github-starred/actual
2
0
Fork 0
mirror of https://github.com/actualbudget/actual.git synced 2026-05-06 07:01:45 -05:00
Code Issues 1.5k Packages Projects Releases 54 Wiki Activity

[PR #7348] [MERGED] Bump @xmldom/xmldom from 0.8.11 to 0.8.12 #41531

New Issue
Closed
opened 2026-04-23 14:19:13 -05:00 by GiteaMirror · 0 comments
GiteaMirror commented 2026-04-23 14:19:13 -05:00
Owner
Copy Link

📋 Pull Request Information

Original PR: https://github.com/actualbudget/actual/pull/7348
Author: @dependabot[bot]
Created: 4/1/2026
Status: Merged
Merged: 4/1/2026
Merged by: @matt-fidd

Base: masterHead: dependabot/npm_and_yarn/xmldom/xmldom-0.8.12

📝 Commits (2)

📊 Changes

2 files changed (+9 additions, -3 deletions)

View changed files

upcoming-release-notes/7348.md (+6 -0)
📝 yarn.lock (+3 -3)

📄 Description

Bumps @xmldom/xmldom from 0.8.11 to 0.8.12.

Release notes

Sourced from @​xmldom/xmldom's releases.

0.8.12

Commits

Fixed

Code that passes a string containing "]]>" to createCDATASection and relied on the previously unsafe behavior will now receive InvalidCharacterError. Use a mutation method such as appendData if you intentionally need "]]>" in a CDATASection node's data.

Thank you, @​thesmartshadow, @​stevenobiajulu, for your contributions

https://github.com/xmldom/xmldom/discussions/357

Changelog

Sourced from @​xmldom/xmldom's changelog.

0.8.12

Fixed

Code that passes a string containing "]]>" to createCDATASection and relied on the previously unsafe behavior will now receive InvalidCharacterError. Use a mutation method such as appendData if you intentionally need "]]>" in a CDATASection node's data.

Thank you, @​thesmartshadow, @​stevenobiajulu, for your contributions

Commits
  • 189cb78 0.8.12
  • ed08df7 fix: XML injection via unsafe CDATA serialization (GHSA-wh4c-j3r5-mjhp) (#968)
  • a5b929b chore: clean up generated test artefacts before running ci-local
  • 4e37a20 ci: run format:check in lint job
  • ac0ac77 chore: ignore generated files when checking formatting
  • 968c893 chore: add local CI script and format:check script
  • ac40424 fix: preserve trailing whitespace in ProcessingInstruction data (#962)
  • cece752 chore: add .nvmrc pointing to node version 18
  • cbf44d9 docs: improve links to changes in most recent release
  • See full diff in compare view
Maintainer changes

This version was pushed to npm by karfau, a new releaser for @​xmldom/xmldom since your current version.


Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    You can disable automated security fix PRs for this repo from the Security Alerts page.

Bundle Stats

Bundle Files count Total bundle size % Changed
desktop-client 27 → 28 12.09 MB → 12.17 MB (+81.33 kB) +0.66%
loot-core 1 4.83 MB 0%
api 4 4.06 MB 0%
cli 1 7.88 MB 0%
View detailed bundle stats

desktop-client

Total

Files count Total bundle size % Changed
27 → 28 12.09 MB → 12.17 MB (+81.33 kB) +0.66%
Changeset
File Δ Size
locale/zh-Hans.json 🆕 +81.33 kB 0 B → 81.33 kB
src/languages.ts 📈 +109 B (+6.91%) 1.54 kB → 1.65 kB
View detailed bundle breakdown

Added

Asset File Size % Changed
static/js/zh-Hans.js 0 B → 81.33 kB (+81.33 kB) -

Removed
No assets were removed

Bigger
No assets were bigger

Smaller
No assets were smaller

Unchanged

Asset File Size % Changed
static/js/index.js 3.23 MB 0%
static/js/BackgroundImage.js 119.98 kB 0%
static/js/FormulaEditor.js 846.44 kB 0%
static/js/ReportRouter.js 1.02 MB 0%
static/js/TransactionList.js 81.29 kB 0%
static/js/ca.js 182.91 kB 0%
static/js/da.js 104.66 kB 0%
static/js/de.js 174.79 kB 0%
static/js/en-GB.js 7.16 kB 0%
static/js/en.js 170.76 kB 0%
static/js/es.js 182.18 kB 0%
static/js/fr.js 177.47 kB 0%
static/js/indexeddb-main-thread-worker-e59fee74.js 13.46 kB 0%
static/js/it.js 166.25 kB 0%
static/js/narrow.js 354.5 kB 0%
static/js/nb-NO.js 152.2 kB 0%
static/js/nl.js 108.93 kB 0%
static/js/pl.js 88.34 kB 0%
static/js/pt-BR.js 177.84 kB 0%
static/js/resize-observer.js 18.03 kB 0%
static/js/sv.js 80.58 kB 0%
static/js/th.js 179.94 kB 0%
static/js/theme.js 30.68 kB 0%
static/js/uk.js 213.14 kB 0%
static/js/useTransactionBatchActions.js 4.29 MB 0%
static/js/wide.js 418 B 0%
static/js/workbox-window.prod.es5.js 7.28 kB 0%

loot-core

Total

Files count Total bundle size % Changed
1 4.83 MB 0%
View detailed bundle breakdown

Added
No assets were added

Removed
No assets were removed

Bigger
No assets were bigger

Smaller
No assets were smaller

Unchanged

Asset File Size % Changed
kcab.worker.CwpE34S5.js 4.83 MB 0%

api

Total

Files count Total bundle size % Changed
4 4.06 MB 0%
View detailed bundle breakdown

Added
No assets were added

Removed
No assets were removed

Bigger
No assets were bigger

Smaller
No assets were smaller

Unchanged

Asset File Size % Changed
index.js 3.84 MB 0%
from-Bl-Hslp4.js 167.73 kB 0%
multipart-parser-BnDysoMr.js 8.1 kB 0%
src-iMkUmuwR.js 43.64 kB 0%

cli

Total

Files count Total bundle size % Changed
1 7.88 MB 0%
View detailed bundle breakdown

Added
No assets were added

Removed
No assets were removed

Bigger
No assets were bigger

Smaller
No assets were smaller

Unchanged

Asset File Size % Changed
cli.js 7.88 MB 0%

🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.

## 📋 Pull Request Information **Original PR:** https://github.com/actualbudget/actual/pull/7348 **Author:** [@dependabot[bot]](https://github.com/apps/dependabot) **Created:** 4/1/2026 **Status:** ✅ Merged **Merged:** 4/1/2026 **Merged by:** [@matt-fidd](https://github.com/matt-fidd) **Base:** `master` ← **Head:** `dependabot/npm_and_yarn/xmldom/xmldom-0.8.12` --- ### 📝 Commits (2) - [`e6f90ba`](https://github.com/actualbudget/actual/commit/e6f90ba6464ab386798416120a8a381f907399ba) Bump @xmldom/xmldom from 0.8.11 to 0.8.12 - [`0789af8`](https://github.com/actualbudget/actual/commit/0789af82828f63536b48f5a89b7dbe5011cdc455) note ### 📊 Changes **2 files changed** (+9 additions, -3 deletions) <details> <summary>View changed files</summary> ➕ `upcoming-release-notes/7348.md` (+6 -0) 📝 `yarn.lock` (+3 -3) </details> ### 📄 Description Bumps [@xmldom/xmldom](https://github.com/xmldom/xmldom) from 0.8.11 to 0.8.12. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/xmldom/xmldom/releases"><code>@​xmldom/xmldom</code>'s releases</a>.</em></p> <blockquote> <h2>0.8.12</h2> <p><a href="https://github.com/xmldom/xmldom/compare/0.8.11...0.8.12">Commits</a></p> <h3>Fixed</h3> <ul> <li>preserve trailing whitespace in ProcessingInstruction data <a href="https://redirect.github.com/xmldom/xmldom/pull/962"><code>[#962](https://github.com/xmldom/xmldom/issues/962)</code></a> / <a href="https://redirect.github.com/xmldom/xmldom/issues/42"><code>[#42](https://github.com/xmldom/xmldom/issues/42)</code></a></li> <li>Security: <code>createCDATASection</code> now throws <code>InvalidCharacterError</code> when <code>data</code> contains <code>&quot;]]&gt;&quot;</code>, as required by the <a href="https://dom.spec.whatwg.org/#dom-document-createcdatasection">WHATWG DOM spec</a>. <a href="https://github.com/xmldom/xmldom/security/advisories/GHSA-wh4c-j3r5-mjhp"><code>GHSA-wh4c-j3r5-mjhp</code></a></li> <li>Security: <code>XMLSerializer</code> now splits CDATASection nodes whose data contains <code>&quot;]]&gt;&quot;</code> into adjacent CDATA sections at serialization time, preventing XML injection via mutation methods (<code>appendData</code>, <code>replaceData</code>, <code>.data =</code>, <code>.textContent =</code>). <a href="https://github.com/xmldom/xmldom/security/advisories/GHSA-wh4c-j3r5-mjhp"><code>GHSA-wh4c-j3r5-mjhp</code></a></li> </ul> <p>Code that passes a string containing <code>&quot;]]&gt;&quot;</code> to <code>createCDATASection</code> and relied on the previously unsafe behavior will now receive <code>InvalidCharacterError</code>. Use a mutation method such as <code>appendData</code> if you intentionally need <code>&quot;]]&gt;&quot;</code> in a CDATASection node's data.</p> <p>Thank you, <a href="https://github.com/thesmartshadow"><code>@​thesmartshadow</code></a>, <a href="https://github.com/stevenobiajulu"><code>@​stevenobiajulu</code></a>, for your contributions</p> <p><a href="https://github.com/xmldom/xmldom/discussions/357">https://github.com/xmldom/xmldom/discussions/357</a></p> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/xmldom/xmldom/blob/master/CHANGELOG.md"><code>@​xmldom/xmldom</code>'s changelog</a>.</em></p> <blockquote> <h2><a href="https://github.com/xmldom/xmldom/compare/0.8.11...0.8.12">0.8.12</a></h2> <h3>Fixed</h3> <ul> <li>preserve trailing whitespace in ProcessingInstruction data <a href="https://redirect.github.com/xmldom/xmldom/pull/962"><code>[#962](https://github.com/xmldom/xmldom/issues/962)</code></a> / <a href="https://redirect.github.com/xmldom/xmldom/issues/42"><code>[#42](https://github.com/xmldom/xmldom/issues/42)</code></a></li> <li>Security: <code>createCDATASection</code> now throws <code>InvalidCharacterError</code> when <code>data</code> contains <code>&quot;]]&gt;&quot;</code>, as required by the <a href="https://dom.spec.whatwg.org/#dom-document-createcdatasection">WHATWG DOM spec</a>. <a href="https://github.com/xmldom/xmldom/security/advisories/GHSA-wh4c-j3r5-mjhp"><code>GHSA-wh4c-j3r5-mjhp</code></a></li> <li>Security: <code>XMLSerializer</code> now splits CDATASection nodes whose data contains <code>&quot;]]&gt;&quot;</code> into adjacent CDATA sections at serialization time, preventing XML injection via mutation methods (<code>appendData</code>, <code>replaceData</code>, <code>.data =</code>, <code>.textContent =</code>). <a href="https://github.com/xmldom/xmldom/security/advisories/GHSA-wh4c-j3r5-mjhp"><code>GHSA-wh4c-j3r5-mjhp</code></a></li> </ul> <p>Code that passes a string containing <code>&quot;]]&gt;&quot;</code> to <code>createCDATASection</code> and relied on the previously unsafe behavior will now receive <code>InvalidCharacterError</code>. Use a mutation method such as <code>appendData</code> if you intentionally need <code>&quot;]]&gt;&quot;</code> in a CDATASection node's data.</p> <p>Thank you, <a href="https://github.com/thesmartshadow"><code>@​thesmartshadow</code></a>, <a href="https://github.com/stevenobiajulu"><code>@​stevenobiajulu</code></a>, for your contributions</p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/xmldom/xmldom/commit/189cb78a83e81e1515880988a399e863a8be85ac"><code>189cb78</code></a> 0.8.12</li> <li><a href="https://github.com/xmldom/xmldom/commit/ed08df7572f4236d4fd88d16063c3fd8f59c7884"><code>ed08df7</code></a> fix: XML injection via unsafe CDATA serialization (GHSA-wh4c-j3r5-mjhp) (<a href="https://redirect.github.com/xmldom/xmldom/issues/968">#968</a>)</li> <li><a href="https://github.com/xmldom/xmldom/commit/a5b929ba008f067eeabb427c38de008e36a92796"><code>a5b929b</code></a> chore: clean up generated test artefacts before running ci-local</li> <li><a href="https://github.com/xmldom/xmldom/commit/4e37a205627a08eb64365b13c4e4cce5e86278cb"><code>4e37a20</code></a> ci: run format:check in lint job</li> <li><a href="https://github.com/xmldom/xmldom/commit/ac0ac7714f0e5a7bd7aff5c30f7733666cf03982"><code>ac0ac77</code></a> chore: ignore generated files when checking formatting</li> <li><a href="https://github.com/xmldom/xmldom/commit/968c8939438eec2eca1d003b333cd0fc4595c72d"><code>968c893</code></a> chore: add local CI script and format:check script</li> <li><a href="https://github.com/xmldom/xmldom/commit/ac40424adfa49429811095bcdaf6598255a81a39"><code>ac40424</code></a> fix: preserve trailing whitespace in ProcessingInstruction data (<a href="https://redirect.github.com/xmldom/xmldom/issues/962">#962</a>)</li> <li><a href="https://github.com/xmldom/xmldom/commit/cece7521a3c77da7a10f3fc66521e3e077c9974c"><code>cece752</code></a> chore: add .nvmrc pointing to node version 18</li> <li><a href="https://github.com/xmldom/xmldom/commit/cbf44d90a40703237d217598fa0bcd88770bfa0b"><code>cbf44d9</code></a> docs: improve links to changes in most recent release</li> <li>See full diff in <a href="https://github.com/xmldom/xmldom/compare/0.8.11...0.8.12">compare view</a></li> </ul> </details> <details> <summary>Maintainer changes</summary> <p>This version was pushed to npm by <a href="https://www.npmjs.com/~karfau">karfau</a>, a new releaser for <code>@​xmldom/xmldom</code> since your current version.</p> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=@xmldom/xmldom&package-manager=npm_and_yarn&previous-version=0.8.11&new-version=0.8.12)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/actualbudget/actual/network/alerts). </details> <!--- actual-bot-sections ---> <hr /> <!--- bundlestats-action-comment key:combined start ---> ### Bundle Stats Bundle | Files count | Total bundle size | % Changed ------ | ----------- | ----------------- | --------- desktop-client | 27 → 28 | 12.09 MB → 12.17 MB (+81.33 kB) | +0.66% loot-core | 1 | 4.83 MB | 0% api | 4 | 4.06 MB | 0% cli | 1 | 7.88 MB | 0% <details> <summary>View detailed bundle stats</summary> #### desktop-client **Total** Files count | Total bundle size | % Changed ----------- | ----------------- | --------- 27 → 28 | 12.09 MB → 12.17 MB (+81.33 kB) | +0.66% <details> <summary>Changeset</summary> File | Δ | Size ---- | - | ---- `locale/zh-Hans.json` | 🆕 +81.33 kB | 0 B → 81.33 kB `src/languages.ts` | 📈 +109 B (+6.91%) | 1.54 kB → 1.65 kB </details> <details> <summary>View detailed bundle breakdown</summary> <div> **Added** Asset | File Size | % Changed ----- | --------- | --------- static/js/zh-Hans.js | 0 B → 81.33 kB (+81.33 kB) | - **Removed** No assets were removed **Bigger** No assets were bigger **Smaller** No assets were smaller **Unchanged** Asset | File Size | % Changed ----- | --------- | --------- static/js/index.js | 3.23 MB | 0% static/js/BackgroundImage.js | 119.98 kB | 0% static/js/FormulaEditor.js | 846.44 kB | 0% static/js/ReportRouter.js | 1.02 MB | 0% static/js/TransactionList.js | 81.29 kB | 0% static/js/ca.js | 182.91 kB | 0% static/js/da.js | 104.66 kB | 0% static/js/de.js | 174.79 kB | 0% static/js/en-GB.js | 7.16 kB | 0% static/js/en.js | 170.76 kB | 0% static/js/es.js | 182.18 kB | 0% static/js/fr.js | 177.47 kB | 0% static/js/indexeddb-main-thread-worker-e59fee74.js | 13.46 kB | 0% static/js/it.js | 166.25 kB | 0% static/js/narrow.js | 354.5 kB | 0% static/js/nb-NO.js | 152.2 kB | 0% static/js/nl.js | 108.93 kB | 0% static/js/pl.js | 88.34 kB | 0% static/js/pt-BR.js | 177.84 kB | 0% static/js/resize-observer.js | 18.03 kB | 0% static/js/sv.js | 80.58 kB | 0% static/js/th.js | 179.94 kB | 0% static/js/theme.js | 30.68 kB | 0% static/js/uk.js | 213.14 kB | 0% static/js/useTransactionBatchActions.js | 4.29 MB | 0% static/js/wide.js | 418 B | 0% static/js/workbox-window.prod.es5.js | 7.28 kB | 0% </div> </details> --- #### loot-core **Total** Files count | Total bundle size | % Changed ----------- | ----------------- | --------- 1 | 4.83 MB | 0% <details> <summary>View detailed bundle breakdown</summary> <div> **Added** No assets were added **Removed** No assets were removed **Bigger** No assets were bigger **Smaller** No assets were smaller **Unchanged** Asset | File Size | % Changed ----- | --------- | --------- kcab.worker.CwpE34S5.js | 4.83 MB | 0% </div> </details> --- #### api **Total** Files count | Total bundle size | % Changed ----------- | ----------------- | --------- 4 | 4.06 MB | 0% <details> <summary>View detailed bundle breakdown</summary> <div> **Added** No assets were added **Removed** No assets were removed **Bigger** No assets were bigger **Smaller** No assets were smaller **Unchanged** Asset | File Size | % Changed ----- | --------- | --------- index.js | 3.84 MB | 0% from-Bl-Hslp4.js | 167.73 kB | 0% multipart-parser-BnDysoMr.js | 8.1 kB | 0% src-iMkUmuwR.js | 43.64 kB | 0% </div> </details> --- #### cli **Total** Files count | Total bundle size | % Changed ----------- | ----------------- | --------- 1 | 7.88 MB | 0% <details> <summary>View detailed bundle breakdown</summary> <div> **Added** No assets were added **Removed** No assets were removed **Bigger** No assets were bigger **Smaller** No assets were smaller **Unchanged** Asset | File Size | % Changed ----- | --------- | --------- cli.js | 7.88 MB | 0% </div> </details> </details> <!--- bundlestats-action-comment key:combined end ---> --- <sub>🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.</sub>
GiteaMirror added the pull-request label 2026-04-23 14:19:13 -05:00
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels
AI generated
API
bank sync
budgeting
bug
can’t replicate
dependencies
docker
documentation
electron
experimental feature
feature
feedback
goal templates
good first issue
help wanted
importers
maintenance
needs info
needs testing
needs triage
needs votes
openid
payees
pull-request
Mirrored from GitHub Pull Request
 regression
reports
responsive
rules
schedules
server
merged
split transactions
tech debt
theme
transaction import
transaction reconciliation
transactions
translations
upstream
user interface
approved
wontfix
No Label pull-request
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
GiteaMirror ninjasurge
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: github-starred/actual#41531
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?