From c42e58faae8e4c0cf551ea8ed4038904f4e60dbe Mon Sep 17 00:00:00 2001 From: Claude Date: Fri, 17 Jul 2026 09:16:51 +0000 Subject: [PATCH] fix(security): bump dompurify to patch XSS and prototype pollution issues Upgrades dompurify from 3.4.1 to 3.4.12 to pick up upstream sanitization bypass and prototype pollution fixes released in the 3.4.x line. Co-Authored-By: Claude --- package-lock.json | 8 ++++---- package.json | 2 +- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/package-lock.json b/package-lock.json index 15831bd6..bf88b589 100644 --- a/package-lock.json +++ b/package-lock.json @@ -15,7 +15,7 @@ "classnames": "^2.5.1", "dayjs": "^1.11.13", "deepsignal": "^1.5.0", - "dompurify": "^3.4.1", + "dompurify": "^3.4.12", "get-xpath": "^3.2.0", "goober": "^2.1.16", "lodash-es": "^4.18.1", @@ -3681,9 +3681,9 @@ "dev": true }, "node_modules/dompurify": { - "version": "3.4.1", - "resolved": "https://registry.npmjs.org/dompurify/-/dompurify-3.4.1.tgz", - "integrity": "sha512-JahakDAIg1gyOm7dlgWSDjV4n7Ip2PKR55NIT6jrMfIgLFgWo81vdr1/QGqWtFNRqXP9UV71oVePtjqS2ebnPw==", + "version": "3.4.12", + "resolved": "https://registry.npmjs.org/dompurify/-/dompurify-3.4.12.tgz", + "integrity": "sha512-zQvGet8Z2sWbQhCmfFz/T5QWH2oBmjnqK3qvOjaqaNLrLEF912WamU+ohnTp0TCep/MFVHpdJuCZEdFOdTnEFg==", "license": "(MPL-2.0 OR Apache-2.0)", "optionalDependencies": { "@types/trusted-types": "^2.0.7" diff --git a/package.json b/package.json index 0b70eb2f..40afa9ad 100644 --- a/package.json +++ b/package.json @@ -91,7 +91,7 @@ "classnames": "^2.5.1", "dayjs": "^1.11.13", "deepsignal": "^1.5.0", - "dompurify": "^3.4.1", + "dompurify": "^3.4.12", "get-xpath": "^3.2.0", "goober": "^2.1.16", "lodash-es": "^4.18.1",