Skip to content

chore(deps): update dependency dompurify to v3.4.12#6389

Merged
thomhurst merged 1 commit into
mainfrom
renovate/dompurify-3.x
Jul 11, 2026
Merged

chore(deps): update dependency dompurify to v3.4.12#6389
thomhurst merged 1 commit into
mainfrom
renovate/dompurify-3.x

Conversation

@thomhurst

Copy link
Copy Markdown
Owner

This PR contains the following updates:

Package Type Update Change
dompurify resolutions patch 3.4.113.4.12

Release Notes

cure53/DOMPurify (dompurify)

v3.4.12: DOMPurify 3.4.12

Compare Source

  • Fixed an issue where a hook would not get called for custom elements, thanks @​Rikuxx0
  • Hardened the handling of hooks removing elements, @​mkrause-bee360
  • Added support for a few new SVG attributes, thanks @​cbn-falias & @​Develop-KIM
  • Hardened the handling of declarative partial updates
  • Updated the documentation is several spots, README, wiki, etc.
  • Bumped several dependencies where possible

Configuration

📅 Schedule: (UTC)

  • Branch creation
    • At any time (no schedule defined)
  • Automerge
    • At any time (no schedule defined)

🚦 Automerge: Enabled.

Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.


  • If you want to rebase/retry this PR, check this box

This PR has been generated by Mend Renovate.

@thomhurst thomhurst added dependencies Pull requests that update a dependency file PATCH renovate-bot labels Jul 11, 2026
@thomhurst thomhurst enabled auto-merge (squash) July 11, 2026 12:24
@thomhurst thomhurst deployed to Pull Requests July 11, 2026 12:24 — with GitHub Actions Active
@codacy-production

Copy link
Copy Markdown

Up to standards ✅

🟢 Issues 0 issues

Results:
0 new issues

View in Codacy

NEW Get contextual insights on your PRs based on Codacy's metrics, along with PR and Jira context, without leaving GitHub. Enable AI reviewer
TIP This summary will be updated as you push new changes.

@claude claude Bot left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Code Review

Summary: Trivial Renovate dependency bump for dompurify (3.4.11 → 3.4.12) in the docs/ workspace — a patch release of the HTML sanitizer used to prevent XSS. Only docs/package.json and the matching docs/yarn.lock entry are touched; the lockfile hash/version updates are consistent with the manifest change.

Findings: None. This is a self-contained, low-risk lockfile/manifest update with no application code changes, no API surface impact, and no interaction with TUnit's core engine, source generator, or reflection paths — the CRITICAL RULES around dual-mode metadata, snapshot testing, and AOT compatibility don't apply here. Codacy also reports 0 new issues.

Recommendation: Safe to merge. Since dompurify is a security-sensitive sanitization library, taking the patch update is good practice regardless of whether this specific release fixes a CVE.

@thomhurst thomhurst merged commit 4e47378 into main Jul 11, 2026
15 checks passed
@thomhurst thomhurst deleted the renovate/dompurify-3.x branch July 11, 2026 12:48
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file PATCH renovate-bot

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants