From 8d3f69fe1fe4b1ebce2c22809a7f8494553df4e7 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Thu, 16 Apr 2026 04:44:41 +0000
Subject: [PATCH] :arrow_up:(deps): Bump dompurify from 3.3.2 to 3.4.0

Bumps [dompurify](https://github.com/cure53/DOMPurify) from 3.3.2 to 3.4.0.
- [Release notes](https://github.com/cure53/DOMPurify/releases)
- [Commits](https://github.com/cure53/DOMPurify/compare/3.3.2...3.4.0)

---
updated-dependencies:
- dependency-name: dompurify
  dependency-version: 3.4.0
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 package.json | 2 +-
 yarn.lock    | 8 ++++----
 2 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/package.json b/package.json
index 69477d9a..1b4aa2fd 100644
--- a/package.json
+++ b/package.json
@@ -28,7 +28,7 @@
     "ajv": "^8.10.0",
     "connect-history-api-fallback": "^1.6.0",
     "crypto-js": "^4.2.0",
-    "dompurify": "^3.0.8",
+    "dompurify": "^3.4.0",
     "express": "^4.21.0",
     "express-basic-auth": "^1.2.1",
     "frappe-charts": "^1.6.2",
diff --git a/yarn.lock b/yarn.lock
index 747df75f..bd4b1315 100644
--- a/yarn.lock
+++ b/yarn.lock
@@ -3958,10 +3958,10 @@ domhandler@^4.0.0, domhandler@^4.2.0, domhandler@^4.3.1:
   dependencies:
     domelementtype "^2.2.0"
 
-dompurify@^3.0.8:
-  version "3.3.2"
-  resolved "https://registry.yarnpkg.com/dompurify/-/dompurify-3.3.2.tgz#58c515d0f8508b8749452a028aa589ad80b36325"
-  integrity sha512-6obghkliLdmKa56xdbLOpUZ43pAR6xFy1uOrxBaIDjT+yaRuuybLjGS9eVBoSR/UPU5fq3OXClEHLJNGvbxKpQ==
+dompurify@^3.4.0:
+  version "3.4.0"
+  resolved "https://registry.yarnpkg.com/dompurify/-/dompurify-3.4.0.tgz#b1fc33ebdadb373241621e0a30e4ad81573dfd0b"
+  integrity sha512-nolgK9JcaUXMSmW+j1yaSvaEaoXYHwWyGJlkoCTghc97KgGDDSnpoU/PlEnw63Ah+TGKFOyY+X5LnxaWbCSfXg==
   optionalDependencies:
     "@types/trusted-types" "^2.0.7"