Skip to content

Bump dompurify and handsontable in /specifyweb/frontend/js_src #7309

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 3 commits into
base: main
Choose a base branch
from
Open

Bump dompurify and handsontable in /specifyweb/frontend/js_src #7309

wants to merge 3 commits into from

Conversation

@dependabot
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Aug 14, 2025

Bumps dompurify to 3.2.6 and updates ancestor dependency handsontable. These dependencies need to be updated together.

Updates dompurify from 2.5.8 to 3.2.6

Release notes

Sourced from dompurify's releases.

DOMPurify 3.2.6

DOMPurify 3.2.5

  • Added a check to the mXSS detection regex to be more strict, thanks @​masatokinugawa
  • Added ESM type imports in source, removes patch function, thanks @​donmccurdy
  • Added script to verify various TypeScript configurations, thanks @​reduckted
  • Added more modern browsers to the Karma launchers list
  • Added Node 23.x to tested runtimes, removed Node 17.x
  • Fixed the generation of source maps, thanks @​reduckted
  • Fixed an unexpected behavior with ALLOWED_URI_REGEXP using the 'g' flag, thanks @​hhk-png
  • Fixed a few typos in the README file

DOMPurify 3.2.4

  • Fixed a conditional and config dependent mXSS-style bypass reported by @​nsysean
  • Added a new feature to allow specific hook removal, thanks @​davecardwell
  • Added purify.js and purify.min.js to exports, thanks @​Aetherinox
  • Added better logic in case no window object is president, thanks @​yehuya
  • Updated some dependencies called out by dependabot
  • Updated license files etc to show the correct year

DOMPurify 3.2.3

DOMPurify 3.2.2

  • Fixed a possible bypass in case a rather specific config for custom elements is set, thanks @​yaniv-git
  • Fixed several minor issues with the type definitions, thanks again @​reduckted
  • Fixed a minor issue with the types reference for trusted types, thanks @​reduckted
  • Fixed a minor problem with the template detection regex on some systems, thanks @​svdb99

DOMPurify 3.2.1

DOMPurify 3.2.0

DOMPurify 3.1.7

  • Fixed an issue with comment detection and possible bypasses with specific config settings, thanks @​masatokinugawa
  • Fixed several smaller typos in documentation and test & build files, thanks @​christianhg
  • Added better support for Angular compiler, thanks @​jeroen1602
  • Added several new attributes to HTML and SVG allow-list, thanks @​Gigabyte5671 and @​Rotzbua

... (truncated)

Commits

Updates handsontable from 12.1.0 to 16.0.1

Release notes

Sourced from handsontable's releases.

16.0.1

Fixed

  • Fixed a missing touchend handler that prevented the editor from opening on mobile devices. #11729

16.0.0

Added

  • Breaking change: Added a focus outline to the context and dropdown menus. #11669
  • Improved Handsontable editor positioning. #11593
  • Added a second-click cell deselection feature. #11602
  • Added a new textEllipsis option. #11609
  • Added backward compatibility for the renamed CSS variables. #11676
  • Angular: Introduced a new Angular wrapper - @handsontable/angular-wrapper. #11511

Changed

  • Breaking change: Updated the CSS theme variables and added --ht-radio-* variables. #11470
  • Breaking change: Changed the modifyData hook to use visual indexes for both rows and columns. #11501

Fixed

  • Breaking change: Fixed an issue with custom border overlapping row headers. #11551
  • Breaking change: Fixed accessibility issues and introduced a new DOM structure with a wrapper and a portal. #11579
  • Fixed a problem with the dropdown editor having a horizontal scrollbar on Windows with fractional scaling applied. #11613
  • Fixed an issue with scrollbar styles on the Safari browser. #11614
  • Fixed the column filter behavior when adding new columns. #11616
  • Fixed an issue with the dropdown elements' colors. #11661
  • Angular: Fixed an error of this.hotInstance.getSettings(...).columns?.filter is not a function in angular-wrapper. #11695

For more information about this release see:

15.3.0

Added

  • Added a missing boolean type to the editor in the React wrapper. #11514
  • Fixed the Comments plugin for IME editing and added a new beforeCompositionstart hook. #11521
  • Added horizontal scroll to the Filter's "by value" component. #11561
  • Added optional formula sanitization for CSV export to prevent CSV Injection attacks. #11592

Changed

  • Improved the initialization time of Handsontable with Formulas enabled. #11474
  • Changed the size of the Manual Row Resize and Manual Column Resize guide lines. #11507
  • Improved the viewport scrolling behavior. #11577

Fixed

  • Fixed an issue with the NestedRows plugin duplicating rows when moving child rows. #11362
  • Fixed an issue with row resize line alignment and resize handle flickering. #11500
  • Fixed an issue with the Autocomplete caret position after using scroll on a list of choices and a problem with the dropdown width. #11503
  • Fixed the submenu positioning for all themes. #11505
  • Fixed a problem where re-enabling the Hidden Columns configuration caused an error to be thrown if a selection was a part of the hidden range. #11508
  • Fixed an issue with an empty parentNode in the table's getCords method. #11509
  • Improved the Undo/Redo actions for removing rows and columns. #11515
  • Fixed rows' height calculations for merged cells on Safari. #11517

... (truncated)

Changelog

Sourced from handsontable's changelog.

[16.0.1] - 2025-07-10

Fixed

  • Fixed a missing touchend handler that prevented the editor from opening on mobile devices. #11729

[16.0.0] - 2025-07-09

Added

  • Breaking change: Added a focus outline to the context and dropdown menus. #11669
  • Improved Handsontable editor positioning. #11593
  • Added a second-click cell deselection feature. #11602
  • Added a new textEllipsis option. #11609
  • Added backward compatibility for the renamed CSS variables. #11676
  • Angular: Introduced a new Angular wrapper - @handsontable/angular-wrapper. #11511

Changed

  • Breaking change: Updated the CSS theme variables and added --ht-radio-* variables. #11470
  • Breaking change: Changed the modifyData hook to use visual indexes for both rows and columns. #11501

Fixed

  • Breaking change: Fixed an issue with custom border overlapping row headers. #11551
  • Breaking change: Fixed accessibility issues and introduced a new DOM structure with a wrapper and a portal. #11579
  • Fixed a problem with the dropdown editor having a horizontal scrollbar on Windows with fractional scaling applied. #11613
  • Fixed an issue with scrollbar styles on the Safari browser. #11614
  • Fixed the column filter behavior when adding new columns. #11616
  • Fixed an issue with the dropdown elements' colors. #11661
  • Angular: Fixed an error of this.hotInstance.getSettings(...).columns?.filter is not a function in angular-wrapper. #11695

[15.3.0] - 2025-04-29

Added

  • Added a missing boolean type to the editor in the React wrapper. #11514
  • Fixed the Comments plugin for IME editing and added a new beforeCompositionstart hook. #11521
  • Added horizontal scroll to the Filter's "by value" component. #11561
  • Added optional formula sanitization for CSV export to prevent CSV Injection attacks. #11592

Changed

  • Improved the initialization time of Handsontable with Formulas enabled. #11474
  • Changed the size of the Manual Row Resize and Manual Column Resize guide lines. #11507
  • Improved the viewport scrolling behavior. #11577

Fixed

  • Fixed an issue with the NestedRows plugin duplicating rows when moving child rows. #11362
  • Fixed an issue with row resize line alignment and resize handle flickering. #11500
  • Fixed an issue with the Autocomplete caret position after using scroll on a list of choices and a problem with the dropdown width. #11503
  • Fixed the submenu positioning for all themes. #11505
  • Fixed a problem where re-enabling the Hidden Columns configuration caused an error to be thrown if a selection was a part of the hidden range. #11508
  • Fixed an issue with an empty parentNode in the table's getCords method. #11509
  • Improved the Undo/Redo actions for removing rows and columns. #11515
  • Fixed rows' height calculations for merged cells on Safari. #11517

... (truncated)

Commits

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    You can disable automated security fix PRs for this repo from the Security Alerts page.

@dependabot
Bump dompurify and handsontable in /specifyweb/frontend/js_src
f464252 
Bumps [dompurify](https://github.com/cure53/DOMPurify) to 3.2.6 and updates ancestor dependency [handsontable](https://github.com/handsontable/handsontable). These dependencies need to be updated together.


Updates `dompurify` from 2.5.8 to 3.2.6
- [Release notes](https://github.com/cure53/DOMPurify/releases)
- [Commits](cure53/DOMPurify@2.5.8...3.2.6)

Updates `handsontable` from 12.1.0 to 16.0.1
- [Release notes](https://github.com/handsontable/handsontable/releases)
- [Changelog](https://github.com/handsontable/handsontable/blob/develop/CHANGELOG.md)
- [Commits](handsontable/handsontable@12.1.0...16.0.1)

---
updated-dependencies:
- dependency-name: dompurify
  dependency-version: 3.2.6
  dependency-type: indirect
- dependency-name: handsontable
  dependency-version: 16.0.1
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code labels Aug 14, 2025
@dependabot dependabot bot added the javascript Pull requests that update Javascript code label Aug 14, 2025
@github-project-automation github-project-automation bot moved this to 📋Back Log in General Tester Board Aug 14, 2025
@CarolineDenis
Merge remote-tracking branch 'origin/main' into dependabot/npm_and_ya…
e4e038a 
…rn/specifyweb/frontend/js_src/multi-e34a775ca2
@CarolineDenis CarolineDenis linked an issue Aug 19, 2025 that may be closed by this pull request
Bump dompurify and handsontable #7322
Open
@CarolineDenis CarolineDenis added this to the 7.11.2 milestone Aug 19, 2025
@CarolineDenis CarolineDenis modified the milestones: 7.11.2, 7.12.0 Aug 19, 2025
@CarolineDenis CarolineDenis force-pushed the dependabot/npm_and_yarn/specifyweb/frontend/js_src/multi-e34a775ca2 branch from fe9d0a4 to 39c10a5 Compare August 19, 2025 19:21
@CarolineDenis CarolineDenis modified the milestones: 7.12.0, 7.13.0 Sep 22, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code

Projects

General Tester Board
Status: 📋Back Log

Milestone

7.13.0

Development

Successfully merging this pull request may close these issues.

Bump dompurify and handsontable

2 participants

@CarolineDenis