Skip to content
Permalink

Comparing changes

Choose two branches to see what’s changed or to start a new pull request. If you need to, you can also or learn more about diff comparisons.

Open a pull request

Create a new pull request by comparing changes across two branches. If you need to, you can also . Learn more about diff comparisons here.
base repository: cure53/DOMPurify
Failed to load repositories. Confirm that selected base ref is valid, then try again.
Loading
base: 3.3.1
Choose a base ref
...
head repository: cure53/DOMPurify
Failed to load repositories. Confirm that selected head ref is valid, then try again.
Loading
compare: 3.3.2
Choose a head ref
  • 4 commits
  • 21 files changed
  • 3 contributors

Commits on Mar 5, 2026

  1. Getting 3.x branch ready for 3.3.2 releas (#1205)

    * Update README.md
    
    * build(deps): bump qs and body-parser (#1178)
    
    Bumps [qs](https://github.com/ljharb/qs) and [body-parser](https://github.com/expressjs/body-parser). These dependencies needed to be updated together.
    
    Updates `qs` from 6.13.0 to 6.14.1
    - [Changelog](https://github.com/ljharb/qs/blob/main/CHANGELOG.md)
    - [Commits](ljharb/qs@v6.13.0...v6.14.1)
    
    Updates `body-parser` from 1.20.3 to 1.20.4
    - [Release notes](https://github.com/expressjs/body-parser/releases)
    - [Changelog](https://github.com/expressjs/body-parser/blob/master/HISTORY.md)
    - [Commits](expressjs/body-parser@1.20.3...1.20.4)
    
    ---
    updated-dependencies:
    - dependency-name: qs
      dependency-version: 6.14.1
      dependency-type: indirect
    - dependency-name: body-parser
      dependency-version: 1.20.4
      dependency-type: indirect
    ...
    
    Signed-off-by: dependabot[bot] <support@github.com>
    Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
    
    * chore: update tested nodejs version (#1181)
    
    Test currently supported nodejs versions.
    
    Drop: 18, 19, 21, 23
    Add: 24, 25
    
    * chore: update dependencies (#1183)
    
    - migrate to official rollup plugin `@rollup/plugin-typescript` from `rollup-plugin-typescript2`
    - migrate to `rimraf` v6
    
    * Revert "chore: update dependencies (#1183)" (#1184)
    
    This reverts commit 50f6dfe.
    
    * fix: remove deprecated call `QUnit.load()` (#1188)
    
    This is no longer needed since QUnit 2.1.1, and the call to QUnit.load() is safe to remove.
    https://qunitjs.com/api/QUnit/load/
    
    * fix: prettier windows end of line not lf (#1186)
    
    * remove abandoned dependency `npm-run-all` (#1190)
    
    * remove dependency `lodash.sample` (#1191)
    
    use native code
    
    * build(deps-dev): bump lodash-es from 4.17.21 to 4.17.23 (#1192)
    
    Bumps [lodash-es](https://github.com/lodash/lodash) from 4.17.21 to 4.17.23.
    - [Release notes](https://github.com/lodash/lodash/releases)
    - [Commits](lodash/lodash@4.17.21...4.17.23)
    
    ---
    updated-dependencies:
    - dependency-name: lodash-es
      dependency-version: 4.17.23
      dependency-type: indirect
    ...
    
    Signed-off-by: dependabot[bot] <support@github.com>
    Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
    
    * build(deps): bump lodash from 4.17.21 to 4.17.23 (#1193)
    
    Bumps [lodash](https://github.com/lodash/lodash) from 4.17.21 to 4.17.23.
    - [Release notes](https://github.com/lodash/lodash/releases)
    - [Commits](lodash/lodash@4.17.21...4.17.23)
    
    ---
    updated-dependencies:
    - dependency-name: lodash
      dependency-version: 4.17.23
      dependency-type: indirect
    ...
    
    Signed-off-by: dependabot[bot] <support@github.com>
    Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
    
    * Update README.md (#1195)
    
    * build(deps-dev): bump webpack from 5.94.0 to 5.105.0 (#1194)
    
    Bumps [webpack](https://github.com/webpack/webpack) from 5.94.0 to 5.105.0.
    - [Release notes](https://github.com/webpack/webpack/releases)
    - [Changelog](https://github.com/webpack/webpack/blob/main/CHANGELOG.md)
    - [Commits](webpack/webpack@v5.94.0...v5.105.0)
    
    ---
    updated-dependencies:
    - dependency-name: webpack
      dependency-version: 5.105.0
      dependency-type: indirect
    ...
    
    Signed-off-by: dependabot[bot] <support@github.com>
    Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
    
    * Update README.md
    
    * Update README.md
    
    * build(deps): bump qs from 6.14.1 to 6.14.2 (#1196)
    
    Bumps [qs](https://github.com/ljharb/qs) from 6.14.1 to 6.14.2.
    - [Changelog](https://github.com/ljharb/qs/blob/main/CHANGELOG.md)
    - [Commits](ljharb/qs@v6.14.1...v6.14.2)
    
    ---
    updated-dependencies:
    - dependency-name: qs
      dependency-version: 6.14.2
      dependency-type: indirect
    ...
    
    Signed-off-by: dependabot[bot] <support@github.com>
    Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
    
    * fix: Added smaller fixes addressing several LLM bug reports
    
    * fix: Adding a slighjtly tighter regex because of possible jsdom woes
    
    * build(deps-dev): bump minimatch from 3.1.2 to 3.1.5 (#1200)
    
    Bumps [minimatch](https://github.com/isaacs/minimatch) from 3.1.2 to 3.1.5.
    - [Changelog](https://github.com/isaacs/minimatch/blob/main/changelog.md)
    - [Commits](isaacs/minimatch@v3.1.2...v3.1.5)
    
    ---
    updated-dependencies:
    - dependency-name: minimatch
      dependency-version: 3.1.5
      dependency-type: indirect
    ...
    
    Signed-off-by: dependabot[bot] <support@github.com>
    Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
    
    * build(deps-dev): bump rollup from 3.29.5 to 3.30.0 (#1199)
    
    Bumps [rollup](https://github.com/rollup/rollup) from 3.29.5 to 3.30.0.
    - [Release notes](https://github.com/rollup/rollup/releases)
    - [Changelog](https://github.com/rollup/rollup/blob/v3.30.0/CHANGELOG.md)
    - [Commits](rollup/rollup@v3.29.5...v3.30.0)
    
    ---
    updated-dependencies:
    - dependency-name: rollup
      dependency-version: 3.30.0
      dependency-type: direct:development
    ...
    
    Signed-off-by: dependabot[bot] <support@github.com>
    Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
    
    * fix: Adding a slightly tighter regex because of possible jsdom woes
    
    * fix: Expanded the regex ever so slightly to also cover script
    
    * build(deps): bump @tootallnate/once and jsdom (#1204)
    
    Removes [@tootallnate/once](https://github.com/TooTallNate/once). It's no longer used after updating ancestor dependency [jsdom](https://github.com/jsdom/jsdom). These dependencies need to be updated together.
    
    
    Removes `@tootallnate/once`
    
    Updates `jsdom` from 20.0.0 to 28.1.0
    - [Release notes](https://github.com/jsdom/jsdom/releases)
    - [Changelog](https://github.com/jsdom/jsdom/blob/main/Changelog.md)
    - [Commits](jsdom/jsdom@20.0.0...28.1.0)
    
    ---
    updated-dependencies:
    - dependency-name: "@tootallnate/once"
      dependency-version: 
      dependency-type: indirect
    - dependency-name: jsdom
      dependency-version: 28.1.0
      dependency-type: direct:development
    ...
    
    Signed-off-by: dependabot[bot] <support@github.com>
    Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
    
    * chore: Preparing 3.3.2 release
    
    * fix: moved back from jsdom 28 to jsdom 20
    
    ---------
    
    Signed-off-by: dependabot[bot] <support@github.com>
    Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
    Co-authored-by: Rotzbua <Rotzbua@users.noreply.github.com>
    3 people authored Mar 5, 2026
    Configuration menu
    Copy the full SHA
    5cad4ce View commit details
    Browse the repository at this point in the history
  2. Update package-lock.json

    cure53 authored Mar 5, 2026
    Configuration menu
    Copy the full SHA
    9636037 View commit details
    Browse the repository at this point in the history
  3. Configuration menu
    Copy the full SHA
    e8c95f4 View commit details
    Browse the repository at this point in the history
  4. Getting 3.x branch ready for 3.3.2 release (#1208)

    * Update README.md
    
    * build(deps): bump qs and body-parser (#1178)
    
    Bumps [qs](https://github.com/ljharb/qs) and [body-parser](https://github.com/expressjs/body-parser). These dependencies needed to be updated together.
    
    Updates `qs` from 6.13.0 to 6.14.1
    - [Changelog](https://github.com/ljharb/qs/blob/main/CHANGELOG.md)
    - [Commits](ljharb/qs@v6.13.0...v6.14.1)
    
    Updates `body-parser` from 1.20.3 to 1.20.4
    - [Release notes](https://github.com/expressjs/body-parser/releases)
    - [Changelog](https://github.com/expressjs/body-parser/blob/master/HISTORY.md)
    - [Commits](expressjs/body-parser@1.20.3...1.20.4)
    
    ---
    updated-dependencies:
    - dependency-name: qs
      dependency-version: 6.14.1
      dependency-type: indirect
    - dependency-name: body-parser
      dependency-version: 1.20.4
      dependency-type: indirect
    ...
    
    Signed-off-by: dependabot[bot] <support@github.com>
    Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
    
    * chore: update tested nodejs version (#1181)
    
    Test currently supported nodejs versions.
    
    Drop: 18, 19, 21, 23
    Add: 24, 25
    
    * chore: update dependencies (#1183)
    
    - migrate to official rollup plugin `@rollup/plugin-typescript` from `rollup-plugin-typescript2`
    - migrate to `rimraf` v6
    
    * Revert "chore: update dependencies (#1183)" (#1184)
    
    This reverts commit 50f6dfe.
    
    * fix: remove deprecated call `QUnit.load()` (#1188)
    
    This is no longer needed since QUnit 2.1.1, and the call to QUnit.load() is safe to remove.
    https://qunitjs.com/api/QUnit/load/
    
    * fix: prettier windows end of line not lf (#1186)
    
    * remove abandoned dependency `npm-run-all` (#1190)
    
    * remove dependency `lodash.sample` (#1191)
    
    use native code
    
    * build(deps-dev): bump lodash-es from 4.17.21 to 4.17.23 (#1192)
    
    Bumps [lodash-es](https://github.com/lodash/lodash) from 4.17.21 to 4.17.23.
    - [Release notes](https://github.com/lodash/lodash/releases)
    - [Commits](lodash/lodash@4.17.21...4.17.23)
    
    ---
    updated-dependencies:
    - dependency-name: lodash-es
      dependency-version: 4.17.23
      dependency-type: indirect
    ...
    
    Signed-off-by: dependabot[bot] <support@github.com>
    Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
    
    * build(deps): bump lodash from 4.17.21 to 4.17.23 (#1193)
    
    Bumps [lodash](https://github.com/lodash/lodash) from 4.17.21 to 4.17.23.
    - [Release notes](https://github.com/lodash/lodash/releases)
    - [Commits](lodash/lodash@4.17.21...4.17.23)
    
    ---
    updated-dependencies:
    - dependency-name: lodash
      dependency-version: 4.17.23
      dependency-type: indirect
    ...
    
    Signed-off-by: dependabot[bot] <support@github.com>
    Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
    
    * Update README.md (#1195)
    
    * build(deps-dev): bump webpack from 5.94.0 to 5.105.0 (#1194)
    
    Bumps [webpack](https://github.com/webpack/webpack) from 5.94.0 to 5.105.0.
    - [Release notes](https://github.com/webpack/webpack/releases)
    - [Changelog](https://github.com/webpack/webpack/blob/main/CHANGELOG.md)
    - [Commits](webpack/webpack@v5.94.0...v5.105.0)
    
    ---
    updated-dependencies:
    - dependency-name: webpack
      dependency-version: 5.105.0
      dependency-type: indirect
    ...
    
    Signed-off-by: dependabot[bot] <support@github.com>
    Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
    
    * Update README.md
    
    * Update README.md
    
    * build(deps): bump qs from 6.14.1 to 6.14.2 (#1196)
    
    Bumps [qs](https://github.com/ljharb/qs) from 6.14.1 to 6.14.2.
    - [Changelog](https://github.com/ljharb/qs/blob/main/CHANGELOG.md)
    - [Commits](ljharb/qs@v6.14.1...v6.14.2)
    
    ---
    updated-dependencies:
    - dependency-name: qs
      dependency-version: 6.14.2
      dependency-type: indirect
    ...
    
    Signed-off-by: dependabot[bot] <support@github.com>
    Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
    
    * fix: Added smaller fixes addressing several LLM bug reports
    
    * fix: Adding a slighjtly tighter regex because of possible jsdom woes
    
    * build(deps-dev): bump minimatch from 3.1.2 to 3.1.5 (#1200)
    
    Bumps [minimatch](https://github.com/isaacs/minimatch) from 3.1.2 to 3.1.5.
    - [Changelog](https://github.com/isaacs/minimatch/blob/main/changelog.md)
    - [Commits](isaacs/minimatch@v3.1.2...v3.1.5)
    
    ---
    updated-dependencies:
    - dependency-name: minimatch
      dependency-version: 3.1.5
      dependency-type: indirect
    ...
    
    Signed-off-by: dependabot[bot] <support@github.com>
    Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
    
    * build(deps-dev): bump rollup from 3.29.5 to 3.30.0 (#1199)
    
    Bumps [rollup](https://github.com/rollup/rollup) from 3.29.5 to 3.30.0.
    - [Release notes](https://github.com/rollup/rollup/releases)
    - [Changelog](https://github.com/rollup/rollup/blob/v3.30.0/CHANGELOG.md)
    - [Commits](rollup/rollup@v3.29.5...v3.30.0)
    
    ---
    updated-dependencies:
    - dependency-name: rollup
      dependency-version: 3.30.0
      dependency-type: direct:development
    ...
    
    Signed-off-by: dependabot[bot] <support@github.com>
    Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
    
    * fix: Adding a slightly tighter regex because of possible jsdom woes
    
    * fix: Expanded the regex ever so slightly to also cover script
    
    * build(deps): bump @tootallnate/once and jsdom (#1204)
    
    Removes [@tootallnate/once](https://github.com/TooTallNate/once). It's no longer used after updating ancestor dependency [jsdom](https://github.com/jsdom/jsdom). These dependencies need to be updated together.
    
    
    Removes `@tootallnate/once`
    
    Updates `jsdom` from 20.0.0 to 28.1.0
    - [Release notes](https://github.com/jsdom/jsdom/releases)
    - [Changelog](https://github.com/jsdom/jsdom/blob/main/Changelog.md)
    - [Commits](jsdom/jsdom@20.0.0...28.1.0)
    
    ---
    updated-dependencies:
    - dependency-name: "@tootallnate/once"
      dependency-version: 
      dependency-type: indirect
    - dependency-name: jsdom
      dependency-version: 28.1.0
      dependency-type: direct:development
    ...
    
    Signed-off-by: dependabot[bot] <support@github.com>
    Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
    
    * chore: Preparing 3.3.2 release
    
    * fix: moved back from jsdom 28 to jsdom 20
    
    * fix: moved back from jsdom 28 to jsdom 20
    
    ---------
    
    Signed-off-by: dependabot[bot] <support@github.com>
    Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
    Co-authored-by: Rotzbua <Rotzbua@users.noreply.github.com>
    3 people authored Mar 5, 2026
    Configuration menu
    Copy the full SHA
    5e56114 View commit details
    Browse the repository at this point in the history
Loading