Skip to content

Bump the frontends-prod group across 1 directory with 4 updates#583

Merged
oharsta merged 1 commit intomainfrom
dependabot/npm_and_yarn/client/frontends-prod-08ffd60a2f
Mar 24, 2026
Merged

Bump the frontends-prod group across 1 directory with 4 updates#583
oharsta merged 1 commit intomainfrom
dependabot/npm_and_yarn/client/frontends-prod-08ffd60a2f

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot bot commented on behalf of github Mar 24, 2026

Bumps the frontends-prod group with 4 updates in the /client directory: dompurify, isomorphic-dompurify, react-router-dom and zustand.

Updates dompurify from 3.3.2 to 3.3.3

Release notes

Sourced from dompurify's releases.

DOMPurify 3.3.3

  • Fixed an engine requirement for Node 20 which caused hiccups, thanks @​Rotzbua
Commits
  • 8bcbf73 chore: Preparing 3.3.3 release
  • 5faddd6 fix: engine requirement (#1210)
  • 0f91e3a Update README.md
  • d5ff1a8 Merge branch 'main' of github.com:cure53/DOMPurify
  • c3efd48 fix: moved back from jsdom 28 to jsdom 20
  • 988b888 fix: moved back from jsdom 28 to jsdom 20
  • 2726c74 chore: Preparing 3.3.2 release
  • 6202c7e build(deps): bump @​tootallnate/once and jsdom (#1204)
  • 302b51d fix: Expanded the regex ever so slightly to also cover script
  • cd85175 Merge branch 'main' of github.com:cure53/DOMPurify
  • Additional commits viewable in compare view

Updates isomorphic-dompurify from 3.0.0 to 3.7.1

Release notes

Sourced from isomorphic-dompurify's releases.

3.7.1

Bug Fix

  • Fixed missing browser type declarationsbrowser.d.ts and browser.d.mts were not included in the 3.7.0 published package due to a race condition in the build process. This caused TS7016: Could not find a declaration file for module 'isomorphic-dompurify' errors in tsgo and TypeScript 6 when resolving through the default (browser) exports condition. (#411)

Thanks to @​asterikx and @​ElPrudi for their help with the issue.

3.7.0: TypeScript 6 compatibility

TypeScript 6 compatibility fixes:

  • Add explicit type annotation for sanitize to satisfy TS6
  • Silence baseUrl deprecation warning from tsup dts build in TS6

Dependency updates:

  • bump typescript from 5.9.3 to 6.0.2
  • bump vitest from 4.1.0 to 4.1.1

3.6.0: Updated dependencies

Dependency updates:

  • bump jsdom from 29.0.0 to 29.0.1
  • bump @​types/jsdom from 28.0.0 to 28.0.1
  • bump @​biomejs/biome from 2.4.7 to 2.4.8

3.5.1

Fix outdated build artifacts published in 3.5.0.

3.5.0: Add factory function support

What's new

Features

  • The default export is now callable as a factory function, matching the dompurify API — DOMPurify(window) now returns a new DOMPurify instance bound to the given window (#405)

Bug fixes

  • Fixed isEqualNode returning false when comparing RETURN_DOM + FORCE_BODY output against nodes from a separate JSDOM context (#405)

Thanks to @​probablykasper for helping with this release.

3.4.0: jsdom update, performance improvement and node 22 requirement update

What's Changed

  • Upgraded jsdom from 28 to 29, which fixes performance degradation in long-running processes; note that heap memory still grows over time without calling clearWindow()
  • Bumped minimum Node.js 22 requirement from 22.12.0 to 22.13.0 (LTS)
  • Added format script (biome format --write) and pre-commit hook
  • Updated dev dependencies (biome, vitest)

3.3.0: Updated dependencies

What's Changed

Full Changelog: kkomelin/isomorphic-dompurify@3.2.0...3.3.0

3.2.0: Updated dependencies

... (truncated)

Commits
  • 11315f4 chore: Bumped project version.
  • 97770c7 fix: prevent race condition dropping browser type declarations
  • 8a06c60 chore: Incremented project version.
  • 51ebc9d fix: silence baseUrl deprecation warning from tsup dts build in TS6
  • b0fab7e chore: Updated deps.
  • 0e86f89 chore(deps-dev): bump typescript from 5.9.3 to 6.0.2
  • a028523 fix: add explicit type annotation for sanitize to satisfy TS6
  • cb38b24 chore(deps-dev): bump vitest from 4.1.0 to 4.1.1
  • 009574a chore: Updated deps. Incremented project version.
  • 21b362d chore(deps): bump jsdom from 29.0.0 to 29.0.1
  • Additional commits viewable in compare view

Updates react-router-dom from 7.13.1 to 7.13.2

Changelog

Sourced from react-router-dom's changelog.

7.13.2

Patch Changes

  • Updated dependencies:
    • react-router@7.13.2
Commits

Updates zustand from 5.0.11 to 5.0.12

Release notes

Sourced from zustand's releases.

v5.0.12

Two small fixes.

What's Changed

New Contributors

Full Changelog: pmndrs/zustand@v5.0.11...v5.0.12

Commits

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot
Bump the frontends-prod group across 1 directory with 4 updates
7932ff9 
Bumps the frontends-prod group with 4 updates in the /client directory: [dompurify](https://github.com/cure53/DOMPurify), [isomorphic-dompurify](https://github.com/kkomelin/isomorphic-dompurify), [react-router-dom](https://github.com/remix-run/react-router/tree/HEAD/packages/react-router-dom) and [zustand](https://github.com/pmndrs/zustand).


Updates `dompurify` from 3.3.2 to 3.3.3
- [Release notes](https://github.com/cure53/DOMPurify/releases)
- [Commits](cure53/DOMPurify@3.3.2...3.3.3)

Updates `isomorphic-dompurify` from 3.0.0 to 3.7.1
- [Release notes](https://github.com/kkomelin/isomorphic-dompurify/releases)
- [Commits](kkomelin/isomorphic-dompurify@3.0.0...3.7.1)

Updates `react-router-dom` from 7.13.1 to 7.13.2
- [Release notes](https://github.com/remix-run/react-router/releases)
- [Changelog](https://github.com/remix-run/react-router/blob/main/packages/react-router-dom/CHANGELOG.md)
- [Commits](https://github.com/remix-run/react-router/commits/react-router-dom@7.13.2/packages/react-router-dom)

Updates `zustand` from 5.0.11 to 5.0.12
- [Release notes](https://github.com/pmndrs/zustand/releases)
- [Commits](pmndrs/zustand@v5.0.11...v5.0.12)

---
updated-dependencies:
- dependency-name: dompurify
  dependency-version: 3.3.3
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: frontends-prod
- dependency-name: isomorphic-dompurify
  dependency-version: 3.7.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: frontends-prod
- dependency-name: react-router-dom
  dependency-version: 7.13.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: frontends-prod
- dependency-name: zustand
  dependency-version: 5.0.12
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: frontends-prod
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Mar 24, 2026
@oharsta oharsta merged commit cc490fa into main Mar 24, 2026
4 checks passed
@dependabot dependabot bot deleted the dependabot/npm_and_yarn/client/frontends-prod-08ffd60a2f branch March 24, 2026 13:40
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@oharsta