Skip to content

chore(deps): update dependency isomorphic-dompurify to v3#614

Open
renovate[bot] wants to merge 1 commit into
masterfrom
renovate/isomorphic-dompurify-3.x
Open

chore(deps): update dependency isomorphic-dompurify to v3#614
renovate[bot] wants to merge 1 commit into
masterfrom
renovate/isomorphic-dompurify-3.x

Conversation

@renovate
Copy link
Copy Markdown
Contributor

@renovate renovate Bot commented Feb 21, 2026
edited
Loading

This PR contains the following updates:

Package Change Age Confidence
isomorphic-dompurify ^2.3.0^3.12.0 age confidence

Release Notes

kkomelin/isomorphic-dompurify (isomorphic-dompurify)

v3.12.0: : Updated dependencies

Compare Source

What's Changed

Full Changelog: kkomelin/isomorphic-dompurify@3.11.0...3.12.0

v3.11.0: : Export hook-related TypeScript types

Compare Source

What's Changed

Full Changelog: kkomelin/isomorphic-dompurify@3.10.0...3.11.0

v3.10.0: : Updated dependencies

Compare Source

What's Changed

Full Changelog: kkomelin/isomorphic-dompurify@3.9.0...3.10.0

v3.9.0: : Updated dompurify and others

Compare Source

What's Changed

  • Updated DOMPurify to 3.4.0
  • Updated dev dependencies (Biome, Vitest)

Full Changelog: kkomelin/isomorphic-dompurify@3.8.0...3.9.0

v3.8.0: : Updated dependencies

Compare Source

Dependency updates:

  • bump jsdom from 29.0.1 to 29.0.2
  • bump @​biomejs/biome from 2.4.8 to 2.4.10
  • bump vitest from 4.1.1 to 4.1.3
  • bump lefthook from 2.1.4 to 2.1.5

v3.7.1

Compare Source

Bug Fix

  • Fixed missing browser type declarationsbrowser.d.ts and browser.d.mts were not included in the 3.7.0 published package due to a race condition in the build process. This caused TS7016: Could not find a declaration file for module 'isomorphic-dompurify' errors in tsgo and TypeScript 6 when resolving through the default (browser) exports condition. (#​411)

Thanks to @​asterikx and @​ElPrudi for their help with the issue.

v3.7.0: : TypeScript 6 compatibility

Compare Source

TypeScript 6 compatibility fixes:

  • Add explicit type annotation for sanitize to satisfy TS6
  • Silence baseUrl deprecation warning from tsup dts build in TS6

Dependency updates:

  • bump typescript from 5.9.3 to 6.0.2
  • bump vitest from 4.1.0 to 4.1.1

v3.6.0: : Updated dependencies

Compare Source

Dependency updates:

v3.5.1

Compare Source

Fix outdated build artifacts published in 3.5.0.

v3.5.0: : Add factory function support

Compare Source

What's new

Features
  • The default export is now callable as a factory function, matching the dompurify API — DOMPurify(window) now returns a new DOMPurify instance bound to the given window (#​405)
Bug fixes
  • Fixed isEqualNode returning false when comparing RETURN_DOM + FORCE_BODY output against nodes from a separate JSDOM context (#​405)

Thanks to @​probablykasper for helping with this release.

v3.4.0: : jsdom update, performance improvement and node 22 requirement update

Compare Source

What's Changed

  • Upgraded jsdom from 28 to 29, which fixes performance degradation in long-running processes; note that heap memory still grows over time without calling clearWindow()
  • Bumped minimum Node.js 22 requirement from 22.12.0 to 22.13.0 (LTS)
  • Added format script (biome format --write) and pre-commit hook
  • Updated dev dependencies (biome, vitest)

v3.3.0: : Updated dependencies

Compare Source

What's Changed

Full Changelog: kkomelin/isomorphic-dompurify@3.2.0...3.3.0

v3.2.0: : Updated dependencies

Compare Source

What's Changed

  • chore(deps): bump dompurify from 3.3.2 to 3.3.3

Full Changelog: kkomelin/isomorphic-dompurify@3.1.0...3.2.0

v3.1.0: : Updated dependencies

Compare Source

What's Changed

Full Changelog: kkomelin/isomorphic-dompurify@3.0.0...3.1.0

v3.0.0: : ESM Support + Memory Leak Fix for Long-Running Server Processes

Compare Source

isomorphic-dompurify v3.0.0

ESM Support

The library now ships proper ESM alongside CommonJS. Both import and require work out of the box with correct module resolution.

// ESM — now works natively
import DOMPurify, { sanitize } from "isomorphic-dompurify";

// CJS — still works
const DOMPurify = require("isomorphic-dompurify");

Memory Leak Fix for Long-Running Server Processes

New clearWindow() export that closes the internal jsdom window and creates a fresh one, preventing unbounded memory growth and progressive slowdown in long-running Node.js processes (#​368).

import { sanitize, clearWindow } from "isomorphic-dompurify";

// Call clearWindow() when you want to release accumulated DOM state,
// e.g. periodically, after a batch, or per-request in a server:
app.use((req, res, next) => {
  res.on("finish", () => clearWindow());
  next();
});

Note: clearWindow() is a no-op in the browser build (no jsdom to manage). Any hooks or config set via addHook/setConfig will need to be re-applied after calling it.

Breaking Changes

  • Named exports are now available. sanitize, addHook, removeHook, removeHooks, removeAllHooks, setConfig, clearConfig, isValidAttribute, isSupported, version, and removed are all exported directly.
  • global.DOMPurify singleton removed. The library no longer writes to global.DOMPurify. Module caching provides singleton behavior in both ESM and CJS. This also fixes a security concern where malicious code could preempt the global before the module loaded (#​324).
  • Build output moved to dist/. Entry points are now dist/index.js (CJS), dist/index.mjs (ESM), dist/browser.js (CJS), dist/browser.mjs (ESM). The exports map handles this automatically — no changes needed for consumers using standard imports.
  • Type definitions are auto-generated. The hand-written index.d.ts using export = DOMPurify is replaced by generated .d.ts and .d.mts files with proper export default and named exports.
  • Node.js version constraint tightened. Now requires ^20.19.0 || ^22.12.0 || >=24.0.0 to match jsdom 28's requirements. Node 21.x, 23.x, and 22.0–22.11 are no longer supported.

Issues Fixed

  • #​368 — Memory leak and progressive slowdown in long-running Node.js processes
  • #​163 — ESM support
  • #​324 — Security concern with global.DOMPurify
  • #​353lru-cache ESM resolution errors in Nuxt/Nitro builds
  • #​350 — Build error with Astro + Cloudflare adapter
  • #​203 — Build error in Angular Universal

Issues Mitigated

  • #​330, #​349createWindow TypeError in Next.js 15 (jsdom is now external, reducing bundler conflicts)
  • #​356webidl-conversions error in Node.js 22 + Next.js
  • #​54canvas resolution error in serverless environments

Internal Changes

  • Source rewritten in TypeScript
  • Build toolchain switched from terser to tsup (dual CJS/ESM output via esbuild)
  • Linting added via Biome with lefthook pre-commit hooks and CI enforcement
  • CI updated to actions/checkout@v4, actions/setup-node@v4, pnpm/action-setup@v4
  • Tests converted to TypeScript with expanded coverage of the wrapper API
  • jsdom updated to 28.1.0
  • Validated against Astro, Next.js, Nuxt, React, and SvelteKit via isomorphic-dompurify-playgrounds

v2.36.0: : Updated jsdom to 28.0.0

Compare Source

Changelog
  • Updated jsdom.

See the complete changelog for more details.

Release

2.36.0

v2.35.0: : Updated jsdom

Compare Source

Changelog
  • Updated jsdom.
  • Updated dev dependencies.

See the complete changelog for more details.

Release

2.35.0

v2.34.0: : Updated dependencies

Compare Source

Changelog
  • Updated dompurify and jsdom.
  • Updated dev dependencies.

See the complete changelog for more details.

Release

2.34.0

v2.33.0: : Improved Web Worker support

Compare Source

Changelog

See the complete changelog for more details.

Release

2.33.0

v2.32.0: : Updated dependencies

Compare Source

Changelog
  • Updated jsdom.
  • Updated dev dependencies.

See the complete changelog for more details.

Release

2.32.0

v2.31.0: : Updated dependencies

Compare Source

Changelog
  • Updated jsdom.
  • Updated dev dependencies.

See the complete changelog for more details.

Release

2.31.0

v2.30.1: : Properly increased minimal supported Node version to 20.19.5

Compare Source

This release drops support for Node < 20.19.5, so please update your Node accordingly. Node 22 and 24 may need upgrade too if you're affected - read comments here jsdom/jsdom#3963

Changelog
  • Increased minimal supported Node version from 18 to 20.19.5 through package.json engines to reflect recent jsdom switch.

See the complete changelog for more details.

Release

2.30.1

v2.30.0: : Updated jsdom which dropped support for Node < 20.19.5

Compare Source

This release drops support for Node < 20.19.5, so please update your Node accordingly.

Changelog
  • Updated jsdom.

See the complete changelog for more details.

Release

2.30.0

v2.29.0: : Updated dompurify

Compare Source

Changelog
  • Updated dompurify.

See the complete changelog for more details.

Release

2.29.0

v2.28.0: : Updated dompurify

Compare Source

Changelog
  • Updated dompurify.

See the complete changelog for more details.

Release

2.28.0

v2.27.0: : Updated jsdom dependency and dropped support for Node < 20

Compare Source

Changelog
  • Updated jsdom which dropped support for Node < 20.
  • Updated dev deps.

See the complete changelog for more details.

Release

2.27.0

v2.26.0: : Fixed package import in different environments

Compare Source

Changelog

See the complete changelog for more details.

Release

2.26.0

v2.25.0: Updated dependencies

Compare Source

Changelog
  • Updated dompurify and other dependencies.

See the complete changelog for more details.

Release

2.25.0

v2.24.0: Updated dependencies

Compare Source

Changelog
  • Updated jsdom and other dependencies.

See the complete changelog for more details.

Release

2.24.0

v2.23.0: Updated dependencies

Compare Source

Changelog
  • Updated dompurify.
  • Updated other dependencies.

See the complete changelog for more details.

Release

2.23.0

v2.22.0: Updated dependencies

Compare Source

Changelog

See the complete changelog for more details.

Release

2.22.0

v2.21.0: Updated dependencies

Compare Source

Changelog
  • Updated dompurify and others.

See the complete changelog for more details.

Release

2.21.0

v2.20.0: Updated dependencies

Compare Source

Changelog
  • Updated jsdom.

See the complete changelog for more details.

Release

2.20.0

v2.19.0: Updated dependencies

Compare Source

Changelog
  • Updated dompurify and other dependencies.

See the complete changelog for more details.

Release

2.19.0

v2.18.0: Updated dependencies

Compare Source

Changelog
  • Updated dompurify and other dependencies.

See the complete changelog for more details.

Release

2.18.0

v2.17.0: Removed @​types/dompurify dependency. Updated dompurify and other dependencies.

Compare Source

Changelog
  • Removed @types/dompurify dependency which caused an issue #​301. The third-party types are not needed anymore because dompurify provides their own. Thanks to @​Bro3Simon for helping with it.
  • Updated dompurify and other dependencies.

See the complete changelog for more details.

Release

2.17.0

v2.16.0: Updated dependencies

Compare Source

Changelog
  • Updated dompurify, jsdom and other dependencies.

See the complete changelog for more details.

Release

2.16.0

v2.15.0: Updated dependencies. Switched to Vitest

Compare Source

Changelog
  • Updated jsdom and other dependencies.
  • Switched from Jest to Vitest for testing.

See the complete changelog for more details.

Release

2.15.0

v2.14.0: Updated dependencies

Compare Source

Changelog
  • Updated jsdom and other dependencies.

See the complete changelog for more details.

Release

2.14.0

v2.13.0: Updated dependencies

Compare Source

Changelog
  • Updated dompurify and other dependencies.

See the complete changelog for more details.

Release

2.13.0

Configuration

📅 Schedule: (UTC)

  • Branch creation
    • At any time (no schedule defined)
  • Automerge
    • At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@renovate renovate Bot added the dependencies Pull requests that update a dependency file label Feb 21, 2026
@renovate renovate Bot force-pushed the renovate/isomorphic-dompurify-3.x branch 3 times, most recently from 281d1b0 to 36cf0bb Compare March 12, 2026 10:15
@renovate renovate Bot force-pushed the renovate/isomorphic-dompurify-3.x branch 4 times, most recently from 4fe4675 to 63a4d2f Compare March 18, 2026 01:25
@renovate renovate Bot force-pushed the renovate/isomorphic-dompurify-3.x branch 2 times, most recently from 3f9237c to a2a2d55 Compare March 24, 2026 10:17
@renovate renovate Bot force-pushed the renovate/isomorphic-dompurify-3.x branch from a2a2d55 to a6c1e63 Compare April 1, 2026 18:16
@renovate renovate Bot force-pushed the renovate/isomorphic-dompurify-3.x branch from a6c1e63 to ad0bd2d Compare April 8, 2026 21:27
@renovate renovate Bot force-pushed the renovate/isomorphic-dompurify-3.x branch 2 times, most recently from 9a764e3 to 7e02d9d Compare April 22, 2026 20:59
@renovate renovate Bot force-pushed the renovate/isomorphic-dompurify-3.x branch from 7e02d9d to 4c72285 Compare April 29, 2026 15:39
@renovate renovate Bot force-pushed the renovate/isomorphic-dompurify-3.x branch from 4c72285 to 5728a72 Compare May 3, 2026 20:02
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants