Skip to content

chore(deps): bump dompurify from 3.4.2 to 3.4.4 in /webapps/frontend#2955

Merged
kthoms merged 1 commit into
release/2.1.xfrom
dependabot/npm_and_yarn/webapps/frontend/release/2.1.x/dompurify-3.4.4
May 20, 2026
Merged

chore(deps): bump dompurify from 3.4.2 to 3.4.4 in /webapps/frontend#2955
kthoms merged 1 commit into
release/2.1.xfrom
dependabot/npm_and_yarn/webapps/frontend/release/2.1.x/dompurify-3.4.4

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github May 18, 2026

Copy link
Copy Markdown
Contributor

Bumps dompurify from 3.4.2 to 3.4.4.

Release notes

Sourced from dompurify's releases.

DOMPurify 3.4.4

  • Added the selectedcontent element to default allow-list, thanks @​lukewarlow
  • Added the command and commandfor attributes to default allowed-list, thanks @​lukewarlow
  • Added better template scrubbing for IN_PLACE operations, thanks @​DEMON1A
  • Added stronger checks for cross-realm windows, thanks @​DEMON1A & @​fg0x0
  • Updated demo website and made sure it uses the latest from main
  • Updated existing workflows, fuzzer, dependabot, etc., added more tests
  • Bumped several dependencies where possible

DOMPurify 3.4.3

  • Fixed an issue with handling of nested Shadow DOM trees, thanks @​fishjojo1
  • Fixed the template regexes to be more robust against ReDoS attacks, thanks @​aleung27
  • Updated the node iteration code to catch more Shadow DOM related issues
  • Updated Playwright and added Node 26 to test matrix
  • Updated existing workflows, fuzzer, release signing, etc., added more tests
  • Bumped several dependencies where possible
Commits

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot
chore(deps): bump dompurify from 3.4.2 to 3.4.4 in /webapps/frontend
2d405aa 
Bumps [dompurify](https://github.com/cure53/DOMPurify) from 3.4.2 to 3.4.4.
- [Release notes](https://github.com/cure53/DOMPurify/releases)
- [Commits](cure53/DOMPurify@3.4.2...3.4.4)

---
updated-dependencies:
- dependency-name: dompurify
  dependency-version: 3.4.4
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added this to the 2.1.1 milestone May 18, 2026
@dependabot dependabot Bot added the dependencies:npm Changed to NPM dependencies label May 18, 2026
@dependabot dependabot Bot mentioned this pull request May 18, 2026
Closed
@github-actions github-actions Bot added scope:core-api Changes to the core API: engine, dmn-engine, feel-engine, REST API, OpenAPI database Features and issures related to the persistence layer api:rest Changes affecting the REST API scope:model-api Changes to the BPMN, CMMN, DMN, XML model APIs. scope:external-task-client-java Changes to the Java external task client. scope:ldap Changes to the LDAP integration. scope:quarkus Changes to the Quarkus extension. scope:spin Changes to the Spin library. scope:spring-boot Changes to the Spring Boot starter. scope:webapp Changes affecting all the webapps. scope:build Changes affecting the build, e.g. Maven configuration, shell scripts. scope:db_schema Issues and changes affecting the database schema. scope:juel Changes to the JUEL implementation scope:connect Issues & changes related to the connect API and connectors labels May 18, 2026
Copilot AI mentioned this pull request May 19, 2026
Closed
34 tasks
@kthoms kthoms removed scope:core-api Changes to the core API: engine, dmn-engine, feel-engine, REST API, OpenAPI database Features and issures related to the persistence layer api:rest Changes affecting the REST API scope:model-api Changes to the BPMN, CMMN, DMN, XML model APIs. scope:external-task-client-java Changes to the Java external task client. scope:ldap Changes to the LDAP integration. scope:quarkus Changes to the Quarkus extension. scope:spin Changes to the Spin library. scope:spring-boot Changes to the Spring Boot starter. scope:webapp Changes affecting all the webapps. scope:build Changes affecting the build, e.g. Maven configuration, shell scripts. labels May 19, 2026
@kthoms kthoms removed scope:db_schema Issues and changes affecting the database schema. scope:juel Changes to the JUEL implementation scope:connect Issues & changes related to the connect API and connectors labels May 19, 2026
@kthoms kthoms merged commit 5a4bc22 into release/2.1.x May 20, 2026
37 of 42 checks passed
@dependabot dependabot Bot deleted the dependabot/npm_and_yarn/webapps/frontend/release/2.1.x/dompurify-3.4.4 branch May 20, 2026 06:55
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@kthoms kthoms kthoms approved these changes

Assignees

No one assigned

Labels

dependencies:npm Changed to NPM dependencies

Projects

None yet

Milestone

2.1.1

Development

Successfully merging this pull request may close these issues.

1 participant

@kthoms