This is an automated email from the ASF dual-hosted git repository.
jleroux pushed a commit to branch trunk
in repository https://gitbox.apache.org/repos/asf/ofbiz-framework.git
The following commit(s) were added to refs/heads/trunk by this push:
new 2aefd35668 Bump dompurify from 3.3.0 to 3.3.1 in
/themes/common-theme/webapp/common-theme/js (#929)
2aefd35668 is described below
commit 2aefd356689f23def5261828c9eb14acd503a09a
Author: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
AuthorDate: Tue Dec 9 16:52:37 2025 +0100
Bump dompurify from 3.3.0 to 3.3.1 in
/themes/common-theme/webapp/common-theme/js (#929)
Bumps [dompurify](https://github.com/cure53/DOMPurify) from 3.3.0 to
3.3.1.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/cure53/DOMPurify/releases";>dompurify's
releases</a>.</em></p>
<blockquote>
<h2>DOMPurify 3.3.1</h2>
<ul>
<li>Updated <code>ADD_FORBID_CONTENTS</code> setting to extend default
list, thanks <a
href="https://github.com/MariusRumpf";><code>@MariusRumpf</code></a></li>
<li>Updated the ESM import syntax to be more correct, thanks <a
href="https://github.com/binhpv";><code>@binhpv</code></a></li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/cure53/DOMPurify/commit/6fc446a589ab3d1d72ae2a5b71167ba38dbd3096";><code>6fc446a</code></a>
Merge pull request <a
href="https://redirect.github.com/cure53/DOMPurify/issues/1175";>#1175</a>
from cure53/main</li>
<li><a
href="https://github.com/cure53/DOMPurify/commit/3b3bf917d2b39460de6d130acebdc9243cf3e6ae";><code>3b3bf91</code></a>
Merge branch 'main' of github.com:cure53/DOMPurify</li>
<li><a
href="https://github.com/cure53/DOMPurify/commit/9863f4195bae6048de9eb2802219218c6904066c";><code>9863f41</code></a>
chore: Preparing 3.3.1 release</li>
<li><a
href="https://github.com/cure53/DOMPurify/commit/b4e02954dc4172c3944a755f3e99fbb76be64f7b";><code>b4e0295</code></a>
chore: Preparing 3.3.0 release</li>
<li><a
href="https://github.com/cure53/DOMPurify/commit/077746bb2cfb77836dfb628dca7ffc7ced8a5356";><code>077746b</code></a>
build(deps-dev): bump js-yaml from 4.1.0 to 4.1.1 (<a
href="https://redirect.github.com/cure53/DOMPurify/issues/1170";>#1170</a>)</li>
<li><a
href="https://github.com/cure53/DOMPurify/commit/4de68bba9aba43dc3bba9348df603b64fc06d591";><code>4de68bb</code></a>
build(deps): bump actions/checkout from 5 to 6 (<a
href="https://redirect.github.com/cure53/DOMPurify/issues/1171";>#1171</a>)</li>
<li><a
href="https://github.com/cure53/DOMPurify/commit/4c76b6f84ad392bc3be1a23ca97d4f1e8368cbf0";><code>4c76b6f</code></a>
Use correct ESM import syntax (<a
href="https://redirect.github.com/cure53/DOMPurify/issues/1173";>#1173</a>)</li>
<li><a
href="https://github.com/cure53/DOMPurify/commit/27e8496bcd689a16acc7d0bf7c88b933efad569a";><code>27e8496</code></a>
Merge pull request <a
href="https://redirect.github.com/cure53/DOMPurify/issues/1168";>#1168</a>
from MariusRumpf/add-forbid-contents</li>
<li><a
href="https://github.com/cure53/DOMPurify/commit/a920096dbe3ddacff541745bb49d64df874a1087";><code>a920096</code></a>
Add ADD_FORBID_CONTENTS setting to extend default list</li>
<li><a
href="https://github.com/cure53/DOMPurify/commit/ac64660975fe1141e2654eafeca58eff3ecbc981";><code>ac64660</code></a>
Merge pull request <a
href="https://redirect.github.com/cure53/DOMPurify/issues/1163";>#1163</a>
from cure53/dependabot/github_actions/actions/setup-...</li>
<li>Additional commits viewable in <a
href="https://github.com/cure53/DOMPurify/compare/3.3.0...3.3.1";>compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot]
<49699333+dependabot[bot]@users.noreply.github.com>
---
themes/common-theme/webapp/common-theme/js/package-lock.json | 12 +++++++-----
themes/common-theme/webapp/common-theme/js/package.json | 2 +-
2 files changed, 8 insertions(+), 6 deletions(-)
diff --git a/themes/common-theme/webapp/common-theme/js/package-lock.json
b/themes/common-theme/webapp/common-theme/js/package-lock.json
index 4b3af881c6..506ca16b04 100644
--- a/themes/common-theme/webapp/common-theme/js/package-lock.json
+++ b/themes/common-theme/webapp/common-theme/js/package-lock.json
@@ -9,7 +9,7 @@
"dependencies": {
"@chinchilla-software/jquery-ui-timepicker-addon": "^1.6.3",
"daterangepicker": "^3.1.0",
- "dompurify": "^3.3.0",
+ "dompurify": "^3.3.1",
"featherlight": "^1.7.14",
"flot": "^4.2.6",
"inputmask": "^5.0.9",
@@ -49,9 +49,9 @@
}
},
"node_modules/dompurify": {
- "version": "3.3.0",
- "resolved":
"https://registry.npmjs.org/dompurify/-/dompurify-3.3.0.tgz";,
- "integrity":
"sha512-r+f6MYR1gGN1eJv0TVQbhA7if/U7P87cdPl3HN5rikqaBSBxLiCb/b9O+2eG0cxz0ghyU+mU1QkbsOwERMYlWQ==",
+ "version": "3.3.1",
+ "resolved":
"https://registry.npmjs.org/dompurify/-/dompurify-3.3.1.tgz";,
+ "integrity":
"sha512-qkdCKzLNtrgPFP1Vo+98FRzJnBRGe4ffyCea9IwHB1fyxPOeNTHpLKYGd4Uk9xvNoH0ZoOjwZxNptyMwqrId1Q==",
"license": "(MPL-2.0 OR Apache-2.0)",
"optionalDependencies": {
"@types/trusted-types": "^2.0.7"
@@ -75,7 +75,8 @@
"node_modules/jquery": {
"version": "3.7.1",
"resolved": "https://registry.npmjs.org/jquery/-/jquery-3.7.1.tgz";,
- "integrity":
"sha512-m4avr8yL8kmFN8psrbFFFmB/If14iN5o9nw/NgnnM+kybDJpRsAynV2BsfpTYrTRysYUdADVD7CkUUizgkpLfg=="
+ "integrity":
"sha512-m4avr8yL8kmFN8psrbFFFmB/If14iN5o9nw/NgnnM+kybDJpRsAynV2BsfpTYrTRysYUdADVD7CkUUizgkpLfg==",
+ "peer": true
},
"node_modules/jquery-migrate": {
"version": "3.5.2",
@@ -114,6 +115,7 @@
"resolved":
"https://registry.npmjs.org/moment/-/moment-2.30.1.tgz";,
"integrity":
"sha512-uEmtNhbDOrWPFS+hdjFCBfy9f2YoyzRpwcl+DqpC6taX21FzsTLQVbMV/W7PzNSX6x/bhC1zA3c2UQ5NzH6how==",
"license": "MIT",
+ "peer": true,
"engines": {
"node": "*"
}
diff --git a/themes/common-theme/webapp/common-theme/js/package.json
b/themes/common-theme/webapp/common-theme/js/package.json
index ee7bd191a5..063d7ea3f3 100644
--- a/themes/common-theme/webapp/common-theme/js/package.json
+++ b/themes/common-theme/webapp/common-theme/js/package.json
@@ -6,7 +6,7 @@
"dependencies": {
"@chinchilla-software/jquery-ui-timepicker-addon": "^1.6.3",
"daterangepicker": "^3.1.0",
- "dompurify": "^3.3.0",
+ "dompurify": "^3.3.1",
"featherlight": "^1.7.14",
"flot": "^4.2.6",
"inputmask": "^5.0.9",
