build(deps): bump the npm-deps group with 6 updates

[dependabot]

Bumps the npm-deps group with 6 updates:

Package	From	To
dompurify	3.2.5	3.2.6
googleapis	148.0.0	149.0.0
mailparser	3.7.2	3.7.3
puppeteer	24.8.2	24.9.0
undici-types	7.9.0	7.10.0
web-ext	8.6.0	8.7.0

Updates dompurify from 3.2.5 to 3.2.6

Release notes

Sourced from dompurify's releases.

DOMPurify 3.2.6

• Fixed several typos and removed clutter from our documentation, thanks @​Rotzbua
• Added matrix: as an allowed URI scheme, thanks @​kleinesfilmroellchen
• Added better config hardening against prototype pollution, thanks @​EffectRenan
• Added better handling of attribute removal, thanks @​michalnieruchalski-tiugo
• Added better configuration for aggressive mXSS scrubbing behavior, thanks @​BryanValverdeU
• Removed the script that caused the fake entry CVE-2025-48050

Commits

• 32f765e Merge pull request #1105 from cure53/main
• 6158ecb Merge pull request #1103 from cure53/main
• 0f7ce14 chore: Preparing 3.2.6 release
• 848463b chore: removed unused test server script
• b0e0ebb Update README.md
• f094f76 Update README.md
• 6bc6d60 Merge pull request #1101 from odaysec/patch-1
• e9afd60 Update server.js
• 166151c see #1095
• ac7c594 Merge pull request #1096 from Rotzbua/fix_missing
• Additional commits viewable in compare view

Updates googleapis from 148.0.0 to 149.0.0

Release notes

Sourced from googleapis's releases.

googleapis: v149.0.0

149.0.0 (2025-05-05)

� BREAKING CHANGES

• sqladmin: This release has breaking changes.
• compute: This release has breaking changes.
• civicinfo: This release has breaking changes.
• workloadmanager: This release has breaking changes.
• vault: This release has breaking changes.
• tagmanager: This release has breaking changes.
• sqladmin: This release has breaking changes.
• securitycenter: This release has breaking changes.
• run: This release has breaking changes.
• policysimulator: This release has breaking changes.
• places: This release has breaking changes.
• paymentsresellersubscription: This release has breaking changes.
• osconfig: This release has breaking changes.
• merchantapi: This release has breaking changes.
• firebaseappdistribution: This release has breaking changes.
• file: This release has breaking changes.
• displayvideo: This release has breaking changes.
• connectors: This release has breaking changes.
• compute: This release has breaking changes.
• civicinfo: This release has breaking changes.
• chat: This release has breaking changes.
• beyondcorp: This release has breaking changes.
• analyticshub: This release has breaking changes.
• aiplatform: This release has breaking changes.

Features

• accessapproval: update the API (7f0bbb2)
• admin: update the API (f68c70c)
• aiplatform: update the API (29f8893)
• alertcenter: update the API (4dacec2)
• alloydb: update the API (fe65184)
• analyticsadmin: update the API (6a1cb77)
• analyticshub: update the API (9338d6a)
• androidmanagement: update the API (e6ea50e)
• androidmanagement: update the API (2440aae)
• apigateway: update the API (6828514)
• appengine: update the API (901f2c2)
• apphub: update the API (ce30f6f)
• artifactregistry: update the API (8696187)
• assuredworkloads: update the API (3272d5f)
• backupdr: update the API (709acf2)
• batch: update the API (1f653b5)
• beyondcorp: update the API (7b90d19)

... (truncated)

Commits

• 65f29c3 chore: release main (#3655)
• 657a24d feat: regenerate index files
• 9755a1f feat(sqladmin)!: update the API
• 1bb6bcc fix(servicecontrol): update the API
• b7e8b88 feat(recaptchaenterprise): update the API
• f74a90e fix(oracledatabase): update the API
• 6220f5d feat(networkservices): update the API
• 9ceb28b fix(merchantapi): update the API
• d37f66d feat(gkeonprem): update the API
• dd9f11b fix(fcm): update the API
• Additional commits viewable in compare view

Updates mailparser from 3.7.2 to 3.7.3

Release notes

Sourced from mailparser's releases.

v3.7.3

3.7.3 (2025-05-20)

Bug Fixes

• Bumped deps (9e084f9)

Changelog

Sourced from mailparser's changelog.

3.7.3 (2025-05-20)

Bug Fixes

• Bumped deps (9e084f9)

Commits

• 20c3300 chore(master): release 3.7.3 [skip-ci] (#387)
• 9e084f9 fix: Bumped deps
• See full diff in compare view

Updates puppeteer from 24.8.2 to 24.9.0

Release notes

Sourced from puppeteer's releases.

puppeteer-core: v24.9.0

24.9.0 (2025-05-20)

Features

• add screencast override options (#13708) (e3586e8)

Bug Fixes

• roll to Chrome 136.0.7103.94 (#13870) (9c6ef13)
• roll to Firefox 138.0.3 (#13868) (863a3e0)
• roll to Firefox 138.0.4 (#13881) (29ff2b5)

Dependencies

• The following workspace dependencies were updated
  • dependencies
    • @​puppeteer/browsers bumped from 2.10.4 to 2.10.5

puppeteer: v24.9.0

24.9.0 (2025-05-20)

Miscellaneous Chores

• puppeteer: Synchronize puppeteer versions

Dependencies

• The following workspace dependencies were updated
  • dependencies
    • @​puppeteer/browsers bumped from 2.10.4 to 2.10.5
    • puppeteer-core bumped from 24.8.2 to 24.9.0

Changelog

Sourced from puppeteer's changelog.

24.9.0 (2025-05-20)

Miscellaneous Chores

• puppeteer: Synchronize puppeteer versions

Dependencies

• The following workspace dependencies were updated
  • dependencies
    • @​puppeteer/browsers bumped from 2.10.4 to 2.10.5

Features

• add screencast override options (#13708) (e3586e8)

Bug Fixes

• roll to Chrome 136.0.7103.94 (#13870) (9c6ef13)
• roll to Firefox 138.0.3 (#13868) (863a3e0)
• roll to Firefox 138.0.4 (#13881) (29ff2b5)

Commits

• efc1343 chore: release main (#13893)
• ffd7412 test: treat the server work similar to dedicated workers (#13891)
• 4f99f91 chore(deps): Bump the dependencies group with 3 updates (#13876)
• e17cddb test: try improve worker test stability (#13889)
• 8a9f881 chore(deps): Bump semver from 7.7.1 to 7.7.2 in /website in the all group (#1...
• fc910f1 chore(deps-dev): Bump the dev-dependencies group with 7 updates (#13877)
• 1766c71 chore(deps): Bump the all group with 2 updates (#13879)
• 97b7dd9 test: make worker test more robust (#13888)
• 4f066d5 ci: disable TabstripComboButton (#13887)
• 062fa30 chore(deps): Bump node from a1f1274 to e558507 in /docker in the all grou...
• Additional commits viewable in compare view

Updates undici-types from 7.9.0 to 7.10.0

Release notes

Sourced from undici-types's releases.

v7.10.0

What's Changed

• Add "clientLifetime" option to close and remove connections from the pool after a specified time. by @​dhalbrook in nodejs/undici#4175
• remove spurious only by @​mcollina in nodejs/undici#4207
• add node v24 workflow by @​tsctx in nodejs/undici#4206
• Update WPT by @​github-actions in nodejs/undici#4172
• chore: add pnpm-lock.yaml to .gitignore by @​styfle in nodejs/undici#4227
• fix: agent memory leak by @​styfle in nodejs/undici#4223
• Add ability to detect when MemoryCacheStore reaches max size by @​FelixVaughan in nodejs/undici#4224
• feat(ProxyAgent): match Curl behavior in HTTP->HTTP Proxy connections by @​caitp in nodejs/undici#4180
• docs: correct example in FormData request by @​inyourtime in nodejs/undici#4226

New Contributors

• @​dhalbrook made their first contribution in nodejs/undici#4175
• @​caitp made their first contribution in nodejs/undici#4180
• @​inyourtime made their first contribution in nodejs/undici#4226

Full Changelog: nodejs/undici@v7.9.0...v7.10.0

Commits

• 5ad8998 Bumped v7.10.0 (#4231)
• 9e0cfcb docs: correct example in FormData request (#4226)
• 95fd9d3 feat(ProxyAgent): match Curl behavior in HTTP->HTTP Proxy connections (#4180)
• a8d280c Add ability to detect when MemoryCacheStore reaches max size (#4224)
• 59940c8 fix: agent memory leak (#4223)
• 1262f61 Revert "chore: update WPT (#4172)"
• d6deb77 chore: add pnpm-lock.yaml to .gitignore (#4227)
• dcf82a7 chore: update WPT (#4172)
• 2ed2a8a add node v24 workflow (#4206)
• bf4c199 remove spurious only (#4207)
• Additional commits viewable in compare view

Updates web-ext from 8.6.0 to 8.7.0

Release notes

Sourced from web-ext's releases.

8.7.0

main changes

• Fixed: restore stdin raw mode to off after ctrl-c quit (#3395)
• Updated: dependency addons-linter to 7.12.0 (#3425)
  • Imported WebExtensions API JSON schema data for Firefox 139

dependencies

• Updated: dependency @babel/runtime to 7.27.1 (#3405)
• Updated: dependency chrome-launcher to 1.2.0 (#3412)
• Updated: dependency open to 10.1.2 (#3403)
• Updated: dependency pino to 9.7.0 (#3421)
• Updated: dependency strip-json-comments to 5.0.2 (#3420)
• Updated: dependency watchpack to 2.4.4 (#3424)
• Updated: dependency ws to 8.18.2 (#3407)

dev dependencies

• Updated: dependency @babel/cli to 7.27.2 (#3411)
• Updated: dependency @babel/core to 7.27.1 (#3399)
• Updated: dependency @babel/eslint-parser to 7.27.1 (#3401)
• Updated: dependency @babel/preset-env to 7.27.2 (#3410)
• Updated: dependency @babel/register to 7.27.1 (#3400)
• Updated: dependency @commitlint/cli to 19.8.1 (#3415)
• Updated: dependency @commitlint/config-conventional (#3416)
• Updated: dependency mocha to 11.4.0 (#3423)

---

See all changes: mozilla/web-ext@8.6.0...8.7.0

Commits

• bada318 8.7.0
• 60d577a chore(deps): bump addons-linter from 7.11.0 to 7.12.0 (#3425)
• f8a5a71 fix: restore stdin raw mode to off after ctrl-c quit (#3395)
• c32af2c chore(deps): bump open from 9.1.0 to 10.1.2 (#3403)
• 460bf16 chore(deps-dev): bump @​babel/eslint-parser from 7.27.0 to 7.27.1 (#3401)
• 6e6b665 chore(deps-dev): bump @​babel/register from 7.25.9 to 7.27.1 (#3400)
• 7b0c019 chore(deps-dev): bump @​babel/core from 7.26.10 to 7.27.1 (#3399)
• c5e1088 chore(deps): bump @​babel/runtime from 7.27.0 to 7.27.1 (#3405)
• 098af48 chore(deps): bump strip-json-comments from 5.0.1 to 5.0.2 (#3420)
• 83e7f13 chore(deps): bump ws from 8.18.1 to 8.18.2 (#3407)
• Additional commits viewable in compare view

Most Recent Ignore Conditions Applied to This Pull Request

Dependency Name	Ignore Conditions
puppeteer	[>= 21.7.a, < 21.8]
puppeteer	[>= 22.0.a, < 22.1]
puppeteer	[>= 22.1.a, < 22.2]
puppeteer	[>= 22.3.a, < 22.4]
puppeteer	[>= 22.5.a, < 22.6]
puppeteer	[>= 22.6.a, < 22.7]
puppeteer	[>= 22.4.a, < 22.5]
puppeteer	[>= 22.2.a, < 22.3]
puppeteer	[>= 22.7.a, < 22.8]

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions