From 06ce7ec5b072b8c7b07a326e9190b2c943995f19 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 3 Jun 2026 23:20:50 -0700 Subject: [PATCH] build(deps): bump dompurify from 3.3.2 to 3.4.8 (#7326) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Bumps [dompurify](https://github.com/cure53/DOMPurify) from 3.3.2 to 3.4.8.
Release notes

Sourced from dompurify's releases.

DOMPurify 3.4.8

DOMPurify 3.4.7

DOMPurify 3.4.6

DOMPurify 3.4.5

Note that this is a security release for an issue introduced in 3.4.4 and should be upgraded to immediately.

DOMPurify 3.4.4

🚨 This release had been flagged as deprecated, please use DOMPurify 3.4.5 instead 🚨

DOMPurify 3.4.3

DOMPurify 3.4.2

DOMPurify 3.4.1

... (truncated)

Commits
Install script changes

This version adds prepare script that runs during installation. Review the package contents before updating.


Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- pnpm-lock.yaml | 13 ++++++------- server/package.json | 2 +- 2 files changed, 7 insertions(+), 8 deletions(-) diff --git a/pnpm-lock.yaml b/pnpm-lock.yaml index 869cb7fc..c4a5ea7e 100644 --- a/pnpm-lock.yaml +++ b/pnpm-lock.yaml @@ -687,8 +687,8 @@ importers: specifier: ^2.1.0 version: 2.1.0 dompurify: - specifier: ^3.3.2 - version: 3.3.2 + specifier: ^3.4.8 + version: 3.4.8 dotenv: specifier: ^17.0.1 version: 17.3.1 @@ -4979,9 +4979,8 @@ packages: dom-accessibility-api@0.6.3: resolution: {integrity: sha512-7ZgogeTnjuHbo+ct10G9Ffp0mif17idi0IyWNVA/wcwcm7NPOD/WEHVP3n7n3MhXqxoIYm8d6MuZohYWIZ4T3w==} - dompurify@3.3.2: - resolution: {integrity: sha512-6obghkliLdmKa56xdbLOpUZ43pAR6xFy1uOrxBaIDjT+yaRuuybLjGS9eVBoSR/UPU5fq3OXClEHLJNGvbxKpQ==} - engines: {node: '>=20'} + dompurify@3.4.8: + resolution: {integrity: sha512-yb1cEmaOum7wFvOCSQxyfgVlv5D47Rc30iZWoMpbDIWTnJ6grDDQyu2KFJzB2k7u0pMuJcQ1zphH//fFnw2tjQ==} dotenv@16.6.1: resolution: {integrity: sha512-uBq4egWHTcTt33a72vpSG0z3HnPuIl6NqYcTrKEg2azoEyl2hpW0zqlxysq2pK9HlDIHyHyakeYaYnSAwd8bow==} @@ -12076,7 +12075,7 @@ snapshots: dom-accessibility-api@0.6.3: {} - dompurify@3.3.2: + dompurify@3.4.8: optionalDependencies: '@types/trusted-types': 2.0.7 @@ -13156,7 +13155,7 @@ snapshots: d3-sankey: 0.12.3 dagre-d3-es: 7.0.13 dayjs: 1.11.19 - dompurify: 3.3.2 + dompurify: 3.4.8 katex: 0.16.37 khroma: 2.1.0 lodash-es: 4.17.23 diff --git a/server/package.json b/server/package.json index 604a1dce..ae78553f 100644 --- a/server/package.json +++ b/server/package.json @@ -63,7 +63,7 @@ "better-auth": "1.4.18", "chokidar": "^4.0.3", "detect-port": "^2.1.0", - "dompurify": "^3.3.2", + "dompurify": "^3.4.8", "dotenv": "^17.0.1", "drizzle-orm": "^0.45.2", "embedded-postgres": "^18.1.0-beta.16",