nhsd-jack-wainwright Awaiting requested review from nhsd-jack-wainwright

@nhsd-sw nhsd-sw Awaiting requested review from nhsd-sw

@nhsd-dm nhsd-dm Awaiting requested review from nhsd-dm

@nhsd-andrew-tuley nhsd-andrew-tuley Awaiting requested review from nhsd-andrew-tuley

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@sudhanshu-arya1