This is an automated email from the ASF dual-hosted git repository.
jleroux pushed a commit to branch trunk
in repository https://gitbox.apache.org/repos/asf/ofbiz-framework.git
The following commit(s) were added to refs/heads/trunk by this push:
new 9cc4fe1c5e Bump dompurify from 3.2.6 to 3.2.7 in
/themes/common-theme/webapp/common-theme/js (#911)
9cc4fe1c5e is described below
commit 9cc4fe1c5e9a5266708e9cf9db30734527e62eaa
Author: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
AuthorDate: Fri Sep 19 12:52:30 2025 +0200
Bump dompurify from 3.2.6 to 3.2.7 in
/themes/common-theme/webapp/common-theme/js (#911)
Bumps [dompurify](https://github.com/cure53/DOMPurify) from 3.2.6 to
3.2.7.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/cure53/DOMPurify/releases";>dompurify's
releases</a>.</em></p>
<blockquote>
<h2>DOMPurify 3.2.7</h2>
<ul>
<li>Added new attributes and elements to default allow-list, thanks <a
href="https://github.com/elrion018";><code>@elrion018</code></a></li>
<li>Added <code>tagName</code> parameter to custom element
<code>attributeNameCheck</code>, thanks <a
href="https://github.com/nelstrom";><code>@nelstrom</code></a></li>
<li>Added better check for animated <code>href</code> attributes, thanks
<a href="https://github.com/llamakko";><code>@llamakko</code></a></li>
<li>Updated and improved the bundled types, thanks <a
href="https://github.com/ssi02014";><code>@ssi02014</code></a></li>
<li>Updated several tests to better align with new browser encoding
behaviors</li>
<li>Improved the handling of potentially risky content inside CDATA
elements, thanks <a
href="https://github.com/securityMB";><code>@securityMB</code></a> &
<a href="https://github.com/terjanq";><code>@terjanq</code></a></li>
<li>Improved the regular expression for raw-text elements to cover
textareas, thanks <a
href="https://github.com/securityMB";><code>@securityMB</code></a> &
<a href="https://github.com/terjanq";><code>@terjanq</code></a></li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/cure53/DOMPurify/commit/eaa0bdb26a1d0164af587d9059b98269008faece";><code>eaa0bdb</code></a>
Merge pull request <a
href="https://redirect.github.com/cure53/DOMPurify/issues/1144";>#1144</a>
from cure53/main</li>
<li><a
href="https://github.com/cure53/DOMPurify/commit/f712593118c158c0daaf16527d804c84c96f4ce5";><code>f712593</code></a>
fix: removed a possibly dossy regex</li>
<li><a
href="https://github.com/cure53/DOMPurify/commit/eb9b3b68747fa2cf99629c6b764a14c041f96c23";><code>eb9b3b6</code></a>
Merge branch 'main' of github.com:cure53/DOMPurify</li>
<li><a
href="https://github.com/cure53/DOMPurify/commit/ce006f705cfa16836271d2d92cf0f57487361ac6";><code>ce006f7</code></a>
chore: Preparing 3.2.7 release</li>
<li><a
href="https://github.com/cure53/DOMPurify/commit/ef0e0cb6eb8bdee8ed9651b7340226136287aac1";><code>ef0e0cb</code></a>
chore: Preparing 3.2.6 release</li>
<li><a
href="https://github.com/cure53/DOMPurify/commit/2f09cd3c8ed58906e5cd12e9bebc15c60fd48c4c";><code>2f09cd3</code></a>
Update README.md</li>
<li><a
href="https://github.com/cure53/DOMPurify/commit/6a795bcf3e67712f481e8b32616e218d5a389cc3";><code>6a795bc</code></a>
Merge pull request <a
href="https://redirect.github.com/cure53/DOMPurify/issues/1142";>#1142</a>
from cure53/dependabot/github_actions/actions/setup-...</li>
<li><a
href="https://github.com/cure53/DOMPurify/commit/2458bbdfcaf9b77423ef5e201a435f98ab229355";><code>2458bbd</code></a>
build(deps): bump actions/setup-node from 4 to 5</li>
<li><a
href="https://github.com/cure53/DOMPurify/commit/e43d3f354861f273852d16f35359f529199dc104";><code>e43d3f3</code></a>
Merge pull request <a
href="https://redirect.github.com/cure53/DOMPurify/issues/1136";>#1136</a>
from cure53/dependabot/github_actions/actions/checko...</li>
<li><a
href="https://github.com/cure53/DOMPurify/commit/6f5be37ee02c145b30ca58b1c57264b1b84b99ff";><code>6f5be37</code></a>
build(deps): bump actions/checkout from 4 to 5</li>
<li>Additional commits viewable in <a
href="https://github.com/cure53/DOMPurify/compare/3.2.6...3.2.7";>compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot]
<49699333+dependabot[bot]@users.noreply.github.com>
---
themes/common-theme/webapp/common-theme/js/package-lock.json | 8 ++++----
themes/common-theme/webapp/common-theme/js/package.json | 2 +-
2 files changed, 5 insertions(+), 5 deletions(-)
diff --git a/themes/common-theme/webapp/common-theme/js/package-lock.json
b/themes/common-theme/webapp/common-theme/js/package-lock.json
index 0065c21219..0562bf0cf9 100644
--- a/themes/common-theme/webapp/common-theme/js/package-lock.json
+++ b/themes/common-theme/webapp/common-theme/js/package-lock.json
@@ -9,7 +9,7 @@
"dependencies": {
"@chinchilla-software/jquery-ui-timepicker-addon": "^1.6.3",
"daterangepicker": "^3.1.0",
- "dompurify": "^3.2.6",
+ "dompurify": "^3.2.7",
"featherlight": "^1.7.14",
"flot": "^4.2.6",
"inputmask": "^5.0.9",
@@ -49,9 +49,9 @@
}
},
"node_modules/dompurify": {
- "version": "3.2.6",
- "resolved":
"https://registry.npmjs.org/dompurify/-/dompurify-3.2.6.tgz";,
- "integrity":
"sha512-/2GogDQlohXPZe6D6NOgQvXLPSYBqIWMnZ8zzOhn09REE4eyAzb+Hed3jhoM9OkuaJ8P6ZGTTVWQKAi8ieIzfQ==",
+ "version": "3.2.7",
+ "resolved":
"https://registry.npmjs.org/dompurify/-/dompurify-3.2.7.tgz";,
+ "integrity":
"sha512-WhL/YuveyGXJaerVlMYGWhvQswa7myDG17P7Vu65EWC05o8vfeNbvNf4d/BOvH99+ZW+LlQsc1GDKMa1vNK6dw==",
"license": "(MPL-2.0 OR Apache-2.0)",
"optionalDependencies": {
"@types/trusted-types": "^2.0.7"
diff --git a/themes/common-theme/webapp/common-theme/js/package.json
b/themes/common-theme/webapp/common-theme/js/package.json
index 67be780de6..7e9240abaf 100644
--- a/themes/common-theme/webapp/common-theme/js/package.json
+++ b/themes/common-theme/webapp/common-theme/js/package.json
@@ -6,7 +6,7 @@
"dependencies": {
"@chinchilla-software/jquery-ui-timepicker-addon": "^1.6.3",
"daterangepicker": "^3.1.0",
- "dompurify": "^3.2.6",
+ "dompurify": "^3.2.7",
"featherlight": "^1.7.14",
"flot": "^4.2.6",
"inputmask": "^5.0.9",
