From d162ac2456513edc0141c7b6ea1b93413de13e2d Mon Sep 17 00:00:00 2001 From: snyk-bot Date: Fri, 3 Apr 2026 15:16:19 +0000 Subject: [PATCH] fix: package.json & package-lock.json to reduce vulnerabilities The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-DOMPURIFY-15874903 - https://snyk.io/vuln/SNYK-JS-DOMPURIFY-15874905 --- package-lock.json | 12 ++++++++---- package.json | 2 +- 2 files changed, 9 insertions(+), 5 deletions(-) diff --git a/package-lock.json b/package-lock.json index 8fe9f087..e65dc4be 100644 --- a/package-lock.json +++ b/package-lock.json @@ -16,7 +16,7 @@ "@emotion/styled": "^11.6.0", "adaptivecards": "^2.10.0", "axios": "^1.13.5", - "dompurify": "3.2.4", + "dompurify": "^3.3.2", "flatpickr": "4.6.3", "immutable": "^4.0.0-rc.12", "lodash": "^4.17.21", @@ -5485,9 +5485,13 @@ "dev": true }, "node_modules/dompurify": { - "version": "3.2.4", - "resolved": "https://registry.npmjs.org/dompurify/-/dompurify-3.2.4.tgz", - "integrity": "sha512-ysFSFEDVduQpyhzAob/kkuJjf5zWkZD8/A9ywSp1byueyuCfHamrCBa14/Oc2iiB0e51B+NpxSl5gmzn+Ms/mg==", + "version": "3.3.2", + "resolved": "https://registry.npmjs.org/dompurify/-/dompurify-3.3.2.tgz", + "integrity": "sha512-6obghkliLdmKa56xdbLOpUZ43pAR6xFy1uOrxBaIDjT+yaRuuybLjGS9eVBoSR/UPU5fq3OXClEHLJNGvbxKpQ==", + "license": "(MPL-2.0 OR Apache-2.0)", + "engines": { + "node": ">=20" + }, "optionalDependencies": { "@types/trusted-types": "^2.0.7" } diff --git a/package.json b/package.json index c825b3e9..0de65e35 100644 --- a/package.json +++ b/package.json @@ -53,7 +53,7 @@ "@emotion/styled": "^11.6.0", "adaptivecards": "^2.10.0", "axios": "^1.13.5", - "dompurify": "3.2.4", + "dompurify": "3.3.2", "flatpickr": "4.6.3", "immutable": "^4.0.0-rc.12", "lodash": "^4.17.21",