This is an automated email from the ASF dual-hosted git repository.
jleroux pushed a commit to branch trunk
in repository https://gitbox.apache.org/repos/asf/ofbiz-framework.git
The following commit(s) were added to refs/heads/trunk by this push:
new 1cf059bbd9 Bump dompurify from 3.2.5 to 3.2.6 in
/themes/common-theme/webapp/common-theme/js (#891)
1cf059bbd9 is described below
commit 1cf059bbd937278c6c814a57eeb49d08117cb0ba
Author: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
AuthorDate: Tue May 20 18:30:43 2025 +0200
Bump dompurify from 3.2.5 to 3.2.6 in
/themes/common-theme/webapp/common-theme/js (#891)
Bumps [dompurify](https://github.com/cure53/DOMPurify) from 3.2.5 to
3.2.6.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/cure53/DOMPurify/releases";>dompurify's
releases</a>.</em></p>
<blockquote>
<h2>DOMPurify 3.2.6</h2>
<ul>
<li>Fixed several typos and removed clutter from our documentation,
thanks <a
href="https://github.com/Rotzbua";><code>@Rotzbua</code></a></li>
<li>Added <code>matrix:</code> as an allowed URI scheme, thanks <a
href="https://github.com/kleinesfilmroellchen";><code>@kleinesfilmroellchen</code></a></li>
<li>Added better config hardening against prototype pollution, thanks <a
href="https://github.com/EffectRenan";><code>@EffectRenan</code></a></li>
<li>Added better handling of attribute removal, thanks <a
href="https://github.com/michalnieruchalski-tiugo";><code>@michalnieruchalski-tiugo</code></a></li>
<li>Added better configuration for aggressive mXSS scrubbing behavior,
thanks <a
href="https://github.com/BryanValverdeU";><code>@BryanValverdeU</code></a></li>
<li>Removed the script that caused the fake entry <a
href="https://security.snyk.io/vuln/SNYK-JS-DOMPURIFY-10176060";>CVE-2025-48050</a></li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/cure53/DOMPurify/commit/32f765e632ff34eebf5e08128ae1ff8f0d0bbe7a";><code>32f765e</code></a>
Merge pull request <a
href="https://redirect.github.com/cure53/DOMPurify/issues/1105";>#1105</a>
from cure53/main</li>
<li><a
href="https://github.com/cure53/DOMPurify/commit/6158ecbd1b3997b37f88a339a5d47a39f324c63b";><code>6158ecb</code></a>
Merge pull request <a
href="https://redirect.github.com/cure53/DOMPurify/issues/1103";>#1103</a>
from cure53/main</li>
<li><a
href="https://github.com/cure53/DOMPurify/commit/0f7ce144b2dd12295366b3e677da7d64bff2b60d";><code>0f7ce14</code></a>
chore: Preparing 3.2.6 release</li>
<li><a
href="https://github.com/cure53/DOMPurify/commit/848463b05247ecbcf1d96cd4204063a5de854365";><code>848463b</code></a>
chore: removed unused test server script</li>
<li><a
href="https://github.com/cure53/DOMPurify/commit/b0e0ebbd9e861e7b657caa3b939dabf0102246fd";><code>b0e0ebb</code></a>
Update README.md</li>
<li><a
href="https://github.com/cure53/DOMPurify/commit/f094f76f0bd66a603f06935a1ed715b05b60279b";><code>f094f76</code></a>
Update README.md</li>
<li><a
href="https://github.com/cure53/DOMPurify/commit/6bc6d60e49256f27a4022181b7d8a5b0721fd534";><code>6bc6d60</code></a>
Merge pull request <a
href="https://redirect.github.com/cure53/DOMPurify/issues/1101";>#1101</a>
from odaysec/patch-1</li>
<li><a
href="https://github.com/cure53/DOMPurify/commit/e9afd609397aa31b0747a766504f698fcb6ad0f7";><code>e9afd60</code></a>
Update server.js</li>
<li><a
href="https://github.com/cure53/DOMPurify/commit/166151cc46cfed892d0d70bd5dcf822bf9a4e129";><code>166151c</code></a>
see <a
href="https://redirect.github.com/cure53/DOMPurify/issues/1095";>#1095</a></li>
<li><a
href="https://github.com/cure53/DOMPurify/commit/ac7c59460c7c8c0ebf75c61007dd6c34119e099f";><code>ac7c594</code></a>
Merge pull request <a
href="https://redirect.github.com/cure53/DOMPurify/issues/1096";>#1096</a>
from Rotzbua/fix_missing</li>
<li>Additional commits viewable in <a
href="https://github.com/cure53/DOMPurify/compare/3.2.5...3.2.6";>compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <supp...@github.com>
Co-authored-by: dependabot[bot]
<49699333+dependabot[bot]@users.noreply.github.com>
---
themes/common-theme/webapp/common-theme/js/package-lock.json | 8 ++++----
themes/common-theme/webapp/common-theme/js/package.json | 2 +-
2 files changed, 5 insertions(+), 5 deletions(-)
diff --git a/themes/common-theme/webapp/common-theme/js/package-lock.json
b/themes/common-theme/webapp/common-theme/js/package-lock.json
index 16cdaf6a9b..e0d822c003 100644
--- a/themes/common-theme/webapp/common-theme/js/package-lock.json
+++ b/themes/common-theme/webapp/common-theme/js/package-lock.json
@@ -9,7 +9,7 @@
"dependencies": {
"@chinchilla-software/jquery-ui-timepicker-addon": "^1.6.3",
"daterangepicker": "^3.1.0",
- "dompurify": "^3.2.5",
+ "dompurify": "^3.2.6",
"featherlight": "^1.7.14",
"flot": "^4.2.6",
"inputmask": "^5.0.9",
@@ -49,9 +49,9 @@
}
},
"node_modules/dompurify": {
- "version": "3.2.5",
- "resolved":
"https://registry.npmjs.org/dompurify/-/dompurify-3.2.5.tgz";,
- "integrity":
"sha512-mLPd29uoRe9HpvwP2TxClGQBzGXeEC/we/q+bFlmPPmj2p2Ugl3r6ATu/UU1v77DXNcehiBg9zsr1dREyA/dJQ==",
+ "version": "3.2.6",
+ "resolved":
"https://registry.npmjs.org/dompurify/-/dompurify-3.2.6.tgz";,
+ "integrity":
"sha512-/2GogDQlohXPZe6D6NOgQvXLPSYBqIWMnZ8zzOhn09REE4eyAzb+Hed3jhoM9OkuaJ8P6ZGTTVWQKAi8ieIzfQ==",
"license": "(MPL-2.0 OR Apache-2.0)",
"optionalDependencies": {
"@types/trusted-types": "^2.0.7"
diff --git a/themes/common-theme/webapp/common-theme/js/package.json
b/themes/common-theme/webapp/common-theme/js/package.json
index 8950621efc..c09d8bfc89 100644
--- a/themes/common-theme/webapp/common-theme/js/package.json
+++ b/themes/common-theme/webapp/common-theme/js/package.json
@@ -6,7 +6,7 @@
"dependencies": {
"@chinchilla-software/jquery-ui-timepicker-addon": "^1.6.3",
"daterangepicker": "^3.1.0",
- "dompurify": "^3.2.5",
+ "dompurify": "^3.2.6",
"featherlight": "^1.7.14",
"flot": "^4.2.6",
"inputmask": "^5.0.9",
