chore (deps): bump the patch-updates group with 4 updates by dependabot[bot] · Pull Request #2382 · gchq/CyberChef

dependabot · 2026-05-14T14:04:37Z

Bumps the patch-updates group with 4 updates: dompurify, jsonata, protobufjs and sql-formatter.

Updates dompurify from 3.4.2 to 3.4.3

Release notes

DOMPurify 3.4.3

Fixed an issue with handling of nested Shadow DOM trees, thanks @fishjojo1

Fixed the template regexes to be more robust against ReDoS attacks, thanks @aleung27

Updated the node iteration code to catch more Shadow DOM related issues

Updated Playwright and added Node 26 to test matrix

Updated existing workflows, fuzzer, release signing, etc., added more tests

Bumped several dependencies where possible

Commits

520edb0 release: 3.4.3 (#1352)
See full diff in compare view

Updates jsonata from 2.1.0 to 2.1.1

Release notes

Sourced from jsonata's releases.

2.1.1 Maintenance Release

Fix picture string parsing for $formatNumber (PR #788)

Fix $toMillis() with more than 3 digit fractional seconds (PR #782)

Fix ?: operator returning wrong result when LHS has array predicate (PR #780)

Fix ?? operator with array predicate on LHS (PR #774)

Fix function signature for repeating arguments (PR #760)

Fix precision fix for $string() function (PR #762)

Fix to prevent $formatNumber() getting into an infinite loop (PR #785)

Changelog

Sourced from jsonata's changelog.

2.1.1 Maintenance Release

Fix picture string parsing for $formatNumber (PR #788)

Fix $toMillis() with more than 3 digit fractional seconds (PR #782)

Fix ?: operator returning wrong result when LHS has array predicate (PR #780)

Fix ?? operator with array predicate on LHS (PR #774)

Fix function signature for repeating arguments (PR #760)

Fix precision fix for $string() function (PR #762)

Fix to prevent $formatNumber() getting into an infinite loop (PR #785)

Commits

5d14732 Release v2.1.1 (#791)
f9632e0 Fix $formatNumber infinite loop on zero/negative values with exponent (#785) ...
15e2b08 Update jsonata-java version compatibilty (#789)
9588fb4 fix picture string parsing for $formatNumber (#788)
f3f168f add Go implementation (#784)
80ba95d fix $toMillis() with more than 3 digit fractional seconds (#782)
1c96650 add security policy (#783)
accd4d3 Fix ?: operator returning wrong result when LHS has array predicate (#780)
5142fda feat: Add golang implementation "gnata" (#779)
15ed330 Update overview.md (#781)
Additional commits viewable in compare view

Updates protobufjs from 7.5.6 to 7.5.8

Release notes

Sourced from protobufjs's releases.

protobufjs: v7.5.8

7.5.8 (2026-05-12)

Bug Fixes

Backport parser hardening to 7.x (#2245) (54b593f)

protobufjs: v7.5.7

7.5.7 (2026-05-09)

Bug Fixes

Restore first-match namespace lookup (#2236) (cc7d595)

Changelog

Sourced from protobufjs's changelog.

7.5.8 (2026-05-12)

Bug Fixes

Backport parser hardening to 7.x (#2245) (54b593f)

7.5.7 (2026-05-09)

Bug Fixes

Restore first-match namespace lookup (#2236) (cc7d595)

Commits

d7035f9 chore: release protobufjs-v7.x (#2248)
54b593f fix: Backport parser hardening to 7.x (#2245)
e88fcea chore: release protobufjs-v7.x (#2239)
cc7d595 fix: Restore first-match namespace lookup (#2236)
3abc9b5 chore: release protobufjs-v7.x (#2190)
a0bf2df fix: Update CLI peer dependency (7.x) (#2189)
See full diff in compare view

Updates sql-formatter from 15.7.3 to 15.7.4

Release notes

Sourced from sql-formatter's releases.

15.7.4

Bugfix

Support Tcl-style $param(...) syntax in SQLite (#944, #943) (thanks to @SAY-5)

Commits

7bdeba5 Release v15.7.4
995291c fix(sqlite): support Tcl-style $param(...) syntax (#944)
37b69ee Add Sai Asish Y to AUTHORS
1729b55 fix(sqlite): support Tcl-style $param(...) syntax
a66b900 Add nuintun to AUTHORS
See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
@dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
@dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
@dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
@dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
@dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

Bumps the patch-updates group with 4 updates: [dompurify](https://github.com/cure53/DOMPurify), [jsonata](https://github.com/jsonata-js/jsonata), [protobufjs](https://github.com/protobufjs/protobuf.js) and [sql-formatter](https://github.com/sql-formatter-org/sql-formatter). Updates `dompurify` from 3.4.2 to 3.4.3 - [Release notes](https://github.com/cure53/DOMPurify/releases) - [Commits](cure53/DOMPurify@3.4.2...3.4.3) Updates `jsonata` from 2.1.0 to 2.1.1 - [Release notes](https://github.com/jsonata-js/jsonata/releases) - [Changelog](https://github.com/jsonata-js/jsonata/blob/master/CHANGELOG.md) - [Commits](jsonata-js/jsonata@v2.1.0...v2.1.1) Updates `protobufjs` from 7.5.6 to 7.5.8 - [Release notes](https://github.com/protobufjs/protobuf.js/releases) - [Changelog](https://github.com/protobufjs/protobuf.js/blob/protobufjs-v7.5.8/CHANGELOG.md) - [Commits](protobufjs/protobuf.js@protobufjs-v7.5.6...protobufjs-v7.5.8) Updates `sql-formatter` from 15.7.3 to 15.7.4 - [Release notes](https://github.com/sql-formatter-org/sql-formatter/releases) - [Commits](sql-formatter-org/sql-formatter@v15.7.3...v15.7.4) --- updated-dependencies: - dependency-name: dompurify dependency-version: 3.4.3 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: patch-updates - dependency-name: jsonata dependency-version: 2.1.1 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: patch-updates - dependency-name: protobufjs dependency-version: 7.5.8 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: patch-updates - dependency-name: sql-formatter dependency-version: 15.7.4 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: patch-updates ... Signed-off-by: dependabot[bot] <support@github.com>

dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels May 14, 2026

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

chore (deps): bump the patch-updates group with 4 updates#2382

chore (deps): bump the patch-updates group with 4 updates#2382
dependabot[bot] wants to merge 1 commit into
masterfrom
dependabot/npm_and_yarn/patch-updates-518e3a62ff

dependabot Bot commented on behalf of github May 14, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants

Conversation

dependabot Bot commented on behalf of github May 14, 2026

DOMPurify 3.4.3

2.1.1 Maintenance Release

2.1.1 Maintenance Release

protobufjs: v7.5.8

7.5.8 (2026-05-12)

Bug Fixes

protobufjs: v7.5.7

7.5.7 (2026-05-09)

Bug Fixes

7.5.8 (2026-05-12)

Bug Fixes

7.5.7 (2026-05-09)

Bug Fixes

15.7.4

Bugfix

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants