Raise frontend security dependency floors on v6

Bumps frontend-modern DOMPurify from ^3.4.0 / 3.4.0 to ^3.4.1 / 3.4.1 and PostCSS from ^8.4.0 / 8.5.6 to ^8.5.13 / 8.5.13. Keeps pulse/v6-release aligned with the default-branch Dependabot fixes for GHSA-39q2-94rc-95cp and GHSA-qx2v-qp2m-jg93. Verification: npm ci, npm audit --audit-level=moderate, npm run type-check, npm run build, npm run lint, status_audit.py --check, registry_audit.py --check from the canonical workspace. Full npm test remains red on origin/pulse/v6-release with the same targeted baseline failures unrelated to these dependency changes.
2026-05-22 11:10:33 +00:00 · 2026-05-01 20:23:03 +01:00 · 2026-05-01 20:23:03 +01:00 · ef59055264
commit ef59055264
parent 931179cb29
2 changed files with 10 additions and 10 deletions
--- a/frontend-modern/package-lock.json
+++ b/frontend-modern/package-lock.json
@ -10,7 +10,7 @@
      "license": "MIT",
      "dependencies": {
        "@solidjs/router": "^0.10.10",
-        "dompurify": "^3.4.0",
+        "dompurify": "^3.4.1",
        "lucide-solid": "^0.545.0",
        "marked": "^17.0.1",
        "qrcode": "^1.5.4",
@ -33,7 +33,7 @@
        "globals": "^17.3.0",
        "jscpd": "^4.0.8",
        "jsdom": "^24.1.0",
-        "postcss": "^8.4.0",
+        "postcss": "^8.5.13",
        "prettier": "^3.3.0",
        "tailwindcss": "^3.4.18",
        "typescript": "^5.3.0",
@ -3316,9 +3316,9 @@
      "license": "MIT"
    },
    "node_modules/dompurify": {
-      "version": "3.4.0",
-      "resolved": "https://registry.npmjs.org/dompurify/-/dompurify-3.4.0.tgz",
-      "integrity": "sha512-nolgK9JcaUXMSmW+j1yaSvaEaoXYHwWyGJlkoCTghc97KgGDDSnpoU/PlEnw63Ah+TGKFOyY+X5LnxaWbCSfXg==",
+      "version": "3.4.1",
+      "resolved": "https://registry.npmjs.org/dompurify/-/dompurify-3.4.1.tgz",
+      "integrity": "sha512-JahakDAIg1gyOm7dlgWSDjV4n7Ip2PKR55NIT6jrMfIgLFgWo81vdr1/QGqWtFNRqXP9UV71oVePtjqS2ebnPw==",
      "license": "(MPL-2.0 OR Apache-2.0)",
      "optionalDependencies": {
        "@types/trusted-types": "^2.0.7"
@ -5469,9 +5469,9 @@
      }
    },
    "node_modules/postcss": {
-      "version": "8.5.6",
-      "resolved": "https://registry.npmjs.org/postcss/-/postcss-8.5.6.tgz",
-      "integrity": "sha512-3Ybi1tAuwAP9s0r1UQ2J4n5Y0G05bJkpUIO0/bI9MhwmD70S5aTWbXGBwxHrelT+XM1k6dM0pk+SwNkpTRN7Pg==",
+      "version": "8.5.13",
+      "resolved": "https://registry.npmjs.org/postcss/-/postcss-8.5.13.tgz",
+      "integrity": "sha512-qif0+jGGZoLWdHey3UFHHWP0H7Gbmsk8T5VEqyYFbWqPr1XqvLGBbk/sl8V5exGmcYJklJOhOQq1pV9IcsiFag==",
      "dev": true,
      "funding": [
        {
--- a/frontend-modern/package.json
+++ b/frontend-modern/package.json
@ -43,7 +43,7 @@
  },
  "dependencies": {
    "@solidjs/router": "^0.10.10",
-    "dompurify": "^3.4.0",
+    "dompurify": "^3.4.1",
    "lucide-solid": "^0.545.0",
    "marked": "^17.0.1",
    "qrcode": "^1.5.4",
@ -70,7 +70,7 @@
    "globals": "^17.3.0",
    "jscpd": "^4.0.8",
    "jsdom": "^24.1.0",
-    "postcss": "^8.4.0",
+    "postcss": "^8.5.13",
    "prettier": "^3.3.0",
    "tailwindcss": "^3.4.18",
    "typescript": "^5.3.0",