build(deps): bump the npm-deps group with 9 updates by dependabot[bot] · Pull Request #6238 · FlowCrypt/flowcrypt-browser

dependabot · 2026-06-07T22:04:10Z

Bumps the npm-deps group with 9 updates:

Package	From	To
dompurify	`3.4.7`	`3.4.8`
squire-rte	`2.4.6`	`2.4.7`
@types/chrome	`0.1.42`	`0.1.43`
@types/jquery	`4.0.0`	`4.0.1`
eslint-plugin-jsdoc	`63.0.0`	`63.0.2`
openpgp	`6.3.0`	`6.3.1`
stylelint	`17.12.0`	`17.13.0`
typescript-eslint	`8.60.0`	`8.60.1`
undici-types	`8.3.0`	`8.4.0`

Updates dompurify from 3.4.7 to 3.4.8

Release notes

Sourced from dompurify's releases.

DOMPurify 3.4.8

Cleaned up the repository root, renamed some and removed unneeded files

Fixed an issue with handling of Trusted Types policies, thanks @fulstadev

Fixed the node iterator for better template scrubbing, thanks @IamLeandrooooo

Included formerly missing LICENSE-MPL in published npm package, thanks @asamuzaK

Bumped several dependencies where possible

Commits

bcdd828 release: 3.4.8 (#1439)
See full diff in compare view

Updates squire-rte from 2.4.6 to 2.4.7

Changelog

Sourced from squire-rte's changelog.

[2.4.7] - 2026-06-02

Changed

Drag and drop of text/html is now handled by Squire rather than letting the browser do it. This gives consistency with cut/paste operations in terms of cleaning and sanitising HTML.

Commits

See full diff in compare view

Updates @types/chrome from 0.1.42 to 0.1.43

Commits

See full diff in compare view

Updates @types/jquery from 4.0.0 to 4.0.1

Commits

See full diff in compare view

Updates eslint-plugin-jsdoc from 63.0.0 to 63.0.2

Release notes

Sourced from eslint-plugin-jsdoc's releases.

v63.0.2

63.0.2 (2026-06-06)

Bug Fixes

allow typedef returns that may be void; fixes #1390 (#1699) (319e84b)

v63.0.1

63.0.1 (2026-06-01)

Bug Fixes

empty-tags: preserve start and ending delimiters to avoid erros with single-line tags; fixes #1697 (938a1f0)

Commits

50a7fbc chore: update semver and devDeps.
6041995 docs: fix in output
319e84b fix: allow typedef returns that may be void; fixes #1390 (#1699)
938a1f0 fix(empty-tags): preserve start and ending delimiters to avoid erros with s...
1f857a9 chore: update jsdoccomment, comment-parser, object-deep-merge, semver, devDeps.
3d53b88 docs: fix AST and Selectors links; closes #1691
a0b05f5 chore(deps): bump minimatch from 3.0.5 to 10.2.5
See full diff in compare view

Updates openpgp from 6.3.0 to 6.3.1

Release notes

Sourced from openpgp's releases.

v6.3.1

What's Changed

Add config.maxArgon2MemoryExponent for argon2 memory limit (#1943, #2014)

Fix RSA signing using SHA3 (#1952)

Allow creating signature notations when generating/reformatting keys (#1953)

TS: fix 'node16'/'nodenext' compatibility, and emit type declarations for .ts files with external exports under dist/types (#1987)

TS: fix AnyPacket declaration to also include BasePacket<true> subclasses (#1991)

Fix non-zero IV usages for AES-CFB (spec compliance issue; no security or interoperability impact) (#2012)

Various dependency version bumps

Full Changelog: openpgpjs/openpgpjs@v6.3.0...v6.3.1

Commits

2ac0048 6.3.1
3c6abc9 Argon2: set hard limit for config.maxArgon2MemoryExponent to cap memory at ...
cba2904 Internal: fix readExactSubarray to correctly enforce end boundary (#2013)
4318a48 Run npm audit
dd9274e Fix non-zero IV usages for AES-CFB (#2012)
0a67d5e npm: add min-release-age constraint (for manual installs)
2ba545d Bump the dev-dependencies group across 1 directory with 9 updates (#2011)
657ac64 Bump eslint-plugin-unicorn from 62.0.0 to 64.0.0 (#1999)
df8c044 Bump fflate from 0.8.2 to 0.8.3 (#2007)
3891531 Bump fast-xml-builder (#2003)
Additional commits viewable in compare view

Install script changes

This version modifies prepare script that runs during installation. Review the package contents before updating.

Updates stylelint from 17.12.0 to 17.13.0

Release notes

Sourced from stylelint's releases.

17.13.0

It fixes 3 bugs, including a false negative one.

Fixed: declaration-block-no-duplicate-properties false negatives for interleaved non-consecutive duplicates with ignore: ["consecutive-duplicates(-*)"] (#9324) (@sarathfrancis90).

Fixed: selector-max-type false positives for nested selectors (#9319) (@romainmenke).

Fixed: selector-type-no-unknown false positives for install (#9308) (@Mouvedia).

Changelog

Sourced from stylelint's changelog.

17.13.0 - 2026-06-06

It fixes 3 bugs, including a false negative one.

Fixed: declaration-block-no-duplicate-properties false negatives for interleaved non-consecutive duplicates with ignore: ["consecutive-duplicates(-*)"] (#9324) (@sarathfrancis90).

Fixed: selector-max-type false positives for nested selectors (#9319) (@romainmenke).

Fixed: selector-type-no-unknown false positives for install (#9308) (@Mouvedia).

Commits

7fcee2b Release 17.13.0 (#9342)
3b7287b Refactor to reuse shared utilities (#9337)
8e889c3 Bump lint-staged from 17.0.4 to 17.0.5 (#9334)
a74aab4 Bump the stylelint-actions group with 5 updates (#9333)
74c6448 Fix declaration-block-no-duplicate-properties false negatives for interleav...
1cd26ac Skip changeset verification on fork PRs CI (#9331)
712b986 Fix vulnerable dependencies via npm audit fix (#9328)
27196b7 Fix CI badge in README.md (#9329)
179bba2 Refactor to use @import over @typedef for simple imports (#9326)
94eab54 Document using our PR template (#9327)
Additional commits viewable in compare view

Updates typescript-eslint from 8.60.0 to 8.60.1

Release notes

Sourced from typescript-eslint's releases.

v8.60.1

8.60.1 (2026-06-01)

🩹 Fixes

eslint-plugin: respect ECMAScript line terminators in ts-comment rules (#12352)

eslint-plugin: [no-shadow] correct rule to match ESLint v10 handling (#12182)

❤️ Thank You

lumir

Nevette Bailey @nevette-bailey

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

Changelog

Sourced from typescript-eslint's changelog.

8.60.1 (2026-06-01)

This was a version bump only for typescript-eslint to align it with other projects, there were no code changes.

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

Commits

4f84a69 chore(release): publish 8.60.1
1849b53 chore: typecheck using tsgo (#12139)
See full diff in compare view

Updates undici-types from 8.3.0 to 8.4.0

Release notes

Sourced from undici-types's releases.

v8.4.0

What's Changed

fix: register connect listener before initiating requests in close-and-destroy test by @mcollina in nodejs/undici#5272

test: stabilize tls-cert-leak regression by @mcollina in nodejs/undici#5306

fix: replace tspl with native test context in test/examples.js by @mcollina in nodejs/undici#5300

http2: remove redundant request stream binding by @trivikr in nodejs/undici#5302

test: limit cache-tests workers on Windows by @mcollina in nodejs/undici#5309

test: use test context cleanup hooks in parser issue tests by @mcollina in nodejs/undici#5282

Add redirect option to strip headers on redirect by @mcollina in nodejs/undici#5281

chore(test): fix lint failure by @aduh95 in nodejs/undici#5316

chore(ci): use npm ci instead of npm install by @aduh95 in nodejs/undici#5315

docs: clarify formData security considerations by @mcollina in nodejs/undici#5320

docs: add EventSource server example by @Will-thom in nodejs/undici#5321

fix(core): simplify addAbortListener util by @aduh95 in nodejs/undici#5317

build(deps-dev): bump ws from 8.20.0 to 8.21.0 by @dependabot[bot] in nodejs/undici#5325

build(deps-dev): bump jsondiffpatch from 0.7.3 to 0.7.6 by @dependabot[bot] in nodejs/undici#5313

docs: match undici EoL to node version it's bundled in by @trivikr in nodejs/undici#5330

fix: handle all HTTP/2 request stream sync errors by @mcollina in nodejs/undici#5311

fix: preserve timeout errors for HTTP/2 requests by @mcollina in nodejs/undici#5091

fix(core): normalize autoSelectFamily timeout AggregateError by @youcefzemmar in nodejs/undici#5329

chore(core): define kEnumerableProperty atomically by @aduh95 in nodejs/undici#5332

chore(core): use regex.exec instead of string.match by @aduh95 in nodejs/undici#5331

fix: reset invalid HTTP/2 sessions by @mcollina in nodejs/undici#5310

feat(connect): add preferH2 connector option to offer h2 first in ALPN by @Antamansid in nodejs/undici#5327

test: fix flaky http2 trailers test by @mcollina in nodejs/undici#5338

fix(mock): restore single-arg MockCallHistory.filterCallsByX by @youcefzemmar in nodejs/undici#5328

docs: document missing error types in Errors.md by @cesarvspr in nodejs/undici#5339

build(deps): bump github/codeql-action from 4.35.3 to 4.36.1 by @dependabot[bot] in nodejs/undici#5346

build(deps): bump actions/dependency-review-action from 4.9.0 to 5.0.0 by @dependabot[bot] in nodejs/undici#5347

build(deps): bump uWebSockets.js from v20.67.0 to v20.68.0 in /benchmarks by @dependabot[bot] in nodejs/undici#5352

build(deps): bump concurrently from 9.2.1 to 10.0.3 in /benchmarks by @dependabot[bot] in nodejs/undici#5353

build(deps): bump step-security/harden-runner from 2.19.1 to 2.19.4 by @dependabot[bot] in nodejs/undici#5348

build(deps): bump actions/checkout from 6.0.2 to 6.0.3 by @dependabot[bot] in nodejs/undici#5351

build(deps): bump codecov/codecov-action from 6.0.0 to 6.0.1 by @dependabot[bot] in nodejs/undici#5349

docs: improve connect option documentation in Client.md by @AliMahmoudDev in nodejs/undici#5344

fix(mock): do not persist snapshots on close in playback mode by @GeoffreyBooth in nodejs/undici#5359

fix(fetch): remove abort listener when request settles by @ATOM00blue in nodejs/undici#5318

test: add Node.js global fetch regression coverage by @mcollina in nodejs/undici#5361

fix(h2): make Client multiplex on h2 (#4143) by @mcollina in nodejs/undici#5362

New Contributors

@Will-thom made their first contribution in nodejs/undici#5321

@youcefzemmar made their first contribution in nodejs/undici#5329

@Antamansid made their first contribution in nodejs/undici#5327

@cesarvspr made their first contribution in nodejs/undici#5339

@AliMahmoudDev made their first contribution in nodejs/undici#5344

@ATOM00blue made their first contribution in nodejs/undici#5318

Full Changelog: nodejs/undici@v8.3.0...v8.4.0

Commits

43725b9 Bumped v8.4.0 (#5370)
0acef15 fix(h2): make Client multiplex on h2 (#4143) (#5362)
c282546 test: add Node.js global fetch regression coverage (#5361)
313f4e0 fix(fetch): remove abort listener when request settles (#5318)
2f66db7 fix(mock): do not persist snapshots on close in playback mode (#5359)
9b1d58f docs: improve connect option documentation in Client.md (#5344)
55d3a9f build(deps): bump codecov/codecov-action from 6.0.0 to 6.0.1 (#5349)
7a7bb9d build(deps): bump actions/checkout from 6.0.2 to 6.0.3 (#5351)
b056727 build(deps): bump step-security/harden-runner from 2.19.1 to 2.19.4 (#5348)
1f1407d build(deps): bump concurrently from 9.2.1 to 10.0.3 in /benchmarks (#5353)
Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
@dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
@dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
@dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
@dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
@dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

Bumps the npm-deps group with 9 updates: | Package | From | To | | --- | --- | --- | | [dompurify](https://github.com/cure53/DOMPurify) | `3.4.7` | `3.4.8` | | [squire-rte](https://github.com/neilj/Squire) | `2.4.6` | `2.4.7` | | [@types/chrome](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/chrome) | `0.1.42` | `0.1.43` | | [@types/jquery](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/jquery) | `4.0.0` | `4.0.1` | | [eslint-plugin-jsdoc](https://github.com/gajus/eslint-plugin-jsdoc) | `63.0.0` | `63.0.2` | | [openpgp](https://github.com/openpgpjs/openpgpjs) | `6.3.0` | `6.3.1` | | [stylelint](https://github.com/stylelint/stylelint) | `17.12.0` | `17.13.0` | | [typescript-eslint](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/typescript-eslint) | `8.60.0` | `8.60.1` | | [undici-types](https://github.com/nodejs/undici) | `8.3.0` | `8.4.0` | Updates `dompurify` from 3.4.7 to 3.4.8 - [Release notes](https://github.com/cure53/DOMPurify/releases) - [Commits](cure53/DOMPurify@3.4.7...3.4.8) Updates `squire-rte` from 2.4.6 to 2.4.7 - [Changelog](https://github.com/fastmail/Squire/blob/master/CHANGELOG.md) - [Commits](https://github.com/neilj/Squire/commits) Updates `@types/chrome` from 0.1.42 to 0.1.43 - [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases) - [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/chrome) Updates `@types/jquery` from 4.0.0 to 4.0.1 - [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases) - [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/jquery) Updates `eslint-plugin-jsdoc` from 63.0.0 to 63.0.2 - [Release notes](https://github.com/gajus/eslint-plugin-jsdoc/releases) - [Commits](gajus/eslint-plugin-jsdoc@v63.0.0...v63.0.2) Updates `openpgp` from 6.3.0 to 6.3.1 - [Release notes](https://github.com/openpgpjs/openpgpjs/releases) - [Commits](openpgpjs/openpgpjs@v6.3.0...v6.3.1) Updates `stylelint` from 17.12.0 to 17.13.0 - [Release notes](https://github.com/stylelint/stylelint/releases) - [Changelog](https://github.com/stylelint/stylelint/blob/main/CHANGELOG.md) - [Commits](stylelint/stylelint@17.12.0...17.13.0) Updates `typescript-eslint` from 8.60.0 to 8.60.1 - [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases) - [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/typescript-eslint/CHANGELOG.md) - [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v8.60.1/packages/typescript-eslint) Updates `undici-types` from 8.3.0 to 8.4.0 - [Release notes](https://github.com/nodejs/undici/releases) - [Commits](nodejs/undici@v8.3.0...v8.4.0) --- updated-dependencies: - dependency-name: dompurify dependency-version: 3.4.8 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: npm-deps - dependency-name: squire-rte dependency-version: 2.4.7 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: npm-deps - dependency-name: "@types/chrome" dependency-version: 0.1.43 dependency-type: direct:development update-type: version-update:semver-patch dependency-group: npm-deps - dependency-name: "@types/jquery" dependency-version: 4.0.1 dependency-type: direct:development update-type: version-update:semver-patch dependency-group: npm-deps - dependency-name: eslint-plugin-jsdoc dependency-version: 63.0.2 dependency-type: direct:development update-type: version-update:semver-patch dependency-group: npm-deps - dependency-name: openpgp dependency-version: 6.3.1 dependency-type: direct:development update-type: version-update:semver-patch dependency-group: npm-deps - dependency-name: stylelint dependency-version: 17.13.0 dependency-type: direct:development update-type: version-update:semver-minor dependency-group: npm-deps - dependency-name: typescript-eslint dependency-version: 8.60.1 dependency-type: direct:development update-type: version-update:semver-patch dependency-group: npm-deps - dependency-name: undici-types dependency-version: 8.4.0 dependency-type: direct:development update-type: version-update:semver-minor dependency-group: npm-deps ... Signed-off-by: dependabot[bot] <support@github.com>

dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code labels Jun 7, 2026

dependabot Bot requested a review from sosnovsky as a code owner June 7, 2026 22:04

FlowCryptRobot enabled auto-merge (squash) June 7, 2026 22:04

FlowCryptRobot approved these changes Jun 7, 2026

View reviewed changes

FlowCryptRobot merged commit 1b83fa5 into master Jun 7, 2026
11 checks passed

FlowCryptRobot deleted the dependabot/npm_and_yarn/npm-deps-838db3ebfc branch June 7, 2026 22:28

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

build(deps): bump the npm-deps group with 9 updates#6238

build(deps): bump the npm-deps group with 9 updates#6238
FlowCryptRobot merged 1 commit into
masterfrom
dependabot/npm_and_yarn/npm-deps-838db3ebfc

dependabot Bot commented on behalf of github Jun 7, 2026

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant

Conversation

dependabot Bot commented on behalf of github Jun 7, 2026

DOMPurify 3.4.8

[2.4.7] - 2026-06-02

Changed

v63.0.2

63.0.2 (2026-06-06)

Bug Fixes

v63.0.1

63.0.1 (2026-06-01)

Bug Fixes

v6.3.1

What's Changed

17.13.0

17.13.0 - 2026-06-06

v8.60.1

8.60.1 (2026-06-01)

🩹 Fixes

❤️ Thank You

8.60.1 (2026-06-01)

v8.4.0

What's Changed

New Contributors

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant