chore (deps): bump the patch-updates group across 1 directory with 4 updates by dependabot[bot] · Pull Request #2438 · gchq/CyberChef

dependabot · 2026-05-23T10:53:08Z

Bumps the patch-updates group with 4 updates in the / directory: dompurify, protobufjs, chromedriver and postcss.

Updates dompurify from 3.4.3 to 3.4.5

Release notes

DOMPurify 3.4.5

Fixed a bypass caused by the new HTML element selectedcontent added in 3.4.4, thanks @KabirAcharya

Note that this is a security release for an issue introduced in 3.4.4 and should be upgraded to immediately.

DOMPurify 3.4.4

Added the selectedcontent element to default allow-list, thanks @lukewarlow

Added the command and commandfor attributes to default allowed-list, thanks @lukewarlow

Added better template scrubbing for IN_PLACE operations, thanks @DEMON1A

Added stronger checks for cross-realm windows, thanks @DEMON1A & @fg0x0

Updated demo website and made sure it uses the latest from main

Updated existing workflows, fuzzer, dependabot, etc., added more tests

Bumped several dependencies where possible

🚨 This release had been flagged as deprecated, please use DOMPurify 3.4.5 instead 🚨

Commits

011b0c7 release: 3.4.5 (#1382)
5817ad9 release: 3.4.4 (#1374)
See full diff in compare view

Updates protobufjs from 7.6.0 to 7.6.1

Release notes

Sourced from protobufjs's releases.

protobufjs: v7.6.1

7.6.1 (2026-05-22)

Bug Fixes

Backport misc utility hardening (#2280) (8a45c13)

Treat fixed64 as unsigned in converters (#2266) (479dfdc)

Changelog

Sourced from protobufjs's changelog.

7.6.1 (2026-05-22)

Bug Fixes

Backport misc utility hardening (#2280) (8a45c13)

Treat fixed64 as unsigned in converters (#2266) (479dfdc)

Commits

f0b50d2 chore: release protobufjs-v7.x (#2268)
8a45c13 fix: Backport misc utility hardening (#2280)
479dfdc fix: Treat fixed64 as unsigned in converters (#2266)
See full diff in compare view

Updates chromedriver from 148.0.3 to 148.0.4

Commits

575e6bc Bump version to 148.0.4
See full diff in compare view

Updates postcss from 8.5.14 to 8.5.15

Release notes

Sourced from postcss's releases.

8.5.15

Fixed declaration parsing performance (by @homanp).

Changelog

Sourced from postcss's changelog.

8.5.15

Fixed declaration parsing performance (by @homanp).

Commits

eae46db Release 8.5.15 version
79508ff Update CI actions
b128e21 Speed up declaration parsing by avoiding creating new array on each token
9825dca Fix code format
55789c8 Update dependencies
84fbbe9 Install older pnpm action for old Node.js
9f860bd Revert pnpm action for old Node.js
0877198 Update CI actions
b2d1a33 Fix linter warnings
0700dac Merge pull request #2088 from rootvector2/add-oss-fuzz-harness
Additional commits viewable in compare view

…updates Bumps the patch-updates group with 4 updates in the / directory: [dompurify](https://github.com/cure53/DOMPurify), [protobufjs](https://github.com/protobufjs/protobuf.js), [chromedriver](https://github.com/giggio/node-chromedriver) and [postcss](https://github.com/postcss/postcss). Updates `dompurify` from 3.4.3 to 3.4.5 - [Release notes](https://github.com/cure53/DOMPurify/releases) - [Commits](cure53/DOMPurify@3.4.3...3.4.5) Updates `protobufjs` from 7.6.0 to 7.6.1 - [Release notes](https://github.com/protobufjs/protobuf.js/releases) - [Changelog](https://github.com/protobufjs/protobuf.js/blob/protobufjs-v7.6.1/CHANGELOG.md) - [Commits](protobufjs/protobuf.js@protobufjs-v7.6.0...protobufjs-v7.6.1) Updates `chromedriver` from 148.0.3 to 148.0.4 - [Commits](giggio/node-chromedriver@148.0.3...148.0.4) Updates `postcss` from 8.5.14 to 8.5.15 - [Release notes](https://github.com/postcss/postcss/releases) - [Changelog](https://github.com/postcss/postcss/blob/main/CHANGELOG.md) - [Commits](postcss/postcss@8.5.14...8.5.15) --- updated-dependencies: - dependency-name: chromedriver dependency-version: 148.0.4 dependency-type: direct:development update-type: version-update:semver-patch dependency-group: patch-updates - dependency-name: dompurify dependency-version: 3.4.5 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: patch-updates - dependency-name: postcss dependency-version: 8.5.15 dependency-type: direct:development update-type: version-update:semver-patch dependency-group: patch-updates - dependency-name: protobufjs dependency-version: 7.6.1 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: patch-updates ... Signed-off-by: dependabot[bot] <support@github.com>

dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels May 23, 2026

dependabot Bot force-pushed the dependabot/npm_and_yarn/patch-updates-c30e882661 branch from 374657c to 0bd864b Compare May 23, 2026 11:47

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

chore (deps): bump the patch-updates group across 1 directory with 4 updates#2438

chore (deps): bump the patch-updates group across 1 directory with 4 updates#2438
dependabot[bot] wants to merge 1 commit into
masterfrom
dependabot/npm_and_yarn/patch-updates-c30e882661

dependabot Bot commented on behalf of github May 23, 2026 •

edited

Loading

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants

Conversation

dependabot Bot commented on behalf of github May 23, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

DOMPurify 3.4.5

DOMPurify 3.4.4

protobufjs: v7.6.1

7.6.1 (2026-05-22)

Bug Fixes

7.6.1 (2026-05-22)

Bug Fixes

8.5.15

8.5.15

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants

dependabot Bot commented on behalf of github May 23, 2026 •

edited

Loading