Skip to content

build(deps): bump the npm_and_yarn group across 1 directory with 2 updates#9

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/vscode/npm_and_yarn-a42afa9139
Open

build(deps): bump the npm_and_yarn group across 1 directory with 2 updates#9
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/vscode/npm_and_yarn-a42afa9139

Conversation

@dependabot
Copy link
Copy Markdown

@dependabot dependabot Bot commented on behalf of github May 5, 2026
edited
Loading

Bumps the npm_and_yarn group with 2 updates in the /vscode directory: dompurify and uuid.

Updates dompurify from 3.3.3 to 3.4.0

Release notes

Sourced from dompurify's releases.

DOMPurify 3.4.0

Most relevant changes:

  • Fixed a problem with FORBID_TAGS not winning over ADD_TAGS, thanks @​kodareef5
  • Fixed several minor problems and typos regarding MathML attributes, thanks @​DavidOliver
  • Fixed ADD_ATTR/ADD_TAGS function leaking into subsequent array-based calls, thanks @​1Jesper1
  • Fixed a missing SAFE_FOR_TEMPLATES scrub in RETURN_DOM path, thanks @​bencalif
  • Fixed a prototype pollution via CUSTOM_ELEMENT_HANDLING, thanks @​trace37labs
  • Fixed an issue with ADD_TAGS function form bypassing FORBID_TAGS, thanks @​eddieran
  • Fixed an issue with ADD_ATTR predicates skipping URI validation, thanks @​christos-eth
  • Fixed an issue with USE_PROFILES prototype pollution, thanks @​christos-eth
  • Fixed an issue leading to possible mXSS via Re-Contextualization, thanks @​researchatfluidattacks and others
  • Fixed an issue with closing tags leading to possible mXSS, thanks @​frevadiscor
  • Fixed a problem with the type dentition patcher after Node version bump
  • Fixed freezing BS runs by reducing the tested browsers array
  • Bumped several dependencies where possible
  • Added needed files for OpenSSF scorecard checks

Published Advisories are here: https://github.com/cure53/DOMPurify/security/advisories?state=published

Commits

Removes uuid

@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels May 5, 2026
@dependabot dependabot Bot force-pushed the dependabot/npm_and_yarn/vscode/npm_and_yarn-a42afa9139 branch 14 times, most recently from 29df7a2 to c065861 Compare May 10, 2026 20:40
hybridpicker added a commit that referenced this pull request May 11, 2026
@hybridpicker
fix: resolve deadlock when SSH storm blocks local tool fallback
7f45878 
The jarvis-local guard blocked bash/read_file even when SSH was already
paused by the storm detector, leaving the model with no viable tools.
Now the local guard is skipped when SSH is blocked, allowing the model
to use local tools as a fallback.

Also excludes SSH-storm BLOCKED results from the general blocked-call
penalty in session-scorer to avoid double-counting with check #9.
@hybridpicker hybridpicker force-pushed the main branch 2 times, most recently from 7b56d1c to 1e98511 Compare May 11, 2026 06:58
@dependabot dependabot Bot force-pushed the dependabot/npm_and_yarn/vscode/npm_and_yarn-a42afa9139 branch from c065861 to 3857905 Compare May 11, 2026 19:32
hybridpicker added a commit that referenced this pull request May 14, 2026
@hybridpicker
fix: resolve deadlock when SSH storm blocks local tool fallback
bfc426a 
The jarvis-local guard blocked bash/read_file even when SSH was already
paused by the storm detector, leaving the model with no viable tools.
Now the local guard is skipped when SSH is blocked, allowing the model
to use local tools as a fallback.

Also excludes SSH-storm BLOCKED results from the general blocked-call
penalty in session-scorer to avoid double-counting with check #9.
@dependabot
build(deps): bump the npm_and_yarn group across 1 directory with 2 up…
7249483 
…dates

Bumps the npm_and_yarn group with 2 updates in the /vscode directory: [dompurify](https://github.com/cure53/DOMPurify) and [uuid](https://github.com/uuidjs/uuid).


Updates `dompurify` from 3.3.3 to 3.4.0
- [Release notes](https://github.com/cure53/DOMPurify/releases)
- [Commits](cure53/DOMPurify@3.3.3...3.4.0)

Removes `uuid`

---
updated-dependencies:
- dependency-name: dompurify
  dependency-version: 3.4.0
  dependency-type: direct:production
- dependency-name: uuid
  dependency-version:
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot force-pushed the dependabot/npm_and_yarn/vscode/npm_and_yarn-a42afa9139 branch from 3857905 to 7249483 Compare May 18, 2026 11:51
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants