From 4aab9ded4bb66fd9d28ec2778f8ed4bba2ef0c0d Mon Sep 17 00:00:00 2001 From: snyk-bot Date: Fri, 6 Mar 2026 21:37:19 +0000 Subject: [PATCH] fix: package.json & package-lock.json to reduce vulnerabilities The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-DOMPURIFY-15371376 --- package-lock.json | 11 +++++++---- package.json | 2 +- 2 files changed, 8 insertions(+), 5 deletions(-) diff --git a/package-lock.json b/package-lock.json index b1d150fe..1d7b033d 100644 --- a/package-lock.json +++ b/package-lock.json @@ -12,7 +12,7 @@ "@fontsource/figtree": "5.2.10", "adaptivecards": "2.11.1", "classnames": "^2.3.2", - "dompurify": "^3.0.11", + "dompurify": "^3.3.2", "moment": "^2.30.1", "react-flatpickr": "^4.0.11", "react-markdown": "9.0.3", @@ -5189,10 +5189,13 @@ } }, "node_modules/dompurify": { - "version": "3.3.0", - "resolved": "https://registry.npmjs.org/dompurify/-/dompurify-3.3.0.tgz", - "integrity": "sha512-r+f6MYR1gGN1eJv0TVQbhA7if/U7P87cdPl3HN5rikqaBSBxLiCb/b9O+2eG0cxz0ghyU+mU1QkbsOwERMYlWQ==", + "version": "3.3.2", + "resolved": "https://registry.npmjs.org/dompurify/-/dompurify-3.3.2.tgz", + "integrity": "sha512-6obghkliLdmKa56xdbLOpUZ43pAR6xFy1uOrxBaIDjT+yaRuuybLjGS9eVBoSR/UPU5fq3OXClEHLJNGvbxKpQ==", "license": "(MPL-2.0 OR Apache-2.0)", + "engines": { + "node": ">=20" + }, "optionalDependencies": { "@types/trusted-types": "^2.0.7" } diff --git a/package.json b/package.json index e6464a81..fb297901 100644 --- a/package.json +++ b/package.json @@ -62,7 +62,7 @@ "@fontsource/figtree": "5.2.10", "adaptivecards": "2.11.1", "classnames": "^2.3.2", - "dompurify": "^3.0.11", + "dompurify": "^3.3.2", "moment": "^2.30.1", "react-flatpickr": "^4.0.11", "react-markdown": "9.0.3",