From 3a93e309f2af9c26ad641f9f29bb0b00e8cf29ea Mon Sep 17 00:00:00 2001 From: simoleo89 <11816867+simoleo89@users.noreply.github.com> Date: Wed, 17 Jun 2026 21:50:54 +0200 Subject: [PATCH] =?UTF-8?q?chore(deps):=20bump=20dompurify=20to=20^3.4.10?= =?UTF-8?q?=20(3.4.11)=20=E2=80=94=20fixes=20low-severity=20advisory?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit dompurify 3.4.8 is flagged by yarn audit (npm advisory 1120805: a Trusted Types policy survives clearConfig and can poison later RETURN_TRUSTED_TYPE output, patched in >=3.4.9). It's the library behind SanitizeHtml — the client's XSS defence — so keep it current. After the bump yarn audit reports 0 vulnerabilities. typecheck 0, tests green. --- package.json | 2 +- yarn.lock | 8 ++++---- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/package.json b/package.json index 583190b..2c84222 100644 --- a/package.json +++ b/package.json @@ -26,7 +26,7 @@ "@tanstack/react-query": "5", "@tanstack/react-query-devtools": "5", "@tanstack/react-virtual": "^3.14.2", - "dompurify": "^3.4.8", + "dompurify": "^3.4.10", "emoji-mart": "^5.6.0", "emoji-toolkit": "10.0.0", "framer-motion": "^12.40.0", diff --git a/yarn.lock b/yarn.lock index 52000d2..9db744a 100644 --- a/yarn.lock +++ b/yarn.lock @@ -2156,10 +2156,10 @@ dom-accessibility-api@^0.6.3: resolved "https://registry.yarnpkg.com/dom-accessibility-api/-/dom-accessibility-api-0.6.3.tgz#993e925cc1d73f2c662e7d75dd5a5445259a8fd8" integrity sha512-7ZgogeTnjuHbo+ct10G9Ffp0mif17idi0IyWNVA/wcwcm7NPOD/WEHVP3n7n3MhXqxoIYm8d6MuZohYWIZ4T3w== -dompurify@^3.4.8: - version "3.4.8" - resolved "https://registry.yarnpkg.com/dompurify/-/dompurify-3.4.8.tgz#6c54f8c207160e7f83fcb7f4fd05a82ac36b1cdc" - integrity sha512-yb1cEmaOum7wFvOCSQxyfgVlv5D47Rc30iZWoMpbDIWTnJ6grDDQyu2KFJzB2k7u0pMuJcQ1zphH//fFnw2tjQ== +dompurify@^3.4.10: + version "3.4.11" + resolved "https://registry.yarnpkg.com/dompurify/-/dompurify-3.4.11.tgz#29c8ba496475f279ef4015784068452fb14a0680" + integrity sha512-zhlUV12GsaRzMsf9q5M254YhA4+VuF0fG+QFqu6aYpoGlKtz+w8//jBcGVYBgQkR5GHjUomejY84AV+/uPbWdw== optionalDependencies: "@types/trusted-types" "^2.0.7"