Skip to content

Bump dompurify from 3.4.10 to 3.4.11 in /client in the npm_and_yarn group across 1 directory#1118

Closed
dependabot[bot] wants to merge 2 commits into
developfrom
dependabot/npm_and_yarn/client/npm_and_yarn-360cad5ee5
Closed

Bump dompurify from 3.4.10 to 3.4.11 in /client in the npm_and_yarn group across 1 directory#1118
dependabot[bot] wants to merge 2 commits into
developfrom
dependabot/npm_and_yarn/client/npm_and_yarn-360cad5ee5

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jun 19, 2026

Copy link
Copy Markdown
Contributor

Bumps the npm_and_yarn group with 1 update in the /client directory: dompurify.

Updates dompurify from 3.4.10 to 3.4.11

Release notes

Sourced from dompurify's releases.

DOMPurify 3.4.11

  • Fixed an issue with a leaky config for hooks via setConfig, thanks @​trace37labs
  • Bumped vulnerable development dependencies to arrive at plain 0 with npm audit
  • Updated the osv-scanner suppression list as no vulnerable dependencies are left for now
  • Updated up the linting tool-chain and removed now-redundant lint directives
  • Updated the documentation is several spots, README, wiki, etc.
  • Bumped several dependencies where possible
Commits

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions
    You can disable automated security fix PRs for this repo from the Security Alerts page.

Bumps the npm_and_yarn group with 1 update in the /client directory: [dompurify](https://github.com/cure53/DOMPurify).


Updates `dompurify` from 3.4.10 to 3.4.11
- [Release notes](https://github.com/cure53/DOMPurify/releases)
- [Commits](cure53/DOMPurify@3.4.10...3.4.11)

---
updated-dependencies:
- dependency-name: dompurify
  dependency-version: 3.4.11
  dependency-type: direct:production
  dependency-group: npm_and_yarn
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code labels Jun 19, 2026

@Claudia-Anthropica Claudia-Anthropica left a comment

Copy link
Copy Markdown
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@app/dependabot This is a straightforward dompurify patch bump with the lockfile and SBOM refreshed, and the checks are green. Approving as-is.

@krusche

krusche commented Jun 20, 2026

Copy link
Copy Markdown
Member

Superseded by #1120 (merged): dompurify is now 3.4.11 on develop. Closing as outdated.

@krusche krusche closed this Jun 20, 2026
@dependabot @github

dependabot Bot commented on behalf of github Jun 20, 2026

Copy link
Copy Markdown
Contributor Author

This pull request was built based on a group rule. Closing it will not ignore any of these versions in future pull requests.

To ignore these dependencies, configure ignore rules in dependabot.yml

@dependabot dependabot Bot deleted the dependabot/npm_and_yarn/client/npm_and_yarn-360cad5ee5 branch June 20, 2026 07:48
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants