[Snyk] Upgrade dompurify from 3.3.0 to 3.3.1

[rasulkireev]

Snyk has created this PR to upgrade dompurify from 3.3.0 to 3.3.1.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

---

• The recommended version is 1 version ahead of your current version.

• The recommended version was released a month ago.

Release notes

Package name: dompurify

• 3.3.1 - 2025-12-08
  
  • Updated ADD_FORBID_CONTENTS setting to extend default list, thanks @ MariusRumpf
  • Updated the ESM import syntax to be more correct, thanks @ binhpv
• 3.3.0 - 2025-10-13
  
  • Added the SVG mask-type attribute to default allow-list, thanks @ prasadrajandran
  • Added support for ADD_ATTR and ADD_TAGS to accept functions, thanks @ nelstrom
  • Fixed an issue with the slot element being in both SVG and HTML allow-list, thanks @ Wim-Valgaeren

from dompurify GitHub release notes

---

Important

• Check the changes in this PR to ensure they won't cause issues with your project.
• This PR was automatically created by Snyk using the credentials of a real user.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

• 🧐 View latest project report
• 📜 Customise PR templates
• 🛠 Adjust upgrade PR settings
• 🔕 Ignore this dependency or unsubscribe from future upgrade PRs

[coderabbitai]

Important

Review skipped

Ignore keyword(s) in the title.

Please check the settings in the CodeRabbit UI or the .coderabbit.yaml file in this repository. To trigger a single review, invoke the @coderabbitai review command.

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[greptile-apps]

Greptile Summary

This PR upgrades the dompurify dependency from version 3.3.0 to 3.3.1, a minor patch release.

Key Changes:

• Updated package.json from ^3.2.6 to ^3.3.1, aligning it with the actual locked version
• Updated package-lock.json from 3.3.0 to 3.3.1
• Added license metadata field (MPL-2.0 OR Apache-2.0) to the lock file

Usage Context:
DOMPurify is used in frontend/src/controllers/copy_html_controller.js to sanitize HTML generated from Markdown before copying to clipboard, protecting against XSS attacks.

Changes in 3.3.1:

• ADD_FORBID_CONTENTS setting now extends the default list instead of replacing it
• ESM import syntax improvements

These are non-breaking changes that should not affect the simple DOMPurify.sanitize() usage in the codebase.

Confidence Score: 5/5

• This PR is safe to merge with no risk - it's a standard patch version upgrade with no breaking changes
• This is a straightforward dependency patch upgrade (3.3.0→3.3.1) with no breaking changes. The changes are limited to bug fixes and improvements that don't affect the API. DOMPurify is used in a simple, standard way in the codebase that won't be impacted by these updates
• No files require special attention

Important Files Changed

Filename	Overview
package.json	Updated dompurify version from ^3.2.6 to ^3.3.1, bringing package.json in sync with the lock file
package-lock.json	Updated dompurify from 3.3.0 to 3.3.1, added license field to package metadata

Sequence Diagram

sequenceDiagram
    participant Snyk
    participant PackageJson as package.json
    participant PackageLock as package-lock.json
    participant NPM as npm registry
    
    Snyk->>PackageJson: Update dompurify version<br/>^3.2.6 → ^3.3.1
    Snyk->>PackageLock: Update resolved version<br/>3.3.0 → 3.3.1
    PackageLock->>NPM: Fetch [email protected]
    NPM-->>PackageLock: Return package metadata<br/>(includes license field)
    Note over PackageJson,PackageLock: Version sync achieved

Loading

[greptile-apps]

Greptile's behavior is changing!

From now on, if a review finishes with no comments, we will not post an additional "statistics" comment to confirm that our review found nothing to comment on. However, you can confirm that we reviewed your changes in the status check section.

_{This feature can be toggled off in your Code Review Settings by deselecting "Create a status check for each PR".}