Skip to content

chore(deps): bump ammonia from 4.1.2 to 4.1.3 in /native/mdex_native_nif#35

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/cargo/native/mdex_native_nif/ammonia-4.1.3
Open

chore(deps): bump ammonia from 4.1.2 to 4.1.3 in /native/mdex_native_nif#35
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/cargo/native/mdex_native_nif/ammonia-4.1.3

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jul 2, 2026

Copy link
Copy Markdown

Bumps ammonia from 4.1.2 to 4.1.3.

Release notes

Sourced from ammonia's releases.

4.1.3

  • fix: unexpected namespace switches after cleanup on MathML annotation-xml can cause mXSS

Special thanks to Ivan Ivančić (ivan0912, YesWeHack) for finding this vulnerability!

Changelog

Sourced from ammonia's changelog.

4.1.3

  • fix: unexpected namespace switches after cleanup on MathML annotation-xml can cause mXSS (reported by Ivan Ivančić (ivan0912, YesWeHack))

  • chore: upgrade to html5ever 0.37.1

  • chore: always strip the contents of selectedcontent elements, since the parser will always replace it with the actual contents anyway

Commits
  • 2c56268 Merge pull request #245 from rust-ammonia/release-4.1.3
  • b51bf4f Release 4.1.3 with security fix
  • e7bf160 Merge pull request #242 from gghez/worktree-issue-183-doc-document-level-tags
  • 4eadffc Document fragment-parsing limit on html/head/body tags (closes #183)
  • 82955e7 Merge pull request #239 from gghez/worktree-issue-190-fix-to-dom-node-doc
  • 879997e Merge pull request #238 from gghez/worktree-issue-211-rename-stack-overflow-t...
  • e9d22b0 Fix to_dom_node doctest by wrapping Handle in SerializableHandle
  • bf1de31 Rename deeply_nested_* tests to express stack-overflow regression intent
  • 186f7b7 Merge pull request #235 from rust-ammonia/macros
  • f7e2213 Disable cssparser proc macros
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Bumps [ammonia](https://github.com/rust-ammonia/ammonia) from 4.1.2 to 4.1.3.
- [Release notes](https://github.com/rust-ammonia/ammonia/releases)
- [Changelog](https://github.com/rust-ammonia/ammonia/blob/master/CHANGELOG.md)
- [Commits](rust-ammonia/ammonia@v4.1.2...v4.1.3)

---
updated-dependencies:
- dependency-name: ammonia
  dependency-version: 4.1.3
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file rust Pull requests that update rust code labels Jul 2, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file rust Pull requests that update rust code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants