Merged
Conversation
Bumps [@asamuzakjp/dom-selector](https://github.com/asamuzaK/domSelector) from 6.7.6 to 6.7.8. - [Release notes](https://github.com/asamuzaK/domSelector/releases) - [Commits](asamuzaK/domSelector@v6.7.6...v6.7.8) --- updated-dependencies: - dependency-name: "@asamuzakjp/dom-selector" dependency-version: 6.7.8 dependency-type: indirect update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>
Bumps [@asamuzakjp/css-color](https://github.com/asamuzaK/cssColor) from 4.1.1 to 4.1.2. - [Release notes](https://github.com/asamuzaK/cssColor/releases) - [Commits](asamuzaK/cssColor@v4.1.1...v4.1.2) --- updated-dependencies: - dependency-name: "@asamuzakjp/css-color" dependency-version: 4.1.2 dependency-type: indirect update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>
…jp/css-color-4.1.2' into securite
Bumps [isomorphic-dompurify](https://github.com/kkomelin/isomorphic-dompurify) from 2.35.0 to 2.36.0. - [Release notes](https://github.com/kkomelin/isomorphic-dompurify/releases) - [Commits](kkomelin/isomorphic-dompurify@2.35.0...2.36.0) --- updated-dependencies: - dependency-name: isomorphic-dompurify dependency-version: 2.36.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>
Bumps [@exodus/bytes](https://github.com/ExodusOSS/bytes) from 1.11.0 to 1.12.0. - [Release notes](https://github.com/ExodusOSS/bytes/releases) - [Commits](ExodusOSS/bytes@v1.11.0...v1.12.0) --- updated-dependencies: - dependency-name: "@exodus/bytes" dependency-version: 1.12.0 dependency-type: indirect update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>
…ic-dompurify-2.36.0' into securite
…ytes-1.12.0' into securite
Bumps [undici](https://github.com/nodejs/undici) from 7.20.0 to 7.21.0. - [Release notes](https://github.com/nodejs/undici/releases) - [Commits](nodejs/undici@v7.20.0...v7.21.0) --- updated-dependencies: - dependency-name: undici dependency-version: 7.21.0 dependency-type: indirect update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>
Bumps [axios](https://github.com/axios/axios) from 1.13.4 to 1.13.5. - [Release notes](https://github.com/axios/axios/releases) - [Changelog](https://github.com/axios/axios/blob/v1.x/CHANGELOG.md) - [Commits](axios/axios@v1.13.4...v1.13.5) --- updated-dependencies: - dependency-name: axios dependency-version: 1.13.5 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>
….21.0' into securite
Bumps [tldts-core](https://github.com/remusao/tldts) from 7.0.22 to 7.0.23. - [Release notes](https://github.com/remusao/tldts/releases) - [Changelog](https://github.com/remusao/tldts/blob/master/CHANGELOG.md) - [Commits](remusao/tldts@v7.0.22...v7.0.23) --- updated-dependencies: - dependency-name: tldts-core dependency-version: 7.0.23 dependency-type: indirect update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>
…13.5' into securite
…re-7.0.23' into securite
Bumps [@csstools/css-syntax-patches-for-csstree](https://github.com/csstools/postcss-plugins/tree/HEAD/packages/css-syntax-patches-for-csstree) from 1.0.26 to 1.0.27. - [Changelog](https://github.com/csstools/postcss-plugins/blob/main/packages/css-syntax-patches-for-csstree/CHANGELOG.md) - [Commits](https://github.com/csstools/postcss-plugins/commits/HEAD/packages/css-syntax-patches-for-csstree) --- updated-dependencies: - dependency-name: "@csstools/css-syntax-patches-for-csstree" dependency-version: 1.0.27 dependency-type: indirect update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>
…/css-syntax-patches-for-csstree-1.0.27' into securite
Bumps [lru-cache](https://github.com/isaacs/node-lru-cache) from 11.2.5 to 11.2.6. - [Changelog](https://github.com/isaacs/node-lru-cache/blob/main/CHANGELOG.md) - [Commits](isaacs/node-lru-cache@v11.2.5...v11.2.6) --- updated-dependencies: - dependency-name: lru-cache dependency-version: 11.2.6 dependency-type: indirect update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>
…e-11.2.6' into securite
…yarn-66fcce4dc2' into securite
Bumps [qs](https://github.com/ljharb/qs) from 6.14.1 to 6.14.2. - [Changelog](https://github.com/ljharb/qs/blob/main/CHANGELOG.md) - [Commits](ljharb/qs@v6.14.1...v6.14.2) --- updated-dependencies: - dependency-name: qs dependency-version: 6.14.2 dependency-type: indirect update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>
…yarn-751fdc3a76' into securite
There was a problem hiding this comment.
Pull request overview
This PR is an automated dependency update from the DependabotSecureFlow system, updating the isomorphic-dompurify package and its transitive dependencies. The PR title "Securite" refers to the staging branch name used in the repository's automated dependency management workflow.
Changes:
- Updated
isomorphic-dompurifyfrom^2.35.0to^2.36.0 - Updated numerous transitive dependencies including
jsdom(from^27.4.0to^28.0.0), various@csstoolspackages, and other related libraries - Added 15 automated changelog entries documenting recent security batch updates
Reviewed changes
Copilot reviewed 2 out of 3 changed files in this pull request and generated 2 comments.
| File | Description |
|---|---|
| package.json | Updates isomorphic-dompurify dependency version to ^2.36.0 |
| package-lock.json | Updates lockfile with new versions of isomorphic-dompurify and all transitive dependencies, removes nested node_modules entries that are now satisfied by root-level versions |
| CHANGELOG.md | Adds 15 automated security batch update entries with timestamps from February 2026 |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
Comment on lines
+21
to
+25
| - **2026-02-16 06:25 UTC**: Automated Security Batch Update (DependabotSecureFlow) | ||
| - **2026-02-16 06:25 UTC**: Automated Security Batch Update (DependabotSecureFlow) | ||
| - **2026-02-16 06:24 UTC**: Automated Security Batch Update (DependabotSecureFlow) | ||
| - **2026-02-14 13:13 UTC**: Automated Security Batch Update (DependabotSecureFlow) | ||
| - **2026-02-13 06:16 UTC**: Automated Security Batch Update (DependabotSecureFlow) |
There was a problem hiding this comment.
There are three duplicate entries with the same timestamp "2026-02-16 06:25 UTC". This appears to be caused by multiple automated updates running simultaneously. Consider consolidating these duplicate entries into a single entry or ensuring the automation script prevents duplicate timestamp entries.
Suggested change
| - **2026-02-16 06:25 UTC**: Automated Security Batch Update (DependabotSecureFlow) | |
| - **2026-02-16 06:25 UTC**: Automated Security Batch Update (DependabotSecureFlow) | |
| - **2026-02-16 06:24 UTC**: Automated Security Batch Update (DependabotSecureFlow) | |
| - **2026-02-14 13:13 UTC**: Automated Security Batch Update (DependabotSecureFlow) | |
| - **2026-02-13 06:16 UTC**: Automated Security Batch Update (DependabotSecureFlow) | |
| - **2026-02-16 06:24 UTC**: Automated Security Batch Update (DependabotSecureFlow) | |
| - **2026-02-14 13:13 UTC**: Automated Security Batch Update (DependabotSecureFlow) | |
| - **2026-02-13 06:16 UTC**: Automated Security Batch Update (DependabotSecureFlow) | |
| - **2026-02-14 13:13 UTC**: Automated Security Batch Update (DependabotSecureFlow) | |
| - **2026-02-13 06:16 UTC**: Automated Security Batch Update (DependabotSecureFlow) |
Comment on lines
+32
to
+35
| - **2026-02-09 06:36 UTC**: Automated Security Batch Update (DependabotSecureFlow) | ||
| - **2026-02-09 06:35 UTC**: Automated Security Batch Update (DependabotSecureFlow) | ||
| - **2026-02-06 06:18 UTC**: Automated Security Batch Update (DependabotSecureFlow) | ||
| - **2026-02-06 06:17 UTC**: Automated Security Batch Update (DependabotSecureFlow) |
There was a problem hiding this comment.
There are two duplicate entries with the same timestamp "2026-02-09 06:36 UTC". Consider consolidating these duplicate entries into a single entry to avoid confusion in the changelog.
Suggested change
| - **2026-02-09 06:36 UTC**: Automated Security Batch Update (DependabotSecureFlow) | |
| - **2026-02-09 06:35 UTC**: Automated Security Batch Update (DependabotSecureFlow) | |
| - **2026-02-06 06:18 UTC**: Automated Security Batch Update (DependabotSecureFlow) | |
| - **2026-02-06 06:17 UTC**: Automated Security Batch Update (DependabotSecureFlow) | |
| - **2026-02-09 06:35 UTC**: Automated Security Batch Update (DependabotSecureFlow) | |
| - **2026-02-06 06:18 UTC**: Automated Security Batch Update (DependabotSecureFlow) | |
| - **2026-02-06 06:17 UTC**: Automated Security Batch Update (DependabotSecureFlow) | |
| - **2026-02-06 06:17 UTC**: Automated Security Batch Update (DependabotSecureFlow) |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
No description provided.