chore(deps): update dependency dompurify to v3.4.12#6389
Conversation
Up to standards ✅🟢 Issues
|
There was a problem hiding this comment.
Code Review
Summary: Trivial Renovate dependency bump for dompurify (3.4.11 → 3.4.12) in the docs/ workspace — a patch release of the HTML sanitizer used to prevent XSS. Only docs/package.json and the matching docs/yarn.lock entry are touched; the lockfile hash/version updates are consistent with the manifest change.
Findings: None. This is a self-contained, low-risk lockfile/manifest update with no application code changes, no API surface impact, and no interaction with TUnit's core engine, source generator, or reflection paths — the CRITICAL RULES around dual-mode metadata, snapshot testing, and AOT compatibility don't apply here. Codacy also reports 0 new issues.
Recommendation: Safe to merge. Since dompurify is a security-sensitive sanitization library, taking the patch update is good practice regardless of whether this specific release fixes a CVE.
This PR contains the following updates:
3.4.11→3.4.12Release Notes
cure53/DOMPurify (dompurify)
v3.4.12: DOMPurify 3.4.12Compare Source
Configuration
📅 Schedule: (UTC)
🚦 Automerge: Enabled.
♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR has been generated by Mend Renovate.