Skip to content

chore(deps): update dependency dompurify to v3.4.12#6389

Merged
thomhurst merged 1 commit into
mainfrom
renovate/dompurify-3.x
Jul 11, 2026
Merged

chore(deps): update dependency dompurify to v3.4.12#6389
thomhurst merged 1 commit into
mainfrom
renovate/dompurify-3.x

Conversation

@thomhurst

Copy link
Copy Markdown
Owner

This PR contains the following updates:

Package Type Update Change
dompurify resolutions patch 3.4.113.4.12

Release Notes

cure53/DOMPurify (dompurify)

v3.4.12: DOMPurify 3.4.12

Compare Source

  • Fixed an issue where a hook would not get called for custom elements, thanks @​Rikuxx0
  • Hardened the handling of hooks removing elements, @​mkrause-bee360
  • Added support for a few new SVG attributes, thanks @​cbn-falias & @​Develop-KIM
  • Hardened the handling of declarative partial updates
  • Updated the documentation is several spots, README, wiki, etc.
  • Bumped several dependencies where possible

Configuration

📅 Schedule: (UTC)

  • Branch creation
    • At any time (no schedule defined)
  • Automerge
    • At any time (no schedule defined)

🚦 Automerge: Enabled.

Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.


  • If you want to rebase/retry this PR, check this box

This PR has been generated by Mend Renovate.

@thomhurst thomhurst added dependencies Pull requests that update a dependency file PATCH renovate-bot labels Jul 11, 2026
@thomhurst thomhurst enabled auto-merge (squash) July 11, 2026 12:24
@codacy-production

Copy link
Copy Markdown

Up to standards ✅

🟢 Issues 0 issues

Results:
0 new issues

View in Codacy

NEW Get contextual insights on your PRs based on Codacy's metrics, along with PR and Jira context, without leaving GitHub. Enable AI reviewer
TIP This summary will be updated as you push new changes.

@claude claude Bot left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Code Review

Summary: Trivial Renovate dependency bump for dompurify (3.4.11 → 3.4.12) in the docs/ workspace — a patch release of the HTML sanitizer used to prevent XSS. Only docs/package.json and the matching docs/yarn.lock entry are touched; the lockfile hash/version updates are consistent with the manifest change.

Findings: None. This is a self-contained, low-risk lockfile/manifest update with no application code changes, no API surface impact, and no interaction with TUnit's core engine, source generator, or reflection paths — the CRITICAL RULES around dual-mode metadata, snapshot testing, and AOT compatibility don't apply here. Codacy also reports 0 new issues.

Recommendation: Safe to merge. Since dompurify is a security-sensitive sanitization library, taking the patch update is good practice regardless of whether this specific release fixes a CVE.

@thomhurst thomhurst merged commit 4e47378 into main Jul 11, 2026
15 checks passed
@thomhurst thomhurst deleted the renovate/dompurify-3.x branch July 11, 2026 12:48
github-actions Bot pushed a commit to IntelliTect/CodingGuidelines that referenced this pull request Jul 13, 2026
Updated [TUnit.Core](https://github.com/thomhurst/TUnit) from 1.58.0 to
1.59.0.

<details>
<summary>Release notes</summary>

_Sourced from [TUnit.Core's
releases](https://github.com/thomhurst/TUnit/releases)._

## 1.59.0

<!-- Release notes generated using configuration in .github/release.yml
at v1.59.0 -->

## What's Changed
### Other Changes
* Fix typed MethodDataSource provider instances by @​thomhurst in
thomhurst/TUnit#6378
* Fix instance MethodDataSource isolation by @​thomhurst in
thomhurst/TUnit#6379
* fix(mocks): CS9262 in generated mock members on VS 17.14 (Roslyn 4.14)
by @​thomhurst in thomhurst/TUnit#6392
* Remove EqualTo alias documentation by @​thomhurst in
thomhurst/TUnit#6396
* fix(aspnetcore): guard hosted-service stop against concurrent double
Host.StopAsync by @​thomhurst in
thomhurst/TUnit#6397
* Add single-item assertion chaining by @​thomhurst in
thomhurst/TUnit#6395
* Improve test framework migrations by @​thomhurst in
thomhurst/TUnit#6381
* Add -f/--framework support to TUnit template with .NET Framework
handling by @​thomhurst with @​Copilot in
thomhurst/TUnit#6262
### Dependencies
* chore(deps): update tunit to 1.58.0 by @​thomhurst in
thomhurst/TUnit#6351
* chore(deps): update dependency tunit.core to 1.58.0 by @​thomhurst in
thomhurst/TUnit#6352
* chore(deps): update dependency picomatch to v4.0.5 by @​thomhurst in
thomhurst/TUnit#6354
* chore(deps): update dependency testcontainers.postgresql to 4.13.0 by
@​thomhurst in thomhurst/TUnit#6356
* chore(deps): update dependency testcontainers.redis to 4.13.0 by
@​thomhurst in thomhurst/TUnit#6357
* chore(deps): update dependency testcontainers.kafka to 4.13.0 by
@​thomhurst in thomhurst/TUnit#6355
* chore(deps): update dependency gitversion.tool to v6.8.1 by
@​thomhurst in thomhurst/TUnit#6359
* chore(deps): update dependency typescript to v7 by @​thomhurst in
thomhurst/TUnit#6372
* chore(deps): update mstest to 4.3.0 by @​thomhurst in
thomhurst/TUnit#6374
* chore(deps): update dependency messagepack to 3.1.8 by @​thomhurst in
thomhurst/TUnit#6376
* chore(deps): update dependency opentelemetry.instrumentation.runtime
to 1.16.0 by @​thomhurst in thomhurst/TUnit#6380
* chore(deps): update dependency vogen to 8.0.6 by @​thomhurst in
thomhurst/TUnit#6382
* chore(deps): update dependency gitversion.tool to v6.8.2 by
@​thomhurst in thomhurst/TUnit#6384
* chore(deps): update dependency npgsql.entityframeworkcore.postgresql
to 10.0.3 by @​thomhurst in thomhurst/TUnit#6385
* chore(deps): update docusaurus to v3.10.2 by @​thomhurst in
thomhurst/TUnit#6386
* chore(deps): update dependency stackexchange.redis to 3.0.17 by
@​thomhurst in thomhurst/TUnit#6387
* chore(deps): update dependency dompurify to v3.4.12 by @​thomhurst in
thomhurst/TUnit#6389
* chore(deps): update dependency svgo to v4.0.2 by @​thomhurst in
thomhurst/TUnit#6390
* chore(deps): update dependency nsubstitute to v6 by @​thomhurst in
thomhurst/TUnit#6394
* chore(deps): update verify to 31.24.0 by @​thomhurst in
thomhurst/TUnit#6367
* chore(deps): update microsoft.testing by @​thomhurst in
thomhurst/TUnit#6369


**Full Changelog**:
thomhurst/TUnit@v1.58.0...v1.59.0

Commits viewable in [compare
view](thomhurst/TUnit@v1.58.0...v1.59.0).
</details>

[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=TUnit.Core&package-manager=nuget&previous-version=1.58.0&new-version=1.59.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file PATCH renovate-bot

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants