Skip to content

build(deps): bump dompurify and ngx-markdown#1326

Closed
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/multi-b36728a8ba
Closed

build(deps): bump dompurify and ngx-markdown#1326
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/multi-b36728a8ba

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot Bot commented on behalf of github Apr 16, 2026

Removes dompurify. It's no longer used after updating ancestor dependency ngx-markdown. These dependencies need to be updated together.

Removes dompurify

Updates ngx-markdown from 16.0.0 to 21.2.0

Release notes

Sourced from ngx-markdown's releases.

v21.2.0

New features and enhancements

Security fixes

Special Thanks

🥇 Thanks to @​hardikpatel043 for his contribution in (#634)

Full Changelog: jfcere/ngx-markdown@v21.1.0...v21.2.0

v21.1.0

New features and enhancements

  • Add support for emoji-toolkit 10.0.0, Unicode 16.0 (#619) (140336f7b257d009067ec8b3bfa7c3b11c1e6ce1) @​jfcere

Security fixes

  • Bump lodash from 4.17.21 to 4.17.23 (#615) (0e150990bac39ce0287eaf5d2464e5c2f9af7056) @​dependabot[bot]
  • Bump tar from 7.5.2 to 7.5.3 (#612) (37b852cea3b39d8b5471ce420be8ef39ae709026) @​dependabot[bot]
  • Bump tar from 7.5.3 to 7.5.7 (#617) (a31ebbbc7f83ac359787c305e3c33cd1f8bd264b) @​dependabot[bot]
  • chore: update angular-cli-ghpages to 3.0.2 (#620) (508c7f8c7f248ee46dbd8fd2ed6672a762187a08) @​jfcere

v21.0.1

Bug Fixes

Special Thanks

🥇 Thanks to @​fpaul-1A for his first contribution in (#609)

v21.0.0

Update Angular 21

Library has been updated to support Angular 21.

It is recommended to stick with ngx-markdown v20.x.x if you are using Angular 20.

New features and enhancements

... (truncated)

Commits
  • 022bc93 21.2.0
  • a1e692f build(deps): bump lodash from 4.17.23 to 4.18.1 (#638)
  • 4f1ceed build(deps): bump lodash-es and langium (#637)
  • d552e35 chore(lib): use optional peer deps for plugin packages (#634)
  • 1080ff9 core: bump angular to fix vulnerabilities (#633)
  • 8b7300f build(deps): bump dompurify from 3.3.0 to 3.3.3 (#630)
  • 50dc3a6 build(deps): bump tar from 7.5.10 to 7.5.11 (#629)
  • d09c065 build(deps): bump tar from 7.5.9 to 7.5.10 (#628)
  • ed2248d build(deps): bump rollup from 4.53.3 to 4.59.0 (#626)
  • d1c2baa build(deps-dev): bump minimatch from 3.1.2 to 3.1.5 (#625)
  • Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    You can disable automated security fix PRs for this repo from the Security Alerts page.

@dependabot
build(deps): bump dompurify and ngx-markdown
4cb2b81 
Removes [dompurify](https://github.com/cure53/DOMPurify). It's no longer used after updating ancestor dependency [ngx-markdown](https://github.com/jfcere/ngx-markdown). These dependencies need to be updated together.


Removes `dompurify`

Updates `ngx-markdown` from 16.0.0 to 21.2.0
- [Release notes](https://github.com/jfcere/ngx-markdown/releases)
- [Commits](jfcere/ngx-markdown@v16.0.0...v21.2.0)

---
updated-dependencies:
- dependency-name: dompurify
  dependency-version: 
  dependency-type: indirect
- dependency-name: ngx-markdown
  dependency-version: 21.2.0
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Apr 16, 2026
@dependabot dependabot Bot mentioned this pull request Apr 16, 2026
Closed
@github-actions
Copy link
Copy Markdown

github-actions Bot commented May 16, 2026

This pull request will be closed in 7 days as it has been open for 30 days with no activity.
To prevent the pull request from being closed, either comment on this pull request or remove the "status: stale" label.

@github-actions github-actions Bot added the status: stale Issues/PRs that are stale. label May 16, 2026
@github-actions github-actions Bot closed this May 23, 2026
@dependabot @github
Copy link
Copy Markdown
Contributor Author

dependabot Bot commented on behalf of github May 23, 2026

OK, I won't notify you again about this release, but will get in touch when a new version is available. You can also ignore all major, minor, or patch releases for a dependency by adding an ignore condition with the desired update_types to your config file.

If you change your mind, just re-open this PR and I'll resolve any conflicts on it.

@dependabot dependabot Bot deleted the dependabot/npm_and_yarn/multi-b36728a8ba branch May 23, 2026 03:56
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code status: stale Issues/PRs that are stale.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants