Skip to content

build(deps): bump dompurify from 3.4.8 to 3.4.11 in /web#19

Merged
Toshik1978 merged 1 commit into
mainfrom
dependabot/npm_and_yarn/web/dompurify-3.4.11
Jul 2, 2026
Merged

build(deps): bump dompurify from 3.4.8 to 3.4.11 in /web#19
Toshik1978 merged 1 commit into
mainfrom
dependabot/npm_and_yarn/web/dompurify-3.4.11

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jul 2, 2026

Copy link
Copy Markdown
Contributor

Bumps dompurify from 3.4.8 to 3.4.11.

Release notes

Sourced from dompurify's releases.

DOMPurify 3.4.11

  • Fixed an issue with a leaky config for hooks via setConfig, thanks @​trace37labs
  • Bumped vulnerable development dependencies to arrive at plain 0 with npm audit
  • Updated the osv-scanner suppression list as no vulnerable dependencies are left for now
  • Updated up the linting tool-chain and removed now-redundant lint directives
  • Updated the documentation is several spots, README, wiki, etc.
  • Bumped several dependencies where possible

DOMPurify 3.4.10

  • Refactored codebase for clarity: extracted the public type declarations into types.ts
  • Decomposed the three largest sanitizer functions into focused helpers
  • Removed duplicated defaults and dead branches, consolidated SAFE_FOR_TEMPLATES scrubbing into single shared path
  • Improved per-node performance by hoisting the mXSS probe regexes and testing textContent before innerHTML
  • Added a deterministic micro-benchmark harness (npm run bench) with a --compare mode
  • Reduced CI cost by running the full three-engine browser suite once per PR
  • Refreshed the demos/ folder so every demo runs again, and added a SVG-via-<img> demo
  • Documented the bench and test:happydom scripts in the README
  • Completed the Attack Classes & Bypass History wiki page
  • Bumped several dependencies where possible

DOMPurify 3.4.9

  • Further improved the handling of Trusted Types config options, thanks @​offset
  • Further improved the handling of IN_PLACE sanitization, thanks @​mozfreddyb
  • Added more test coverage for IN_PLACE and Trusted Types related usage
  • Bumped several dependencies where possible
  • Updated README and wiki with more accurate documentation & attack samples
Commits

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Bumps [dompurify](https://github.com/cure53/DOMPurify) from 3.4.8 to 3.4.11.
- [Release notes](https://github.com/cure53/DOMPurify/releases)
- [Commits](cure53/DOMPurify@3.4.8...3.4.11)

---
updated-dependencies:
- dependency-name: dompurify
  dependency-version: 3.4.11
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Jul 2, 2026
@github-actions

github-actions Bot commented Jul 2, 2026

Copy link
Copy Markdown
Contributor

Code Coverage

Package Line Rate Health
Backend (Go)
github.com/Toshik1978/folio/internal/api 80%
github.com/Toshik1978/folio/internal/auth 81%
github.com/Toshik1978/folio/internal/bookfile 85%
github.com/Toshik1978/folio/internal/config 0%
github.com/Toshik1978/folio/internal/covers 87%
github.com/Toshik1978/folio/internal/db 86%
github.com/Toshik1978/folio/internal/db/dbq 77%
github.com/Toshik1978/folio/internal/ebook 85%
github.com/Toshik1978/folio/internal/events 98%
github.com/Toshik1978/folio/internal/googlebooks 86%
github.com/Toshik1978/folio/internal/htmltext 100%
github.com/Toshik1978/folio/internal/ingest 82%
github.com/Toshik1978/folio/internal/logging 93%
github.com/Toshik1978/folio/internal/metasearch 98%
github.com/Toshik1978/folio/internal/metasearch/providers/amazon 87%
github.com/Toshik1978/folio/internal/metasearch/providers/goodreads 90%
github.com/Toshik1978/folio/internal/metasearch/providers/googlebooks 76%
github.com/Toshik1978/folio/internal/metasearch/providers/openlibrary 82%
github.com/Toshik1978/folio/internal/opds 85%
github.com/Toshik1978/folio/internal/server 92%
github.com/Toshik1978/folio/internal/settings 86%
github.com/Toshik1978/folio/internal/sync 83%
Frontend (Web)
web/src 83%
web/src/components 81%
web/src/components.settings 95%
web/src/composables 94%
web/src/pages 89%
web/src/utils 100%
Summary 85% (8113 / 9745)

@Toshik1978 Toshik1978 merged commit dabb4f5 into main Jul 2, 2026
3 checks passed
@Toshik1978 Toshik1978 deleted the dependabot/npm_and_yarn/web/dompurify-3.4.11 branch July 2, 2026 14:28
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant