The GitHub Actions job "CodeQL" on ofbiz-framework.git/trunk has failed. Run started by GitHub user asfgit (triggered by asfgit).
Head commit for run: 9985c6047ccbb3acf2d2e6f00d32f067486021ce / dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Bump dompurify from 3.2.4 to 3.2.5 in /themes/common-theme/webapp/common-theme/js (#885) Bumps [dompurify](https://github.com/cure53/DOMPurify) from 3.2.4 to 3.2.5. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/cure53/DOMPurify/releases";>dompurify's releases</a>.</em></p> <blockquote> <h2>DOMPurify 3.2.5</h2> <ul> <li>Added a check to the mXSS detection regex to be more strict, thanks <a href="https://github.com/masatokinugawa";><code>@masatokinugawa</code></a></li> <li>Added ESM type imports in source, removes patch function, thanks <a href="https://github.com/donmccurdy";><code>@donmccurdy</code></a></li> <li>Added script to verify various TypeScript configurations, thanks <a href="https://github.com/reduckted";><code>@reduckted</code></a></li> <li>Added more modern browsers to the Karma launchers list</li> <li>Added Node 23.x to tested runtimes, removed Node 17.x</li> <li>Fixed the generation of source maps, thanks <a href="https://github.com/reduckted";><code>@reduckted</code></a></li> <li>Fixed an unexpected behavior with <code>ALLOWED_URI_REGEXP</code> using the 'g' flag, thanks <a href="https://github.com/hhk-png";><code>@hhk-png</code></a></li> <li>Fixed a few typos in the README file</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/cure53/DOMPurify/commit/78060045e4d3ec0d199eb61bbeca02d8268ac310";><code>7806004</code></a> Merge pull request <a href="https://redirect.github.com/cure53/DOMPurify/issues/1082";>#1082</a> from cure53/main</li> <li><a href="https://github.com/cure53/DOMPurify/commit/f14c22feab64e60383e9dc658c3cde38d009c541";><code>f14c22f</code></a> chore: Preparing 3.2.5 release</li> <li><a href="https://github.com/cure53/DOMPurify/commit/c69d7a857032dc0a2b6ce589b6180823b97542ae";><code>c69d7a8</code></a> Merge pull request <a href="https://redirect.github.com/cure53/DOMPurify/issues/1080";>#1080</a> from hhk-png/main</li> <li><a href="https://github.com/cure53/DOMPurify/commit/fce40b5d3bdcda38e519d749cd07b81da4029ea8";><code>fce40b5</code></a> chore: for lint</li> <li><a href="https://github.com/cure53/DOMPurify/commit/59e866409d3ebb4e54eb6f2b4096a38ffe58b9a6";><code>59e8664</code></a> Merge branch 'cure53:main' into main</li> <li><a href="https://github.com/cure53/DOMPurify/commit/e62e3efa68c46dbc34b6e63545c6ae8ed20b49f8";><code>e62e3ef</code></a> fix: Using ALLOWED_URI_REGEXP with the 'g' flag leads to incorrect results</li> <li><a href="https://github.com/cure53/DOMPurify/commit/b4287881fae1e01d91af5cddb664cb71bff7dec3";><code>b428788</code></a> Update README.md</li> <li><a href="https://github.com/cure53/DOMPurify/commit/72c00db122148eb64eab2639928cd2cbee0a101c";><code>72c00db</code></a> Merge branch 'main' of github.com:cure53/DOMPurify</li> <li><a href="https://github.com/cure53/DOMPurify/commit/49882dcc4141a4e62f43c6dac3db353ff8d7dd0e";><code>49882dc</code></a> test: Added Node 23.x to tested runtimes, removed Node 17.x</li> <li><a href="https://github.com/cure53/DOMPurify/commit/2e5fd642ba473242220b98581dfe19049c3ca6de";><code>2e5fd64</code></a> Merge pull request <a href="https://redirect.github.com/cure53/DOMPurify/issues/1078";>#1078</a> from reduckted/fix-sourcemaps</li> <li>Additional commits viewable in <a href="https://github.com/cure53/DOMPurify/compare/3.2.4...3.2.5";>compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <supp...@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Report URL: https://github.com/apache/ofbiz-framework/actions/runs/14313328619 With regards, GitHub Actions via GitBox
