Skip to content

chore(deps): bump voku/anti-xss from 4.1.42 to 4.1.43 in /recovery/common#2925

Open
dependabot[bot] wants to merge 1 commit into5.7from
dependabot/composer/recovery/common/voku/anti-xss-4.1.43
Open

chore(deps): bump voku/anti-xss from 4.1.42 to 4.1.43 in /recovery/common#2925
dependabot[bot] wants to merge 1 commit into5.7from
dependabot/composer/recovery/common/voku/anti-xss-4.1.43

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot Bot commented on behalf of github Apr 27, 2026
edited
Loading

Bumps voku/anti-xss from 4.1.42 to 4.1.43.

Changelog

Sourced from voku/anti-xss's changelog.

4.1.43 (2026-04-22)

  • 10-50% better performance
  • add "addNaughtyJavascriptPatterns()"
  • add "setKeepPreAndCodeTagContent()" to preserve content inside "pre" and "code" tags
  • fix regression when sanitizing text inside "pre" / "code" tags
  • fix false-positives for valid "href" / "src" URLs and plain text such as "system (...)", "behavior:", "< abc" and "< 35kg"
  • improve detection of obfuscated style / attribute payloads and JSON-escaped HTML attributes
  • keep valid base64 payloads ending with "==" and avoid blank output if "preg_replace()" returns "null"
  • update "portable-utf8" to "~6.1.0"
  • improve CI / test compatibility (incl. PHP 8.5 + PHPUnit 12)
Commits
  • 72b4248 [+]: optimize performance
  • 6224363 Merge pull request #191 from voku/copilot/add-additional-tests-for-xss
  • 87173e7 test: add regression cases for system parenthetical text false positives
  • 3ded25f Initial plan
  • 26657b2 Merge pull request #184 from voku/copilot/add-warning-for-non-utf8-apps
  • 26aeb4a Merge pull request #188 from voku/copilot/fix-false-positive-xss
  • 0a98133 fix: replace assertStringNotContainsString (PHPUnit 8+) with assertFalse(strp...
  • af37d90 Merge branch 'master' into copilot/fix-false-positive-xss
  • 5218f70 Merge origin/master into copilot/fix-false-positive-xss, resolve conflict in ...
  • 01ad1bc docs: document PORTABLE_UTF8__DISABLE_AUTO_ENCODING constant to opt out of au...
  • Additional commits viewable in compare view

@dependabot dependabot Bot added dependencies Pull requests that update a dependency file php Pull requests that update Php code labels Apr 27, 2026
@github-actions
Copy link
Copy Markdown

github-actions Bot commented Apr 27, 2026

Warnings
⚠️ The Pull Request doesn't contain any changes to the Upgrade file

@dependabot
chore(deps): bump voku/anti-xss in /recovery/common
babf8f9 
Bumps [voku/anti-xss](https://github.com/voku/anti-xss) from 4.1.42 to 4.1.43.
- [Changelog](https://github.com/voku/anti-xss/blob/master/CHANGELOG.md)
- [Commits](voku/anti-xss@4.1.42...4.1.43)

---
updated-dependencies:
- dependency-name: voku/anti-xss
  dependency-version: 4.1.43
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot force-pushed the dependabot/composer/recovery/common/voku/anti-xss-4.1.43 branch from d41ebf4 to babf8f9 Compare April 28, 2026 07:28
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@mitelg mitelg mitelg approved these changes

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file php Pull requests that update Php code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@mitelg