From 89764322d9dc83eb903fd1fa3fc9912574aa77e9 Mon Sep 17 00:00:00 2001
From: snyk-bot <snyk-bot@snyk.io>
Date: Thu, 16 Apr 2026 23:06:56 +0000
Subject: [PATCH] fix: package.json & package-lock.json to reduce
 vulnerabilities

The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-DOMPURIFY-16078387
---
 package-lock.json | 9 +++++----
 package.json      | 2 +-
 2 files changed, 6 insertions(+), 5 deletions(-)

diff --git a/package-lock.json b/package-lock.json
index 8fe9f087..ba9d9bbf 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -16,7 +16,7 @@
 				"@emotion/styled": "^11.6.0",
 				"adaptivecards": "^2.10.0",
 				"axios": "^1.13.5",
-				"dompurify": "3.2.4",
+				"dompurify": "^3.4.0",
 				"flatpickr": "4.6.3",
 				"immutable": "^4.0.0-rc.12",
 				"lodash": "^4.17.21",
@@ -5485,9 +5485,10 @@
 			"dev": true
 		},
 		"node_modules/dompurify": {
-			"version": "3.2.4",
-			"resolved": "https://registry.npmjs.org/dompurify/-/dompurify-3.2.4.tgz",
-			"integrity": "sha512-ysFSFEDVduQpyhzAob/kkuJjf5zWkZD8/A9ywSp1byueyuCfHamrCBa14/Oc2iiB0e51B+NpxSl5gmzn+Ms/mg==",
+			"version": "3.4.0",
+			"resolved": "https://registry.npmjs.org/dompurify/-/dompurify-3.4.0.tgz",
+			"integrity": "sha512-nolgK9JcaUXMSmW+j1yaSvaEaoXYHwWyGJlkoCTghc97KgGDDSnpoU/PlEnw63Ah+TGKFOyY+X5LnxaWbCSfXg==",
+			"license": "(MPL-2.0 OR Apache-2.0)",
 			"optionalDependencies": {
 				"@types/trusted-types": "^2.0.7"
 			}
diff --git a/package.json b/package.json
index c825b3e9..b842262a 100644
--- a/package.json
+++ b/package.json
@@ -53,7 +53,7 @@
 		"@emotion/styled": "^11.6.0",
 		"adaptivecards": "^2.10.0",
 		"axios": "^1.13.5",
-		"dompurify": "3.2.4",
+		"dompurify": "3.4.0",
 		"flatpickr": "4.6.3",
 		"immutable": "^4.0.0-rc.12",
 		"lodash": "^4.17.21",