request #47162 Bump DOMPurify to 3.2.2

Infos

Artifact ID#47162

Submitted byThomas Gerbet (tgerbet)

Last Modified On2026-03-05 19:08

Submitted on2026-03-05 15:28

Rank48887

Details

Summary *

Bump DOMPurify to 3.2.2

Original Submission

https://github.com/cure53/DOMPurify/releases/tag/3.3.2

The bypass within JSDOM does not really impact Tuleap security, JSDOM is only used within the test environments.

Regarding the prototype pollution issue it is harder to say at the moment without a full advisory.

CategoryDependencies

Reported in versionEmpty

PlatformEmpty

Is an Enhancement or an internal improvement?

[ ] enhancement
[ ] internal improvement

CC listEmpty

Stage

Assigned toThomas Gerbet (tgerbet)

StatusClosed

Close date2026-03-05

Attachments

AttachmentsEmpty

References

Cross references

Referencing request #47162

Git commit

tuleap/tuleap/stable

chore: request #47162 Bump DOMPurify to 3.2.2 44346a9025

Thomas Gerbet (tgerbet) , 2026-03-05 16:06

Merge commit '44346a90259389e567cad74fc8b3ae98ef51353e' into HEAD master 3f94be3b25

Clarck Robinson (robinsoc) , 2026-03-05 19:06

chore: Force DOMPurify upgrade in the API Explorer, ignore in monaco-editor 8106847146

Thomas Gerbet (tgerbet) , 2026-03-06 08:05

Show items referenced by request #47162

Referenced by request #47162

Artifact

rel #47137 17.5

Git commit

tuleap/tuleap/stable

chore: request #47162 Bump DOMPurify to 3.2.2 44346a9025

Thomas Gerbet (tgerbet) , 2026-03-05 16:06

Follow-ups

Clarck Robinson (robinsoc)

2026-03-05 19:08

Connected artifacts
- Added Fixed in: rel #47137

Tracker Workflow Manager (forge__tracker_workflow_manager)

2026-03-05 19:07

Closed by @tgerbet with git #tuleap/stable/44346a90259389e567cad74fc8b3ae98ef51353e.

Status changed from Under implementation to Closed
Close date set to 2026-03-05

Public

Referencing request #47162

Git commit

tuleap/tuleap/stable

Referenced by request #47162

Artifact

Git commit

tuleap/tuleap/stable

Follow-ups