This is an automated email from the ASF dual-hosted git repository.
jleroux pushed a commit to branch trunk
in repository https://gitbox.apache.org/repos/asf/ofbiz-framework.git
The following commit(s) were added to refs/heads/trunk by this push:
new 9985c6047c Bump dompurify from 3.2.4 to 3.2.5 in
/themes/common-theme/webapp/common-theme/js (#885)
9985c6047c is described below
commit 9985c6047ccbb3acf2d2e6f00d32f067486021ce
Author: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
AuthorDate: Thu Apr 3 16:23:27 2025 +0200
Bump dompurify from 3.2.4 to 3.2.5 in
/themes/common-theme/webapp/common-theme/js (#885)
Bumps [dompurify](https://github.com/cure53/DOMPurify) from 3.2.4 to
3.2.5.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/cure53/DOMPurify/releases";>dompurify's
releases</a>.</em></p>
<blockquote>
<h2>DOMPurify 3.2.5</h2>
<ul>
<li>Added a check to the mXSS detection regex to be more strict, thanks
<a
href="https://github.com/masatokinugawa";><code>@masatokinugawa</code></a></li>
<li>Added ESM type imports in source, removes patch function, thanks <a
href="https://github.com/donmccurdy";><code>@donmccurdy</code></a></li>
<li>Added script to verify various TypeScript configurations, thanks <a
href="https://github.com/reduckted";><code>@reduckted</code></a></li>
<li>Added more modern browsers to the Karma launchers list</li>
<li>Added Node 23.x to tested runtimes, removed Node 17.x</li>
<li>Fixed the generation of source maps, thanks <a
href="https://github.com/reduckted";><code>@reduckted</code></a></li>
<li>Fixed an unexpected behavior with <code>ALLOWED_URI_REGEXP</code>
using the 'g' flag, thanks <a
href="https://github.com/hhk-png";><code>@hhk-png</code></a></li>
<li>Fixed a few typos in the README file</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/cure53/DOMPurify/commit/78060045e4d3ec0d199eb61bbeca02d8268ac310";><code>7806004</code></a>
Merge pull request <a
href="https://redirect.github.com/cure53/DOMPurify/issues/1082";>#1082</a>
from cure53/main</li>
<li><a
href="https://github.com/cure53/DOMPurify/commit/f14c22feab64e60383e9dc658c3cde38d009c541";><code>f14c22f</code></a>
chore: Preparing 3.2.5 release</li>
<li><a
href="https://github.com/cure53/DOMPurify/commit/c69d7a857032dc0a2b6ce589b6180823b97542ae";><code>c69d7a8</code></a>
Merge pull request <a
href="https://redirect.github.com/cure53/DOMPurify/issues/1080";>#1080</a>
from hhk-png/main</li>
<li><a
href="https://github.com/cure53/DOMPurify/commit/fce40b5d3bdcda38e519d749cd07b81da4029ea8";><code>fce40b5</code></a>
chore: for lint</li>
<li><a
href="https://github.com/cure53/DOMPurify/commit/59e866409d3ebb4e54eb6f2b4096a38ffe58b9a6";><code>59e8664</code></a>
Merge branch 'cure53:main' into main</li>
<li><a
href="https://github.com/cure53/DOMPurify/commit/e62e3efa68c46dbc34b6e63545c6ae8ed20b49f8";><code>e62e3ef</code></a>
fix: Using ALLOWED_URI_REGEXP with the 'g' flag leads to incorrect
results</li>
<li><a
href="https://github.com/cure53/DOMPurify/commit/b4287881fae1e01d91af5cddb664cb71bff7dec3";><code>b428788</code></a>
Update README.md</li>
<li><a
href="https://github.com/cure53/DOMPurify/commit/72c00db122148eb64eab2639928cd2cbee0a101c";><code>72c00db</code></a>
Merge branch 'main' of github.com:cure53/DOMPurify</li>
<li><a
href="https://github.com/cure53/DOMPurify/commit/49882dcc4141a4e62f43c6dac3db353ff8d7dd0e";><code>49882dc</code></a>
test: Added Node 23.x to tested runtimes, removed Node 17.x</li>
<li><a
href="https://github.com/cure53/DOMPurify/commit/2e5fd642ba473242220b98581dfe19049c3ca6de";><code>2e5fd64</code></a>
Merge pull request <a
href="https://redirect.github.com/cure53/DOMPurify/issues/1078";>#1078</a>
from reduckted/fix-sourcemaps</li>
<li>Additional commits viewable in <a
href="https://github.com/cure53/DOMPurify/compare/3.2.4...3.2.5";>compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <supp...@github.com>
Co-authored-by: dependabot[bot]
<49699333+dependabot[bot]@users.noreply.github.com>
---
themes/common-theme/webapp/common-theme/js/package-lock.json | 8 ++++----
themes/common-theme/webapp/common-theme/js/package.json | 2 +-
2 files changed, 5 insertions(+), 5 deletions(-)
diff --git a/themes/common-theme/webapp/common-theme/js/package-lock.json
b/themes/common-theme/webapp/common-theme/js/package-lock.json
index 81fddb6648..16cdaf6a9b 100644
--- a/themes/common-theme/webapp/common-theme/js/package-lock.json
+++ b/themes/common-theme/webapp/common-theme/js/package-lock.json
@@ -9,7 +9,7 @@
"dependencies": {
"@chinchilla-software/jquery-ui-timepicker-addon": "^1.6.3",
"daterangepicker": "^3.1.0",
- "dompurify": "^3.2.4",
+ "dompurify": "^3.2.5",
"featherlight": "^1.7.14",
"flot": "^4.2.6",
"inputmask": "^5.0.9",
@@ -49,9 +49,9 @@
}
},
"node_modules/dompurify": {
- "version": "3.2.4",
- "resolved":
"https://registry.npmjs.org/dompurify/-/dompurify-3.2.4.tgz";,
- "integrity":
"sha512-ysFSFEDVduQpyhzAob/kkuJjf5zWkZD8/A9ywSp1byueyuCfHamrCBa14/Oc2iiB0e51B+NpxSl5gmzn+Ms/mg==",
+ "version": "3.2.5",
+ "resolved":
"https://registry.npmjs.org/dompurify/-/dompurify-3.2.5.tgz";,
+ "integrity":
"sha512-mLPd29uoRe9HpvwP2TxClGQBzGXeEC/we/q+bFlmPPmj2p2Ugl3r6ATu/UU1v77DXNcehiBg9zsr1dREyA/dJQ==",
"license": "(MPL-2.0 OR Apache-2.0)",
"optionalDependencies": {
"@types/trusted-types": "^2.0.7"
diff --git a/themes/common-theme/webapp/common-theme/js/package.json
b/themes/common-theme/webapp/common-theme/js/package.json
index 0d53d6828a..8950621efc 100644
--- a/themes/common-theme/webapp/common-theme/js/package.json
+++ b/themes/common-theme/webapp/common-theme/js/package.json
@@ -6,7 +6,7 @@
"dependencies": {
"@chinchilla-software/jquery-ui-timepicker-addon": "^1.6.3",
"daterangepicker": "^3.1.0",
- "dompurify": "^3.2.4",
+ "dompurify": "^3.2.5",
"featherlight": "^1.7.14",
"flot": "^4.2.6",
"inputmask": "^5.0.9",
