[Snyk] Security upgrade dompurify from 3.3.0 to 3.3.2

[graymalkin77]

Snyk has created this PR to fix 2 vulnerabilities in the npm dependencies of this project.

Snyk changed the following file(s):

• package.json
• package-lock.json

Vulnerabilities that will be fixed with an upgrade:

	Issue	Score
	Prototype Pollution SNYK-JS-DOMPURIFY-15874903	551
	Permissive List of Allowed Inputs SNYK-JS-DOMPURIFY-15874905	551

Breaking Change Risk

Notice: This assessment is enhanced by AI.

---

Important

• Check the changes in this PR to ensure they won't cause issues with your project.
• Max score is 1000. Note that the real score may have changed since the PR was raised.
• This PR was automatically created by Snyk using the credentials of a real user.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report
📜 Customise PR templates
🛠 Adjust project settings
📚 Read about Snyk's upgrade logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Prototype Pollution

[graymalkin77]

This is a patch upgrade that includes security fixes and bug corrections.

Highlights:

• v3.3.2: This version addresses a potential bypass in jsdom, a prototype pollution issue, and fixes lenient configuration parsing.
• v3.3.1: This version extended the ADD_FORBID_CONTENTS setting and corrected the ESM import syntax.

Potential Impact:
The fix for "lenient config parsing in _isValidAttribute" in version 3.3.2 introduces stricter validation. While this is a bug fix, it could be a behavioral change for any implementation that was unintentionally relying on the previous, more lenient parsing. This change warrants a medium risk assessment.

Recommendation:
Verify that any custom configurations for DOMPurify attributes are still behaving as expected after the upgrade.

Source: GitHub Releases

Notice 🤖: This content was augmented using artificial intelligence. AI-generated content may contain errors and should be reviewed for accuracy before use.

[graymalkin77]

✅ Snyk checks have passed. No issues have been found so far.

Status	Scan Engine	Critical	High	Medium	Low	Total (0)
✅	Open Source Security	0	0	0	0	0 issues
✅	Licenses	0	0	0	0	0 issues
✅	Code Security	0	0	0	0	0 issues

💻 Catch issues earlier using the plugins for VS Code, JetBrains IDEs, Visual Studio, and Eclipse.

[Copilot]

Pull request overview

This PR updates the project’s DOMPurify dependency to remediate the two Snyk-reported DOMPurify vulnerabilities, aligning both the manifest and lockfile to the patched release.

Changes:

• Bump dompurify dependency range to ^3.3.2 in package.json.
• Update package-lock.json to resolve dompurify to 3.3.2 (including updated tarball integrity metadata).

Reviewed changes

Copilot reviewed 1 out of 2 changed files in this pull request and generated no comments.

File	Description
package.json	Raises the minimum DOMPurify version to a patched release (^3.3.2).
package-lock.json	Locks DOMPurify to 3.3.2 with updated resolved URL/integrity (and package metadata).

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.