[Snyk] Security upgrade dompurify from 3.2.4 to 3.4.0#513
Conversation
The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-DOMPURIFY-16078387
|
This minor version upgrade for Key changes include:
This upgrade is considered safe as it patches vulnerabilities and corrects unintended behavior without altering the public API. Source: GitHub Releases
|
✅ Snyk checks have passed. No issues have been found so far.
💻 Catch issues earlier using the plugins for VS Code, JetBrains IDEs, Visual Studio, and Eclipse. |
There was a problem hiding this comment.
Pull request overview
Updates the dompurify dependency to address a Snyk-reported vulnerability in this project’s npm dependency tree.
Changes:
- Bump
dompurifyfrom3.2.4to3.4.0inpackage.json. - Update
package-lock.jsonto resolvedompurifyto3.4.0(including updated tarball integrity metadata).
Reviewed changes
Copilot reviewed 1 out of 2 changed files in this pull request and generated no comments.
| File | Description |
|---|---|
| package.json | Pins dompurify to 3.4.0 to remediate the reported vulnerability. |
| package-lock.json | Updates locked dompurify package resolution to 3.4.0 and associated metadata. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
Snyk has created this PR to fix 1 vulnerabilities in the npm dependencies of this project.
Snyk changed the following file(s):
package.jsonpackage-lock.jsonVulnerabilities that will be fixed with an upgrade:
SNYK-JS-DOMPURIFY-16078387
Breaking Change Risk
Important
Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.
For more information:
🧐 View latest project report
📜 Customise PR templates
🛠 Adjust project settings
📚 Read about Snyk's upgrade logic
Learn how to fix vulnerabilities with free interactive lessons:
🦉 Learn about vulnerability in an interactive lesson of Snyk Learn.