[PR #2775] [CLOSED] Bump dompurify from 3.1.6 to 3.2.3 in /frontend #4108

Closed
opened 2026-02-22 18:35:09 -05:00 by yindo · 0 comments
Owner

📋 Pull Request Information

Original PR: https://github.com/Mintplex-Labs/anything-llm/pull/2775
Author: @dependabot[bot]
Created: 12/9/2024
Status: Closed

Base: masterHead: dependabot/npm_and_yarn/frontend/dompurify-3.2.3


📝 Commits (1)

  • 9622a67 Bump dompurify from 3.1.6 to 3.2.3 in /frontend

📊 Changes

2 files changed (+40 additions, -8 deletions)

View changed files

📝 frontend/package.json (+1 -1)
📝 frontend/yarn.lock (+39 -7)

📄 Description

Bumps dompurify from 3.1.6 to 3.2.3.

Release notes

Sourced from dompurify's releases.

DOMPurify 3.2.3

DOMPurify 3.2.2

  • Fixed a possible bypass in case a rather specific config for custom elements is set, thanks @​yaniv-git
  • Fixed several minor issues with the type definitions, thanks again @​reduckted
  • Fixed a minor issue with the types reference for trusted types, thanks @​reduckted
  • Fixed a minor problem with the template detection regex on some systems, thanks @​svdb99

DOMPurify 3.2.1

DOMPurify 3.2.0

DOMPurify 3.1.7

  • Fixed an issue with comment detection and possible bypasses with specific config settings, thanks @​masatokinugawa
  • Fixed several smaller typos in documentation and test & build files, thanks @​christianhg
  • Added better support for Angular compiler, thanks @​jeroen1602
  • Added several new attributes to HTML and SVG allow-list, thanks @​Gigabyte5671 and @​Rotzbua
  • Removed the foreignObject element from the list of HTML entry-points, thanks @​masatokinugawa
  • Bumped several dependencies to be more up to date
Commits
  • f1106aa chore: Preparing 3.2.3 release
  • 9c71e04 fix: Added clobbering check for sanitizeAttribute to prevent an error
  • c183cd6 fix: Fixed a config-dependent bypass caused by skipped attribute checks, than...
  • 6e76ece fix: Fixed a config-dependent bypass relating to data-attributes, thanks @​Slo...
  • c3879a5 Merge pull request #1041 from CoryHrycko/patch-1
  • 0e1c724 Update tags.ts
  • 8513afd Update README.md
  • b883b9e Update README.md
  • 3b4b5e9 Merge pull request #1037 from svdb99/main
  • b9e9087 Fix #1033
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.

## 📋 Pull Request Information **Original PR:** https://github.com/Mintplex-Labs/anything-llm/pull/2775 **Author:** [@dependabot[bot]](https://github.com/apps/dependabot) **Created:** 12/9/2024 **Status:** ❌ Closed **Base:** `master` ← **Head:** `dependabot/npm_and_yarn/frontend/dompurify-3.2.3` --- ### 📝 Commits (1) - [`9622a67`](https://github.com/Mintplex-Labs/anything-llm/commit/9622a67c36c7a931695cdc9d2518e620a61744de) Bump dompurify from 3.1.6 to 3.2.3 in /frontend ### 📊 Changes **2 files changed** (+40 additions, -8 deletions) <details> <summary>View changed files</summary> 📝 `frontend/package.json` (+1 -1) 📝 `frontend/yarn.lock` (+39 -7) </details> ### 📄 Description Bumps [dompurify](https://github.com/cure53/DOMPurify) from 3.1.6 to 3.2.3. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/cure53/DOMPurify/releases">dompurify's releases</a>.</em></p> <blockquote> <h2>DOMPurify 3.2.3</h2> <ul> <li>Fixed two conditional sanitizer bypasses discovered by <a href="https://github.com/parrot409"><code>@​parrot409</code></a> and <a href="https://x.com/slonser_"><code>@​Slonser</code></a></li> <li>Updated the attribute clobbering checks to prevent future bypasses, thanks <a href="https://github.com/parrot409"><code>@​parrot409</code></a></li> </ul> <h2>DOMPurify 3.2.2</h2> <ul> <li>Fixed a possible bypass in case a rather specific config for custom elements is set, thanks <a href="https://github.com/yaniv-git"><code>@​yaniv-git</code></a></li> <li>Fixed several minor issues with the type definitions, thanks again <a href="https://github.com/reduckted"><code>@​reduckted</code></a></li> <li>Fixed a minor issue with the types reference for trusted types, thanks <a href="https://github.com/reduckted"><code>@​reduckted</code></a></li> <li>Fixed a minor problem with the template detection regex on some systems, thanks <a href="https://github.com/svdb99"><code>@​svdb99</code></a></li> </ul> <h2>DOMPurify 3.2.1</h2> <ul> <li>Fixed several minor issues with the type definitions, thanks <a href="https://github.com/reduckted"><code>@​reduckted</code></a> <a href="https://github.com/ghiscoding"><code>@​ghiscoding</code></a> <a href="https://github.com/asamuzaK"><code>@​asamuzaK</code></a> <a href="https://github.com/MiniDigger"><code>@​MiniDigger</code></a></li> <li>Fixed an issue with non-minified dist files and order of imports, thanks <a href="https://github.com/reduckted"><code>@​reduckted</code></a></li> </ul> <h2>DOMPurify 3.2.0</h2> <ul> <li>Added type declarations, thanks <a href="https://github.com/reduckted"><code>@​reduckted</code></a> , <a href="https://github.com/philmayfield"><code>@​philmayfield</code></a>, <a href="https://github.com/aloisklink"><code>@​aloisklink</code></a>, <a href="https://github.com/ssi02014"><code>@​ssi02014</code></a> and others</li> <li>Fixed a minor issue with the handling of hooks, thanks <a href="https://github.com/kevin-mizu"><code>@​kevin-mizu</code></a></li> </ul> <h2>DOMPurify 3.1.7</h2> <ul> <li>Fixed an issue with comment detection and possible bypasses with specific config settings, thanks <a href="https://github.com/masatokinugawa"><code>@​masatokinugawa</code></a></li> <li>Fixed several smaller typos in documentation and test &amp; build files, thanks <a href="https://github.com/christianhg"><code>@​christianhg</code></a></li> <li>Added better support for Angular compiler, thanks <a href="https://github.com/jeroen1602"><code>@​jeroen1602</code></a></li> <li>Added several new attributes to HTML and SVG allow-list, thanks <a href="https://github.com/Gigabyte5671"><code>@​Gigabyte5671</code></a> and <a href="https://github.com/Rotzbua"><code>@​Rotzbua</code></a></li> <li>Removed the <code>foreignObject</code> element from the list of HTML entry-points, thanks <a href="https://github.com/masatokinugawa"><code>@​masatokinugawa</code></a></li> <li>Bumped several dependencies to be more up to date</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/cure53/DOMPurify/commit/f1106aae5a861d1096cb57ad9a6f518b4279ea8c"><code>f1106aa</code></a> chore: Preparing 3.2.3 release</li> <li><a href="https://github.com/cure53/DOMPurify/commit/9c71e0425b40cfadad4bfffc76e449493b6de0da"><code>9c71e04</code></a> fix: Added clobbering check for sanitizeAttribute to prevent an error</li> <li><a href="https://github.com/cure53/DOMPurify/commit/c183cd614733f8b0a87af8b8d60277ac51cd86d6"><code>c183cd6</code></a> fix: Fixed a config-dependent bypass caused by skipped attribute checks, than...</li> <li><a href="https://github.com/cure53/DOMPurify/commit/6e76ece4bc4195d9dd1a5ad5bab4bc250e19ca68"><code>6e76ece</code></a> fix: Fixed a config-dependent bypass relating to data-attributes, thanks <a href="https://github.com/Slo"><code>@​Slo</code></a>...</li> <li><a href="https://github.com/cure53/DOMPurify/commit/c3879a57c6ecc805f51488aa6d2659d7b13ac272"><code>c3879a5</code></a> Merge pull request <a href="https://redirect.github.com/cure53/DOMPurify/issues/1041">#1041</a> from CoryHrycko/patch-1</li> <li><a href="https://github.com/cure53/DOMPurify/commit/0e1c724e2125e40fc3e8149b6d85fc7214a97e96"><code>0e1c724</code></a> Update tags.ts</li> <li><a href="https://github.com/cure53/DOMPurify/commit/8513afd792c06a0acd232e2e2850e79a542b8b52"><code>8513afd</code></a> Update README.md</li> <li><a href="https://github.com/cure53/DOMPurify/commit/b883b9e583fa19fa37d6ee9cdb761481508a3451"><code>b883b9e</code></a> Update README.md</li> <li><a href="https://github.com/cure53/DOMPurify/commit/3b4b5e928089a0c39c52a8b31513f2d5ae1a494e"><code>3b4b5e9</code></a> Merge pull request <a href="https://redirect.github.com/cure53/DOMPurify/issues/1037">#1037</a> from svdb99/main</li> <li><a href="https://github.com/cure53/DOMPurify/commit/b9e9087df30bd2cf9b76245da8eb628dc815531d"><code>b9e9087</code></a> Fix <a href="https://redirect.github.com/cure53/DOMPurify/issues/1033">#1033</a></li> <li>Additional commits viewable in <a href="https://github.com/cure53/DOMPurify/compare/3.1.6...3.2.3">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=dompurify&package-manager=npm_and_yarn&previous-version=3.1.6&new-version=3.2.3)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> --- <sub>🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.</sub>
yindo added the pull-request label 2026-02-22 18:35:09 -05:00
yindo closed this issue 2026-02-22 18:35:09 -05:00
yindo changed title from [PR #2775] Bump dompurify from 3.1.6 to 3.2.3 in /frontend to [PR #2775] [CLOSED] Bump dompurify from 3.1.6 to 3.2.3 in /frontend 2026-06-05 15:16:52 -04:00
Sign in to join this conversation.
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: Mintplex-Labs/anything-llm#4108