From d0183548cb7f0c3dd19c88364b52fa32bb96ce8a Mon Sep 17 00:00:00 2001
From: snyk-bot <snyk-bot@snyk.io>
Date: Wed, 18 Sep 2024 09:56:43 +0000
Subject: [PATCH] fix: package.json & package-lock.json to reduce
 vulnerabilities

The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-DOMPURIFY-7984421
- https://snyk.io/vuln/SNYK-JS-DOMPURIFY-6474511
---
 package-lock.json | 45 +++++++++++++++++++++++++--------------------
 package.json      |  4 ++--
 2 files changed, 27 insertions(+), 22 deletions(-)

diff --git a/package-lock.json b/package-lock.json
index ffc4d7f274b..9b422fbb536 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -29,7 +29,7 @@
         "datatables.net-jqui": "1.13.6",
         "datatables.net-scroller": "2.2.0",
         "datatables.net-scroller-jqui": "2.2.0",
-        "dompurify": "3.0.8",
+        "dompurify": "^3.1.3",
         "dropzone": "5.9.3",
         "dwv": "0.27.1",
         "flot": "4.2.6",
@@ -41,7 +41,7 @@
         "jquery": "3.7.1",
         "jquery-datetimepicker": "2.5.21",
         "jquery-validation": "1.19.5",
-        "jspdf": "2.5.1",
+        "jspdf": "^2.5.2",
         "jszip": "3.10.1",
         "knockout": "3.5.1",
         "konva": "9.2.1",
@@ -675,9 +675,10 @@
       }
     },
     "node_modules/@babel/runtime": {
-      "version": "7.22.15",
-      "resolved": "https://registry.npmjs.org/@babel/runtime/-/runtime-7.22.15.tgz",
-      "integrity": "sha512-T0O+aa+4w0u06iNmapipJXMV4HoUir03hpx3/YqXXhu9xim3w+dVphjFWl1OH8NbZHw5Lbm9k45drDkgq2VNNA==",
+      "version": "7.25.6",
+      "resolved": "https://registry.npmjs.org/@babel/runtime/-/runtime-7.25.6.tgz",
+      "integrity": "sha512-VBj9MYyDb9tuLq7yzqjgzt6Q+IBQLrGZfdjOekyEirZPHxXWoTSGUTMrpsfi58Up73d13NfYLv8HT9vmznjzhQ==",
+      "license": "MIT",
       "dependencies": {
         "regenerator-runtime": "^0.14.0"
       },
@@ -4404,9 +4405,10 @@
       }
     },
     "node_modules/dompurify": {
-      "version": "3.0.8",
-      "resolved": "https://registry.npmjs.org/dompurify/-/dompurify-3.0.8.tgz",
-      "integrity": "sha512-b7uwreMYL2eZhrSCRC4ahLTeZcPZxSmYfmcQGXGkXiZSNW1X85v+SDM5KsWcpivIiUBH47Ji7NtyUdpLeF5JZQ=="
+      "version": "3.1.3",
+      "resolved": "https://registry.npmjs.org/dompurify/-/dompurify-3.1.3.tgz",
+      "integrity": "sha512-5sOWYSNPaxz6o2MUPvtyxTTqR4D3L77pr5rUQoWgD5ROQtVIZQgJkXbo1DLlK3vj11YGw5+LnF4SYti4gZmwng==",
+      "license": "(MPL-2.0 OR Apache-2.0)"
     },
     "node_modules/download": {
       "version": "6.2.5",
@@ -5470,9 +5472,10 @@
       }
     },
     "node_modules/fflate": {
-      "version": "0.4.8",
-      "resolved": "https://registry.npmjs.org/fflate/-/fflate-0.4.8.tgz",
-      "integrity": "sha512-FJqqoDBR00Mdj9ppamLa/Y7vxm+PRmNWA67N846RvsoYVMKB4q3y/de5PA7gUmRMYK/8CMz2GDZQmCRN1wBcWA=="
+      "version": "0.8.2",
+      "resolved": "https://registry.npmjs.org/fflate/-/fflate-0.8.2.tgz",
+      "integrity": "sha512-cPJU47OaAoCbg0pBvzsgpTPhmhqI5eJjh/JIu8tPj5q+T7iLvW/JAYUqmE7KOB4R1ZyEhzBaIQpQpardBF5z8A==",
+      "license": "MIT"
     },
     "node_modules/file-entry-cache": {
       "version": "6.0.1",
@@ -9021,26 +9024,28 @@
       }
     },
     "node_modules/jspdf": {
-      "version": "2.5.1",
-      "resolved": "https://registry.npmjs.org/jspdf/-/jspdf-2.5.1.tgz",
-      "integrity": "sha512-hXObxz7ZqoyhxET78+XR34Xu2qFGrJJ2I2bE5w4SM8eFaFEkW2xcGRVUss360fYelwRSid/jT078kbNvmoW0QA==",
+      "version": "2.5.2",
+      "resolved": "https://registry.npmjs.org/jspdf/-/jspdf-2.5.2.tgz",
+      "integrity": "sha512-myeX9c+p7znDWPk0eTrujCzNjT+CXdXyk7YmJq5nD5V7uLLKmSXnlQ/Jn/kuo3X09Op70Apm0rQSnFWyGK8uEQ==",
+      "license": "MIT",
       "dependencies": {
-        "@babel/runtime": "^7.14.0",
+        "@babel/runtime": "^7.23.2",
         "atob": "^2.1.2",
         "btoa": "^1.2.1",
-        "fflate": "^0.4.8"
+        "fflate": "^0.8.1"
       },
       "optionalDependencies": {
         "canvg": "^3.0.6",
         "core-js": "^3.6.0",
-        "dompurify": "^2.2.0",
+        "dompurify": "^2.5.4",
         "html2canvas": "^1.0.0-rc.5"
       }
     },
     "node_modules/jspdf/node_modules/dompurify": {
-      "version": "2.4.7",
-      "resolved": "https://registry.npmjs.org/dompurify/-/dompurify-2.4.7.tgz",
-      "integrity": "sha512-kxxKlPEDa6Nc5WJi+qRgPbOAbgTpSULL+vI3NUXsZMlkJxTqYI9wg5ZTay2sFrdZRWHPWNi+EdAhcJf81WtoMQ==",
+      "version": "2.5.6",
+      "resolved": "https://registry.npmjs.org/dompurify/-/dompurify-2.5.6.tgz",
+      "integrity": "sha512-zUTaUBO8pY4+iJMPE1B9XlO2tXVYIcEA4SNGtvDELzTSCQO7RzH+j7S180BmhmJId78lqGU2z19vgVx2Sxs/PQ==",
+      "license": "(MPL-2.0 OR Apache-2.0)",
       "optional": true
     },
     "node_modules/jszip": {
diff --git a/package.json b/package.json
index 778119a3bc2..6e76abbd9dd 100644
--- a/package.json
+++ b/package.json
@@ -86,7 +86,7 @@
     "datatables.net-jqui": "1.13.6",
     "datatables.net-scroller": "2.2.0",
     "datatables.net-scroller-jqui": "2.2.0",
-    "dompurify": "3.0.8",
+    "dompurify": "3.1.3",
     "dropzone": "5.9.3",
     "dwv": "0.27.1",
     "flot": "4.2.6",
@@ -98,7 +98,7 @@
     "jquery": "3.7.1",
     "jquery-datetimepicker": "2.5.21",
     "jquery-validation": "1.19.5",
-    "jspdf": "2.5.1",
+    "jspdf": "2.5.2",
     "jszip": "3.10.1",
     "knockout": "3.5.1",
     "konva": "9.2.1",