From 83abf14245162062029712a5b6feb0a75ff1a923 Mon Sep 17 00:00:00 2001
From: snyk-bot <snyk-bot@snyk.io>
Date: Thu, 16 Apr 2026 09:55:05 +0000
Subject: [PATCH] fix: web/package.json & web/yarn.lock to reduce
 vulnerabilities

The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-DOMPURIFY-16078387
---
 web/package.json | 2 +-
 web/yarn.lock    | 8 ++++----
 2 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/web/package.json b/web/package.json
index cc7025c3..acadd1e9 100644
--- a/web/package.json
+++ b/web/package.json
@@ -21,7 +21,7 @@
     "bootstrap": "4.1.1",
     "bootstrap-vue": "2.0.0-rc.12",
     "brace": "^0.11.1",
-    "dompurify": "3.2.4",
+    "dompurify": "3.4.0",
     "esprima": "^4.0.1",
     "handlebars": "4.7.7",
     "jsonpointer": "4.1.0",
diff --git a/web/yarn.lock b/web/yarn.lock
index d66a2562..257c07d0 100644
--- a/web/yarn.lock
+++ b/web/yarn.lock
@@ -4045,10 +4045,10 @@ domhandler@^2.3.0:
   dependencies:
     domelementtype "1"
 
-dompurify@3.2.4:
-  version "3.2.4"
-  resolved "https://registry.yarnpkg.com/dompurify/-/dompurify-3.2.4.tgz#af5a5a11407524431456cf18836c55d13441cd8e"
-  integrity sha512-ysFSFEDVduQpyhzAob/kkuJjf5zWkZD8/A9ywSp1byueyuCfHamrCBa14/Oc2iiB0e51B+NpxSl5gmzn+Ms/mg==
+dompurify@3.4.0:
+  version "3.4.0"
+  resolved "https://registry.yarnpkg.com/dompurify/-/dompurify-3.4.0.tgz#b1fc33ebdadb373241621e0a30e4ad81573dfd0b"
+  integrity sha512-nolgK9JcaUXMSmW+j1yaSvaEaoXYHwWyGJlkoCTghc97KgGDDSnpoU/PlEnw63Ah+TGKFOyY+X5LnxaWbCSfXg==
   optionalDependencies:
     "@types/trusted-types" "^2.0.7"