chore(deps): bump dompurify from 3.1.3 to 3.2.4 (#2667)

* chore(deps): bump dompurify from 3.1.3 to 3.2.4 Bumps [dompurify](https://github.com/cure53/DOMPurify) from 3.1.3 to 3.2.4. - [Release notes](https://github.com/cure53/DOMPurify/releases) - [Commits](https://github.com/cure53/DOMPurify/compare/3.1.3...3.2.4) --- updated-dependencies: - dependency-name: dompurify dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com> * chore(deps): update dompurify --------- Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: kanoru <kanoru3101@gmail.com>
2025-04-19 16:22:05 +03:00 · 2025-04-08 15:06:41 +03:00 · 2025-04-08 15:06:41 +03:00 · 7cedd59826
commit 7cedd59826
parent cab07bad3b
3 changed files with 28 additions and 17 deletions
--- a/package-lock.json
+++ b/package-lock.json
@ -12,7 +12,7 @@
        "@redocly/openapi-core": "^1.4.0",
        "classnames": "^2.3.2",
        "decko": "^1.2.0",
-        "dompurify": "^3.0.6",
+        "dompurify": "^3.2.4",
        "eventemitter3": "^5.0.1",
        "json-pointer": "^0.6.2",
        "lunr": "^2.3.9",
@ -4124,10 +4124,11 @@
      "dev": true
    },
    "node_modules/@types/trusted-types": {
-      "version": "2.0.0",
-      "resolved": "https://registry.npmjs.org/@types/trusted-types/-/trusted-types-2.0.0.tgz",
-      "integrity": "sha512-I8MnZqNXsOLHsU111oHbn3khtvKMi5Bn4qVFsIWSJcCP1KKDiXX5AEw8UPk0nSopeC+Hvxt6yAy1/a5PailFqg==",
-      "dev": true
+      "version": "2.0.7",
+      "resolved": "https://registry.npmjs.org/@types/trusted-types/-/trusted-types-2.0.7.tgz",
+      "integrity": "sha512-ScaPdn1dQczgbl0QFTeTOmVHFULt394XJgOQNoyVhZ6r2vLnMLJfBPd53SB52T/3G36VI1/g2MZaX0cwDuXsfw==",
+      "devOptional": true,
+      "license": "MIT"
    },
    "node_modules/@types/webpack": {
      "version": "5.28.0",
@ -7559,9 +7560,13 @@
      }
    },
    "node_modules/dompurify": {
-      "version": "3.1.3",
-      "resolved": "https://registry.npmjs.org/dompurify/-/dompurify-3.1.3.tgz",
-      "integrity": "sha512-5sOWYSNPaxz6o2MUPvtyxTTqR4D3L77pr5rUQoWgD5ROQtVIZQgJkXbo1DLlK3vj11YGw5+LnF4SYti4gZmwng=="
+      "version": "3.2.4",
+      "resolved": "https://registry.npmjs.org/dompurify/-/dompurify-3.2.4.tgz",
+      "integrity": "sha512-ysFSFEDVduQpyhzAob/kkuJjf5zWkZD8/A9ywSp1byueyuCfHamrCBa14/Oc2iiB0e51B+NpxSl5gmzn+Ms/mg==",
+      "license": "(MPL-2.0 OR Apache-2.0)",
+      "optionalDependencies": {
+        "@types/trusted-types": "^2.0.7"
+      }
    },
    "node_modules/domutils": {
      "version": "2.7.0",
@ -22354,10 +22359,10 @@
      "dev": true
    },
    "@types/trusted-types": {
-      "version": "2.0.0",
-      "resolved": "https://registry.npmjs.org/@types/trusted-types/-/trusted-types-2.0.0.tgz",
-      "integrity": "sha512-I8MnZqNXsOLHsU111oHbn3khtvKMi5Bn4qVFsIWSJcCP1KKDiXX5AEw8UPk0nSopeC+Hvxt6yAy1/a5PailFqg==",
-      "dev": true
+      "version": "2.0.7",
+      "resolved": "https://registry.npmjs.org/@types/trusted-types/-/trusted-types-2.0.7.tgz",
+      "integrity": "sha512-ScaPdn1dQczgbl0QFTeTOmVHFULt394XJgOQNoyVhZ6r2vLnMLJfBPd53SB52T/3G36VI1/g2MZaX0cwDuXsfw==",
+      "devOptional": true
    },
    "@types/webpack": {
      "version": "5.28.0",
@ -24892,9 +24897,12 @@
      }
    },
    "dompurify": {
-      "version": "3.1.3",
-      "resolved": "https://registry.npmjs.org/dompurify/-/dompurify-3.1.3.tgz",
-      "integrity": "sha512-5sOWYSNPaxz6o2MUPvtyxTTqR4D3L77pr5rUQoWgD5ROQtVIZQgJkXbo1DLlK3vj11YGw5+LnF4SYti4gZmwng=="
+      "version": "3.2.4",
+      "resolved": "https://registry.npmjs.org/dompurify/-/dompurify-3.2.4.tgz",
+      "integrity": "sha512-ysFSFEDVduQpyhzAob/kkuJjf5zWkZD8/A9ywSp1byueyuCfHamrCBa14/Oc2iiB0e51B+NpxSl5gmzn+Ms/mg==",
+      "requires": {
+        "@types/trusted-types": "^2.0.7"
+      }
    },
    "domutils": {
      "version": "2.7.0",
--- a/package.json
+++ b/package.json
@ -141,7 +141,7 @@
    "@redocly/openapi-core": "^1.4.0",
    "classnames": "^2.3.2",
    "decko": "^1.2.0",
-    "dompurify": "^3.0.6",
+    "dompurify": "^3.2.4",
    "eventemitter3": "^5.0.1",
    "json-pointer": "^0.6.2",
    "lunr": "^2.3.9",
--- a/src/components/Markdown/SanitizedMdBlock.tsx
+++ b/src/components/Markdown/SanitizedMdBlock.tsx
@ -6,11 +6,14 @@ import { StylingMarkdownProps } from './Markdown';
 import { StyledMarkdownBlock } from './styled.elements';
 import styled from 'styled-components';

+// Workaround for DOMPurify type issues (https://github.com/cure53/DOMPurify/issues/1034)
+const dompurify = DOMPurify['default'] as DOMPurify.DOMPurify;
+
 const StyledMarkdownSpan = styled(StyledMarkdownBlock)`
  display: inline;
 `;

-const sanitize = (sanitize, html) => (sanitize ? DOMPurify.sanitize(html) : html);
+const sanitize = (sanitize, html) => (sanitize ? dompurify.sanitize(html) : html);

 export function SanitizedMarkdownHTML({
  inline,