[PR #2678] [CLOSED] Bump dompurify from 3.1.6 to 3.2.1 in /frontend #4071

Closed
opened 2026-02-22 18:35:04 -05:00 by yindo · 0 comments
Owner

📋 Pull Request Information

Original PR: https://github.com/Mintplex-Labs/anything-llm/pull/2678
Author: @dependabot[bot]
Created: 11/21/2024
Status: Closed

Base: masterHead: dependabot/npm_and_yarn/frontend/dompurify-3.2.1


📝 Commits (1)

  • 3bb0821 Bump dompurify from 3.1.6 to 3.2.1 in /frontend

📊 Changes

2 files changed (+40 additions, -8 deletions)

View changed files

📝 frontend/package.json (+1 -1)
📝 frontend/yarn.lock (+39 -7)

📄 Description

Bumps dompurify from 3.1.6 to 3.2.1.

Release notes

Sourced from dompurify's releases.

DOMPurify 3.2.1

DOMPurify 3.2.0

DOMPurify 3.1.7

  • Fixed an issue with comment detection and possible bypasses with specific config settings, thanks @​masatokinugawa
  • Fixed several smaller typos in documentation and test & build files, thanks @​christianhg
  • Added better support for Angular compiler, thanks @​jeroen1602
  • Added several new attributes to HTML and SVG allow-list, thanks @​Gigabyte5671 and @​Rotzbua
  • Removed the foreignObject element from the list of HTML entry-points, thanks @​masatokinugawa
  • Bumped several dependencies to be more up to date
Commits
  • 7f154b3 Merge pull request #1030 from cure53/main
  • 83ce1cc chore: Preparing 3.2.1 release
  • 8e1c70a Merge pull request #1028 from MiniDigger/optional-dompurify-argument-type
  • 071771c fix: mark createDOMPurify param as optional
  • f93acff Merge pull request #1025 from asamuzaK/opt
  • 3a5d9cb Move @​types/trusted-types to optionalDependencies
  • 983b436 Merge pull request #1021 from asamuzaK/type
  • 0d54293 Merge pull request #1022 from ghiscoding/main
  • 7ea9c61 Merge pull request #1024 from reduckted/fix/minify
  • 6fea7af Merge pull request #1023 from reduckted/fix/export-order
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.

## 📋 Pull Request Information **Original PR:** https://github.com/Mintplex-Labs/anything-llm/pull/2678 **Author:** [@dependabot[bot]](https://github.com/apps/dependabot) **Created:** 11/21/2024 **Status:** ❌ Closed **Base:** `master` ← **Head:** `dependabot/npm_and_yarn/frontend/dompurify-3.2.1` --- ### 📝 Commits (1) - [`3bb0821`](https://github.com/Mintplex-Labs/anything-llm/commit/3bb0821bc7970b369a25fa1e309d1f230c1c09f4) Bump dompurify from 3.1.6 to 3.2.1 in /frontend ### 📊 Changes **2 files changed** (+40 additions, -8 deletions) <details> <summary>View changed files</summary> 📝 `frontend/package.json` (+1 -1) 📝 `frontend/yarn.lock` (+39 -7) </details> ### 📄 Description Bumps [dompurify](https://github.com/cure53/DOMPurify) from 3.1.6 to 3.2.1. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/cure53/DOMPurify/releases">dompurify's releases</a>.</em></p> <blockquote> <h2>DOMPurify 3.2.1</h2> <ul> <li>Fixed several minor issues with the type definitions, thanks <a href="https://github.com/reduckted"><code>@​reduckted</code></a> <a href="https://github.com/ghiscoding"><code>@​ghiscoding</code></a> <a href="https://github.com/asamuzaK"><code>@​asamuzaK</code></a> <a href="https://github.com/MiniDigger"><code>@​MiniDigger</code></a></li> <li>Fixed an issue with non-minified dist files and order of imports, thanks <a href="https://github.com/reduckted"><code>@​reduckted</code></a></li> </ul> <h2>DOMPurify 3.2.0</h2> <ul> <li>Added type declarations, thanks <a href="https://github.com/reduckted"><code>@​reduckted</code></a> , <a href="https://github.com/philmayfield"><code>@​philmayfield</code></a>, <a href="https://github.com/aloisklink"><code>@​aloisklink</code></a>, <a href="https://github.com/ssi02014"><code>@​ssi02014</code></a> and others</li> <li>Fixed a minor issue with the handling of hooks, thanks <a href="https://github.com/kevin-mizu"><code>@​kevin-mizu</code></a></li> </ul> <h2>DOMPurify 3.1.7</h2> <ul> <li>Fixed an issue with comment detection and possible bypasses with specific config settings, thanks <a href="https://github.com/masatokinugawa"><code>@​masatokinugawa</code></a></li> <li>Fixed several smaller typos in documentation and test &amp; build files, thanks <a href="https://github.com/christianhg"><code>@​christianhg</code></a></li> <li>Added better support for Angular compiler, thanks <a href="https://github.com/jeroen1602"><code>@​jeroen1602</code></a></li> <li>Added several new attributes to HTML and SVG allow-list, thanks <a href="https://github.com/Gigabyte5671"><code>@​Gigabyte5671</code></a> and <a href="https://github.com/Rotzbua"><code>@​Rotzbua</code></a></li> <li>Removed the <code>foreignObject</code> element from the list of HTML entry-points, thanks <a href="https://github.com/masatokinugawa"><code>@​masatokinugawa</code></a></li> <li>Bumped several dependencies to be more up to date</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/cure53/DOMPurify/commit/7f154b33e3f15e9cff658dfbe1816ccd4a850b84"><code>7f154b3</code></a> Merge pull request <a href="https://redirect.github.com/cure53/DOMPurify/issues/1030">#1030</a> from cure53/main</li> <li><a href="https://github.com/cure53/DOMPurify/commit/83ce1cc20fbfeb599206e8ee1a54737848c08a30"><code>83ce1cc</code></a> chore: Preparing 3.2.1 release</li> <li><a href="https://github.com/cure53/DOMPurify/commit/8e1c70a083183483eca5b8786f1217808856b394"><code>8e1c70a</code></a> Merge pull request <a href="https://redirect.github.com/cure53/DOMPurify/issues/1028">#1028</a> from MiniDigger/optional-dompurify-argument-type</li> <li><a href="https://github.com/cure53/DOMPurify/commit/071771c0e0c1274b485803a635f7112a56c629b8"><code>071771c</code></a> fix: mark createDOMPurify param as optional</li> <li><a href="https://github.com/cure53/DOMPurify/commit/f93acffc37667f7e6a008d7396c961beba831c92"><code>f93acff</code></a> Merge pull request <a href="https://redirect.github.com/cure53/DOMPurify/issues/1025">#1025</a> from asamuzaK/opt</li> <li><a href="https://github.com/cure53/DOMPurify/commit/3a5d9cb44b64567737ce08fa047d409ec56c41c1"><code>3a5d9cb</code></a> Move <code>@​types/trusted-types</code> to optionalDependencies</li> <li><a href="https://github.com/cure53/DOMPurify/commit/983b436c90bd3e3bafd04a96c811e432642026cb"><code>983b436</code></a> Merge pull request <a href="https://redirect.github.com/cure53/DOMPurify/issues/1021">#1021</a> from asamuzaK/type</li> <li><a href="https://github.com/cure53/DOMPurify/commit/0d54293f7c6aa84e4d3891df25a77e5f6faa7dfc"><code>0d54293</code></a> Merge pull request <a href="https://redirect.github.com/cure53/DOMPurify/issues/1022">#1022</a> from ghiscoding/main</li> <li><a href="https://github.com/cure53/DOMPurify/commit/7ea9c610d1a4d41f8f78ce6c515b1682b2bdae82"><code>7ea9c61</code></a> Merge pull request <a href="https://redirect.github.com/cure53/DOMPurify/issues/1024">#1024</a> from reduckted/fix/minify</li> <li><a href="https://github.com/cure53/DOMPurify/commit/6fea7af53d4d60e8c432a3dd47d6c5425783a10d"><code>6fea7af</code></a> Merge pull request <a href="https://redirect.github.com/cure53/DOMPurify/issues/1023">#1023</a> from reduckted/fix/export-order</li> <li>Additional commits viewable in <a href="https://github.com/cure53/DOMPurify/compare/3.1.6...3.2.1">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=dompurify&package-manager=npm_and_yarn&previous-version=3.1.6&new-version=3.2.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> --- <sub>🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.</sub>
yindo added the pull-request label 2026-02-22 18:35:04 -05:00
yindo closed this issue 2026-02-22 18:35:04 -05:00
yindo changed title from [PR #2678] Bump dompurify from 3.1.6 to 3.2.1 in /frontend to [PR #2678] [CLOSED] Bump dompurify from 3.1.6 to 3.2.1 in /frontend 2026-06-05 15:16:41 -04:00
Sign in to join this conversation.
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: Mintplex-Labs/anything-llm#4071