The GitHub Actions job "CodeQL" on ofbiz-framework.git/trunk has failed. Run started by GitHub user JacquesLeRoux (triggered by JacquesLeRoux).
Head commit for run: 1cf059bbd937278c6c814a57eeb49d08117cb0ba / dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Bump dompurify from 3.2.5 to 3.2.6 in /themes/common-theme/webapp/common-theme/js (#891) Bumps [dompurify](https://github.com/cure53/DOMPurify) from 3.2.5 to 3.2.6. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/cure53/DOMPurify/releases";>dompurify's releases</a>.</em></p> <blockquote> <h2>DOMPurify 3.2.6</h2> <ul> <li>Fixed several typos and removed clutter from our documentation, thanks <a href="https://github.com/Rotzbua";><code>@Rotzbua</code></a></li> <li>Added <code>matrix:</code> as an allowed URI scheme, thanks <a href="https://github.com/kleinesfilmroellchen";><code>@kleinesfilmroellchen</code></a></li> <li>Added better config hardening against prototype pollution, thanks <a href="https://github.com/EffectRenan";><code>@EffectRenan</code></a></li> <li>Added better handling of attribute removal, thanks <a href="https://github.com/michalnieruchalski-tiugo";><code>@michalnieruchalski-tiugo</code></a></li> <li>Added better configuration for aggressive mXSS scrubbing behavior, thanks <a href="https://github.com/BryanValverdeU";><code>@BryanValverdeU</code></a></li> <li>Removed the script that caused the fake entry <a href="https://security.snyk.io/vuln/SNYK-JS-DOMPURIFY-10176060";>CVE-2025-48050</a></li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/cure53/DOMPurify/commit/32f765e632ff34eebf5e08128ae1ff8f0d0bbe7a";><code>32f765e</code></a> Merge pull request <a href="https://redirect.github.com/cure53/DOMPurify/issues/1105";>#1105</a> from cure53/main</li> <li><a href="https://github.com/cure53/DOMPurify/commit/6158ecbd1b3997b37f88a339a5d47a39f324c63b";><code>6158ecb</code></a> Merge pull request <a href="https://redirect.github.com/cure53/DOMPurify/issues/1103";>#1103</a> from cure53/main</li> <li><a href="https://github.com/cure53/DOMPurify/commit/0f7ce144b2dd12295366b3e677da7d64bff2b60d";><code>0f7ce14</code></a> chore: Preparing 3.2.6 release</li> <li><a href="https://github.com/cure53/DOMPurify/commit/848463b05247ecbcf1d96cd4204063a5de854365";><code>848463b</code></a> chore: removed unused test server script</li> <li><a href="https://github.com/cure53/DOMPurify/commit/b0e0ebbd9e861e7b657caa3b939dabf0102246fd";><code>b0e0ebb</code></a> Update README.md</li> <li><a href="https://github.com/cure53/DOMPurify/commit/f094f76f0bd66a603f06935a1ed715b05b60279b";><code>f094f76</code></a> Update README.md</li> <li><a href="https://github.com/cure53/DOMPurify/commit/6bc6d60e49256f27a4022181b7d8a5b0721fd534";><code>6bc6d60</code></a> Merge pull request <a href="https://redirect.github.com/cure53/DOMPurify/issues/1101";>#1101</a> from odaysec/patch-1</li> <li><a href="https://github.com/cure53/DOMPurify/commit/e9afd609397aa31b0747a766504f698fcb6ad0f7";><code>e9afd60</code></a> Update server.js</li> <li><a href="https://github.com/cure53/DOMPurify/commit/166151cc46cfed892d0d70bd5dcf822bf9a4e129";><code>166151c</code></a> see <a href="https://redirect.github.com/cure53/DOMPurify/issues/1095";>#1095</a></li> <li><a href="https://github.com/cure53/DOMPurify/commit/ac7c59460c7c8c0ebf75c61007dd6c34119e099f";><code>ac7c594</code></a> Merge pull request <a href="https://redirect.github.com/cure53/DOMPurify/issues/1096";>#1096</a> from Rotzbua/fix_missing</li> <li>Additional commits viewable in <a href="https://github.com/cure53/DOMPurify/compare/3.2.5...3.2.6";>compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <supp...@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Report URL: https://github.com/apache/ofbiz-framework/actions/runs/15142926930 With regards, GitHub Actions via GitBox
