Bump dompurify to 3.3.2 to fix XSS vulnerability (Dependabot #64)

DOMPurify 3.1.3–3.3.1 has an XSS vulnerability via missing rawtext element sanitization. Bump to 3.3.2 which includes the fix.
2026-04-28 03:20:11 +00:00 · 2026-03-07 10:46:12 +00:00 · 2026-03-07 10:46:12 +00:00 · 64f3bfa922
commit 64f3bfa922
parent ddecf6d00c
2 changed files with 9 additions and 6 deletions
--- a/frontend-modern/package-lock.json
+++ b/frontend-modern/package-lock.json
@ -10,7 +10,7 @@
      "license": "MIT",
      "dependencies": {
        "@solidjs/router": "^0.10.10",
-        "dompurify": "^3.3.1",
+        "dompurify": "^3.3.2",
        "lucide-solid": "^0.545.0",
        "marked": "^17.0.1",
        "solid-js": "^1.8.0"
@ -2990,10 +2990,13 @@
      "license": "MIT"
    },
    "node_modules/dompurify": {
-      "version": "3.3.1",
-      "resolved": "https://registry.npmjs.org/dompurify/-/dompurify-3.3.1.tgz",
-      "integrity": "sha512-qkdCKzLNtrgPFP1Vo+98FRzJnBRGe4ffyCea9IwHB1fyxPOeNTHpLKYGd4Uk9xvNoH0ZoOjwZxNptyMwqrId1Q==",
+      "version": "3.3.2",
+      "resolved": "https://registry.npmjs.org/dompurify/-/dompurify-3.3.2.tgz",
+      "integrity": "sha512-6obghkliLdmKa56xdbLOpUZ43pAR6xFy1uOrxBaIDjT+yaRuuybLjGS9eVBoSR/UPU5fq3OXClEHLJNGvbxKpQ==",
      "license": "(MPL-2.0 OR Apache-2.0)",
+      "engines": {
+        "node": ">=20"
+      },
      "optionalDependencies": {
        "@types/trusted-types": "^2.0.7"
      }
--- a/frontend-modern/package.json
+++ b/frontend-modern/package.json
@ -29,7 +29,7 @@
  },
  "dependencies": {
    "@solidjs/router": "^0.10.10",
-    "dompurify": "^3.3.1",
+    "dompurify": "^3.3.2",
    "lucide-solid": "^0.545.0",
    "marked": "^17.0.1",
    "solid-js": "^1.8.0"
@ -62,4 +62,4 @@
    "vite-plugin-solid": "^2.8.0",
    "vitest": "^3.2.4"
  }
-}
+}