fix(deps): bump dompurify to 3.4.9 to fix XSS advisories

dompurify 3.4.0 was affected by several stacked advisories (mXSS /
sanitizer bypasses). 3.4.9 is past all vulnerable ranges. Resolves
Dependabot alerts #248-#254 (package.json) and #259-#265 (lockfile).
This commit is contained in:
kolaente 2026-06-16 08:30:00 +02:00
parent b42a7fdcc4
commit 652f61da50
No known key found for this signature in database
2 changed files with 6 additions and 6 deletions

View File

@ -82,7 +82,7 @@
"bulma-css-variables": "0.9.33",
"change-case": "5.4.4",
"dayjs": "1.11.19",
"dompurify": "3.4.0",
"dompurify": "3.4.9",
"fast-deep-equal": "3.1.3",
"flatpickr": "4.6.13",
"floating-vue": "5.2.2",

View File

@ -113,8 +113,8 @@ importers:
specifier: 1.11.19
version: 1.11.19
dompurify:
specifier: 3.4.0
version: 3.4.0
specifier: 3.4.9
version: 3.4.9
fast-deep-equal:
specifier: 3.1.3
version: 3.1.3
@ -3569,8 +3569,8 @@ packages:
resolution: {integrity: sha512-cgwlv/1iFQiFnU96XXgROh8xTeetsnJiDsTc7TYCLFd9+/WNkIqPTxiM/8pSd8VIrhXGTf1Ny1q1hquVqDJB5w==}
engines: {node: '>= 4'}
dompurify@3.4.0:
resolution: {integrity: sha512-nolgK9JcaUXMSmW+j1yaSvaEaoXYHwWyGJlkoCTghc97KgGDDSnpoU/PlEnw63Ah+TGKFOyY+X5LnxaWbCSfXg==}
dompurify@3.4.9:
resolution: {integrity: sha512-4dPSRMRDqHvs0V4YDFCsaIZo4if5u0xM+llyxiM2fwuZFdKArUBAF3VtI2+n8NKg9P870WMdYk0UhqQNoWXbfQ==}
domutils@3.2.2:
resolution: {integrity: sha512-6kZKyUajlDuqlHKVX1w7gyslj9MPIXzIFiz/rGu35uC1wMi+kMhQwGhl4lt9unC9Vb9INnY9Z3/ZA3+FhASLaw==}
@ -10334,7 +10334,7 @@ snapshots:
dependencies:
domelementtype: 2.3.0
dompurify@3.4.0:
dompurify@3.4.9:
optionalDependencies:
'@types/trusted-types': 2.0.7