chore(deps): update dependency dompurify to v3.4.12#6389
Conversation
Up to standards ✅🟢 Issues
|
There was a problem hiding this comment.
Code Review
Summary: Trivial Renovate dependency bump for dompurify (3.4.11 → 3.4.12) in the docs/ workspace — a patch release of the HTML sanitizer used to prevent XSS. Only docs/package.json and the matching docs/yarn.lock entry are touched; the lockfile hash/version updates are consistent with the manifest change.
Findings: None. This is a self-contained, low-risk lockfile/manifest update with no application code changes, no API surface impact, and no interaction with TUnit's core engine, source generator, or reflection paths — the CRITICAL RULES around dual-mode metadata, snapshot testing, and AOT compatibility don't apply here. Codacy also reports 0 new issues.
Recommendation: Safe to merge. Since dompurify is a security-sensitive sanitization library, taking the patch update is good practice regardless of whether this specific release fixes a CVE.
Updated [TUnit.Core](https://github.com/thomhurst/TUnit) from 1.58.0 to 1.59.0. <details> <summary>Release notes</summary> _Sourced from [TUnit.Core's releases](https://github.com/thomhurst/TUnit/releases)._ ## 1.59.0 <!-- Release notes generated using configuration in .github/release.yml at v1.59.0 --> ## What's Changed ### Other Changes * Fix typed MethodDataSource provider instances by @thomhurst in thomhurst/TUnit#6378 * Fix instance MethodDataSource isolation by @thomhurst in thomhurst/TUnit#6379 * fix(mocks): CS9262 in generated mock members on VS 17.14 (Roslyn 4.14) by @thomhurst in thomhurst/TUnit#6392 * Remove EqualTo alias documentation by @thomhurst in thomhurst/TUnit#6396 * fix(aspnetcore): guard hosted-service stop against concurrent double Host.StopAsync by @thomhurst in thomhurst/TUnit#6397 * Add single-item assertion chaining by @thomhurst in thomhurst/TUnit#6395 * Improve test framework migrations by @thomhurst in thomhurst/TUnit#6381 * Add -f/--framework support to TUnit template with .NET Framework handling by @thomhurst with @Copilot in thomhurst/TUnit#6262 ### Dependencies * chore(deps): update tunit to 1.58.0 by @thomhurst in thomhurst/TUnit#6351 * chore(deps): update dependency tunit.core to 1.58.0 by @thomhurst in thomhurst/TUnit#6352 * chore(deps): update dependency picomatch to v4.0.5 by @thomhurst in thomhurst/TUnit#6354 * chore(deps): update dependency testcontainers.postgresql to 4.13.0 by @thomhurst in thomhurst/TUnit#6356 * chore(deps): update dependency testcontainers.redis to 4.13.0 by @thomhurst in thomhurst/TUnit#6357 * chore(deps): update dependency testcontainers.kafka to 4.13.0 by @thomhurst in thomhurst/TUnit#6355 * chore(deps): update dependency gitversion.tool to v6.8.1 by @thomhurst in thomhurst/TUnit#6359 * chore(deps): update dependency typescript to v7 by @thomhurst in thomhurst/TUnit#6372 * chore(deps): update mstest to 4.3.0 by @thomhurst in thomhurst/TUnit#6374 * chore(deps): update dependency messagepack to 3.1.8 by @thomhurst in thomhurst/TUnit#6376 * chore(deps): update dependency opentelemetry.instrumentation.runtime to 1.16.0 by @thomhurst in thomhurst/TUnit#6380 * chore(deps): update dependency vogen to 8.0.6 by @thomhurst in thomhurst/TUnit#6382 * chore(deps): update dependency gitversion.tool to v6.8.2 by @thomhurst in thomhurst/TUnit#6384 * chore(deps): update dependency npgsql.entityframeworkcore.postgresql to 10.0.3 by @thomhurst in thomhurst/TUnit#6385 * chore(deps): update docusaurus to v3.10.2 by @thomhurst in thomhurst/TUnit#6386 * chore(deps): update dependency stackexchange.redis to 3.0.17 by @thomhurst in thomhurst/TUnit#6387 * chore(deps): update dependency dompurify to v3.4.12 by @thomhurst in thomhurst/TUnit#6389 * chore(deps): update dependency svgo to v4.0.2 by @thomhurst in thomhurst/TUnit#6390 * chore(deps): update dependency nsubstitute to v6 by @thomhurst in thomhurst/TUnit#6394 * chore(deps): update verify to 31.24.0 by @thomhurst in thomhurst/TUnit#6367 * chore(deps): update microsoft.testing by @thomhurst in thomhurst/TUnit#6369 **Full Changelog**: thomhurst/TUnit@v1.58.0...v1.59.0 Commits viewable in [compare view](thomhurst/TUnit@v1.58.0...v1.59.0). </details> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
This PR contains the following updates:
3.4.11→3.4.12Release Notes
cure53/DOMPurify (dompurify)
v3.4.12: DOMPurify 3.4.12Compare Source
Configuration
📅 Schedule: (UTC)
🚦 Automerge: Enabled.
♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR has been generated by Mend Renovate.