Update dependency dompurify to v3.2.3 (#21835)

This PR contains the following updates: | Package | Change | Age | Adoption | Passing | Confidence | |---|---|---|---|---|---| | [dompurify](https://redirect.github.com/cure53/DOMPurify) | [`3.2.2` -> `3.2.3`](https://renovatebot.com/diffs/npm/dompurify/3.2.2/3.2.3) | [![age](https://developer.mend.io/api/mc/badges/age/npm/dompurify/3.2.3?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/dompurify/3.2.3?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/dompurify/3.2.2/3.2.3?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/dompurify/3.2.2/3.2.3?slim=true)](https://docs.renovatebot.com/merge-confidence/) | --- ### Release Notes <details> <summary>cure53/DOMPurify (dompurify)</summary> ### [`v3.2.3`](https://redirect.github.com/cure53/DOMPurify/releases/tag/3.2.3): DOMPurify 3.2.3 [Compare Source](https://redirect.github.com/cure53/DOMPurify/compare/3.2.2...3.2.3) - Fixed two conditional sanitizer bypasses discovered by [@parrot409](https://redirect.github.com/parrot409) and [@Slonser](https://x.com/slonser\_) - Updated the attribute clobbering checks to prevent future bypasses, thanks [@parrot409](https://redirect.github.com/parrot409) </details> --- ### Configuration 📅 **Schedule**: Branch creation - "* * * * 1-5" (UTC), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Enabled. ♻ **Rebasing**: Never, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] If you want to rebase/retry this PR, check this box --- This PR was generated by [Mend Renovate](https://mend.io/renovate/). View the [repository job log](https://developer.mend.io/github/TryGhost/Ghost).  Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2024-12-30 22:34:01 -05:00 · 2024-12-09 10:08:05 +00:00 · 2024-12-09 10:08:05 +00:00 · 75cece4da7
commit 75cece4da7
parent dbcbabb99a
2 changed files with 5 additions and 5 deletions
--- a/ghost/core/package.json
+++ b/ghost/core/package.json
@ -179,7 +179,7 @@
    "connect-slashes": "1.4.0",
    "cookie-session": "2.1.0",
    "cors": "2.8.5",
-    "dompurify": "3.2.2",
+    "dompurify": "3.2.3",
    "downsize": "0.0.8",
    "express": "4.21.1",
    "express-brute": "1.0.1",
--- a/yarn.lock
+++ b/yarn.lock
@ -14446,10 +14446,10 @@ domhandler@^5.0.1, domhandler@^5.0.2, domhandler@^5.0.3:
  dependencies:
    domelementtype "^2.3.0"

-dompurify@3.2.2:
-  version "3.2.2"
-  resolved "https://registry.yarnpkg.com/dompurify/-/dompurify-3.2.2.tgz#6c0518745e81686c74a684f5af1e5613e7cc0246"
-  integrity sha512-YMM+erhdZ2nkZ4fTNRTSI94mb7VG7uVF5vj5Zde7tImgnhZE3R6YW/IACGIHb2ux+QkEXMhe591N+5jWOmL4Zw==
+dompurify@3.2.3:
+  version "3.2.3"
+  resolved "https://registry.yarnpkg.com/dompurify/-/dompurify-3.2.3.tgz#05dd2175225324daabfca6603055a09b2382a4cd"
+  integrity sha512-U1U5Hzc2MO0oW3DF+G9qYN0aT7atAou4AgI0XjWz061nyBPbdxkfdhfy5uMgGn6+oLFCfn44ZGbdDqCzVmlOWA==
  optionalDependencies:
    "@types/trusted-types" "^2.0.7"