chore(deps): update dependency dompurify to v3.3.2 [security] - autoclosed by renovate-bot · Pull Request #2431 · ghiscoding/slickgrid-universal

renovate-bot · 2026-03-05T21:17:19Z

This PR contains the following updates:

Package	Change	Age	Confidence
dompurify	`3.3.1` → `3.3.2`

GitHub Vulnerability Alerts

CVE-2026-0540

DOMPurify 3.1.3 through 3.3.1 and 2.5.3 through 2.5.8, fixed in 2.5.9 and 3.3.2, contain a cross-site scripting vulnerability that allows attackers to bypass attribute sanitization by exploiting five missing rawtext elements (noscript, xmp, noembed, noframes, iframe) in the SAFE_FOR_XML regex. Attackers can include payloads like </noscript><img src=x onerror=alert(1)> in attribute values to execute JavaScript when sanitized output is placed inside these unprotected rawtext contexts.

Release Notes

cure53/DOMPurify (dompurify)

`v3.3.2`: DOMPurify 3.3.2

Compare Source

Fixed a possible bypass caused by jsdom's faulty raw-text tag parsing, thanks multiple reporters
Fixed a prototype pollution issue when working with custom elements, thanks @christos-eth
Fixed a lenient config parsing in _isValidAttribute, thanks @christos-eth
Bumped and removed several dependencies, thanks @Rotzbua
Fixed the test suite after bumping dependencies, thanks @Rotzbua

Configuration

📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

codecov · 2026-03-05T21:19:06Z

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 100.0%. Comparing base (0d37605) to head (57bc344).
⚠️ Report is 1 commits behind head on master.

Additional details and impacted files

@@           Coverage Diff           @@
##           master    #2431   +/-   ##
=======================================
  Coverage   100.0%   100.0%           
=======================================
  Files         196      196           
  Lines       24320    24320           
  Branches     8519     8519           
=======================================
  Hits        24320    24320

Flag	Coverage Δ
angular	`100.0% <ø> (ø)`
universal	`100.0% <ø> (ø)`

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

pkg-pr-new · 2026-03-05T21:20:36Z

angular-slickgrid

npm i https://pkg.pr.new/angular-slickgrid@2431

aurelia-slickgrid

npm i https://pkg.pr.new/aurelia-slickgrid@2431

slickgrid-react

npm i https://pkg.pr.new/slickgrid-react@2431

slickgrid-vue

npm i https://pkg.pr.new/slickgrid-vue@2431

@slickgrid-universal/angular-row-detail-plugin

npm i https://pkg.pr.new/@slickgrid-universal/angular-row-detail-plugin@2431

@slickgrid-universal/aurelia-row-detail-plugin

npm i https://pkg.pr.new/@slickgrid-universal/aurelia-row-detail-plugin@2431

@slickgrid-universal/react-row-detail-plugin

npm i https://pkg.pr.new/@slickgrid-universal/react-row-detail-plugin@2431

@slickgrid-universal/vue-row-detail-plugin

npm i https://pkg.pr.new/@slickgrid-universal/vue-row-detail-plugin@2431

@slickgrid-universal/binding

npm i https://pkg.pr.new/@slickgrid-universal/binding@2431

@slickgrid-universal/common

npm i https://pkg.pr.new/@slickgrid-universal/common@2431

@slickgrid-universal/composite-editor-component

npm i https://pkg.pr.new/@slickgrid-universal/composite-editor-component@2431

@slickgrid-universal/custom-footer-component

npm i https://pkg.pr.new/@slickgrid-universal/custom-footer-component@2431

@slickgrid-universal/custom-tooltip-plugin

npm i https://pkg.pr.new/@slickgrid-universal/custom-tooltip-plugin@2431

@slickgrid-universal/empty-warning-component

npm i https://pkg.pr.new/@slickgrid-universal/empty-warning-component@2431

@slickgrid-universal/event-pub-sub

npm i https://pkg.pr.new/@slickgrid-universal/event-pub-sub@2431

@slickgrid-universal/excel-export

npm i https://pkg.pr.new/@slickgrid-universal/excel-export@2431

@slickgrid-universal/graphql

npm i https://pkg.pr.new/@slickgrid-universal/graphql@2431

@slickgrid-universal/odata

npm i https://pkg.pr.new/@slickgrid-universal/odata@2431

@slickgrid-universal/pagination-component

npm i https://pkg.pr.new/@slickgrid-universal/pagination-component@2431

@slickgrid-universal/pdf-export

npm i https://pkg.pr.new/@slickgrid-universal/pdf-export@2431

@slickgrid-universal/row-detail-view-plugin

npm i https://pkg.pr.new/@slickgrid-universal/row-detail-view-plugin@2431

@slickgrid-universal/rxjs-observable

npm i https://pkg.pr.new/@slickgrid-universal/rxjs-observable@2431

@slickgrid-universal/text-export

npm i https://pkg.pr.new/@slickgrid-universal/text-export@2431

@slickgrid-universal/utils

npm i https://pkg.pr.new/@slickgrid-universal/utils@2431

@slickgrid-universal/vanilla-bundle

npm i https://pkg.pr.new/@slickgrid-universal/vanilla-bundle@2431

@slickgrid-universal/vanilla-force-bundle

npm i https://pkg.pr.new/@slickgrid-universal/vanilla-force-bundle@2431

commit: 5f99eed

chore(deps): update dependency dompurify to v3.3.2 [security]

57bc344

forking-renovate bot added 📦 dependencies Pull requests that update a dependency file 🤖 bot labels Mar 5, 2026

renovate-bot added 📦 dependencies Pull requests that update a dependency file 🤖 bot labels Mar 5, 2026

renovate-bot changed the title ~~chore(deps): update dependency dompurify to v3.3.2 [security]~~ chore(deps): update dependency dompurify to v3.3.2 [security] - autoclosed Mar 5, 2026

renovate-bot closed this Mar 5, 2026

renovate-bot deleted the renovate/npm-dompurify-vulnerability branch March 5, 2026 21:33

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

chore(deps): update dependency dompurify to v3.3.2 [security] - autoclosed#2431

chore(deps): update dependency dompurify to v3.3.2 [security] - autoclosed#2431
renovate-bot wants to merge 1 commit intoghiscoding:masterfrom
renovate-bot:renovate/npm-dompurify-vulnerability

renovate-bot commented Mar 5, 2026

Uh oh!

codecov bot commented Mar 5, 2026 •

edited

Loading

Uh oh!

pkg-pr-new bot commented Mar 5, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant

Uh oh!

Conversation

renovate-bot commented Mar 5, 2026

GitHub Vulnerability Alerts

CVE-2026-0540

Release Notes

v3.3.2: DOMPurify 3.3.2

Configuration

Uh oh!

codecov bot commented Mar 5, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Codecov Report

Uh oh!

pkg-pr-new bot commented Mar 5, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant

`v3.3.2`: DOMPurify 3.3.2

codecov bot commented Mar 5, 2026 •

edited

Loading