This is an automated email from the ASF dual-hosted git repository.
jleroux pushed a commit to branch trunk
in repository https://gitbox.apache.org/repos/asf/ofbiz-framework.git
The following commit(s) were added to refs/heads/trunk by this push:
new 6a44d0d084 Bump dompurify from 3.3.1 to 3.3.2 in
/themes/common-theme/webapp/common-theme/js (#971)
6a44d0d084 is described below
commit 6a44d0d084afba8e0e33bc8805002cf5560b7630
Author: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
AuthorDate: Thu Mar 5 15:55:16 2026 +0100
Bump dompurify from 3.3.1 to 3.3.2 in
/themes/common-theme/webapp/common-theme/js (#971)
Bumps [dompurify](https://github.com/cure53/DOMPurify) from 3.3.1 to
3.3.2.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/cure53/DOMPurify/releases";>dompurify's
releases</a>.</em></p>
<blockquote>
<h2>DOMPurify 3.3.2</h2>
<ul>
<li>Fixed a possible bypass caused by jsdom's faulty raw-text tag
parsing, thanks multiple reporters</li>
<li>Fixed a prototype pollution issue when working with custom elements,
thanks <a
href="https://github.com/christos-eth";><code>@christos-eth</code></a></li>
<li>Fixed a lenient config parsing in <code>_isValidAttribute</code>,
thanks <a
href="https://github.com/christos-eth";><code>@christos-eth</code></a></li>
<li>Bumped and removed several dependencies, thanks <a
href="https://github.com/Rotzbua";><code>@Rotzbua</code></a></li>
<li>Fixed the test suite after bumping dependencies, thanks <a
href="https://github.com/Rotzbua";><code>@Rotzbua</code></a></li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/cure53/DOMPurify/commit/5e56114cb24079ce52dbc51f76e494b77afa5153";><code>5e56114</code></a>
Getting 3.x branch ready for 3.3.2 release (<a
href="https://redirect.github.com/cure53/DOMPurify/issues/1208";>#1208</a>)</li>
<li><a
href="https://github.com/cure53/DOMPurify/commit/e8c95f4a27aa8b041f92b59ab7685a94f7be6208";><code>e8c95f4</code></a>
fix: Fixed the broken package-lock.json</li>
<li><a
href="https://github.com/cure53/DOMPurify/commit/9636037c145b769dad0b52da8313301cbf867f46";><code>9636037</code></a>
Update package-lock.json</li>
<li><a
href="https://github.com/cure53/DOMPurify/commit/5cad4cecf2e647ac66eed25bc02a2415f00dbc8b";><code>5cad4ce</code></a>
Getting 3.x branch ready for 3.3.2 releas (<a
href="https://redirect.github.com/cure53/DOMPurify/issues/1205";>#1205</a>)</li>
<li>See full diff in <a
href="https://github.com/cure53/DOMPurify/compare/3.3.1...3.3.2";>compare
view</a></li>
</ul>
</details>
<br />
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot]
<49699333+dependabot[bot]@users.noreply.github.com>
---
themes/common-theme/webapp/common-theme/js/package-lock.json | 11 +++++++----
themes/common-theme/webapp/common-theme/js/package.json | 2 +-
2 files changed, 8 insertions(+), 5 deletions(-)
diff --git a/themes/common-theme/webapp/common-theme/js/package-lock.json
b/themes/common-theme/webapp/common-theme/js/package-lock.json
index 0a54507f8b..50fa396d1a 100644
--- a/themes/common-theme/webapp/common-theme/js/package-lock.json
+++ b/themes/common-theme/webapp/common-theme/js/package-lock.json
@@ -9,7 +9,7 @@
"dependencies": {
"@chinchilla-software/jquery-ui-timepicker-addon": "^1.6.3",
"daterangepicker": "^3.1.0",
- "dompurify": "^3.3.1",
+ "dompurify": "^3.3.2",
"featherlight": "^1.7.14",
"flot": "^4.2.6",
"inputmask": "^5.0.9",
@@ -49,10 +49,13 @@
}
},
"node_modules/dompurify": {
- "version": "3.3.1",
- "resolved":
"https://registry.npmjs.org/dompurify/-/dompurify-3.3.1.tgz";,
- "integrity":
"sha512-qkdCKzLNtrgPFP1Vo+98FRzJnBRGe4ffyCea9IwHB1fyxPOeNTHpLKYGd4Uk9xvNoH0ZoOjwZxNptyMwqrId1Q==",
+ "version": "3.3.2",
+ "resolved":
"https://registry.npmjs.org/dompurify/-/dompurify-3.3.2.tgz";,
+ "integrity":
"sha512-6obghkliLdmKa56xdbLOpUZ43pAR6xFy1uOrxBaIDjT+yaRuuybLjGS9eVBoSR/UPU5fq3OXClEHLJNGvbxKpQ==",
"license": "(MPL-2.0 OR Apache-2.0)",
+ "engines": {
+ "node": ">=20"
+ },
"optionalDependencies": {
"@types/trusted-types": "^2.0.7"
}
diff --git a/themes/common-theme/webapp/common-theme/js/package.json
b/themes/common-theme/webapp/common-theme/js/package.json
index f6f330c28b..e4d3b50486 100644
--- a/themes/common-theme/webapp/common-theme/js/package.json
+++ b/themes/common-theme/webapp/common-theme/js/package.json
@@ -6,7 +6,7 @@
"dependencies": {
"@chinchilla-software/jquery-ui-timepicker-addon": "^1.6.3",
"daterangepicker": "^3.1.0",
- "dompurify": "^3.3.1",
+ "dompurify": "^3.3.2",
"featherlight": "^1.7.14",
"flot": "^4.2.6",
"inputmask": "^5.0.9",
