Skip to content

fix(security): bump dompurify from ^3.4.0 to ^3.4.1#588

Merged
hitesh-shetty-cstk merged 1 commit intodevelop_v4from
fix/VB-1385-bump-dompurify
Apr 29, 2026
Merged

fix(security): bump dompurify from ^3.4.0 to ^3.4.1#588
hitesh-shetty-cstk merged 1 commit intodevelop_v4from
fix/VB-1385-bump-dompurify

Conversation

@hitesh-shetty-cstk
Copy link
Copy Markdown

@hitesh-shetty-cstk hitesh-shetty-cstk commented Apr 28, 2026
edited by atlassian Bot
Loading

Title

fix(security): bump dompurify from ^3.4.0 to ^3.4.1

Description

Bumps dompurify to ^3.4.1 to fix three Snyk vulnerabilities:

  • SNYK-JS-DOMPURIFY-16078387 — Operator Precedence Logic Error (medium) — VB-1385
  • SNYK-JS-DOMPURIFY-16132234 — Cross-site Scripting XSS (medium) — VB-1413
  • SNYK-JS-DOMPURIFY-16131135 — Cross-site Scripting XSS (low) — VB-1414

Ticket: VB-1385

Type of Change

  • Bugfix

Testing

Unit Tests

Dependency version bump only — no functional changes. Existing test suite covers dompurify usage.

End-to-End Tests

N/A

Checklist for Contributors

  • Code is well-documented.
  • Install the dependency and run build locally.
  • All tests pass.
  • Changes have been tested locally.
  • Commit messages are clear, descriptive, and follow our commit format.

Additional Notes

VB-1344 (lodash-es) and VB-1412 (uuid) remain blocked — both are already at the latest published versions with no upstream fix available yet.

@hitesh-shetty-cstk @claude
fix(security): bump dompurify from ^3.4.0 to ^3.4.1
0e6f02f 
Fixes:
- SNYK-JS-DOMPURIFY-16078387 (Operator Precedence Logic Error) — VB-1385
- SNYK-JS-DOMPURIFY-16132234 (Cross-site Scripting) — VB-1413
- SNYK-JS-DOMPURIFY-16131135 (Cross-site Scripting) — VB-1414

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
@hitesh-shetty-cstk hitesh-shetty-cstk requested review from a team as code owners April 28, 2026 11:46
@github-actions
Copy link
Copy Markdown

github-actions Bot commented Apr 28, 2026

🔒 Security Scan Results

ℹ️ Note: Only vulnerabilities with available fixes (upgrades or patches) are counted toward thresholds.

Check Type Count (with fixes) Without fixes Threshold Result
🔴 Critical Severity 0 0 10 ✅ Passed
🟠 High Severity 0 0 25 ✅ Passed
🟡 Medium Severity 0 0 500 ✅ Passed
🔵 Low Severity 0 0 1000 ✅ Passed

⏱️ SLA Breach Summary

✅ No SLA breaches detected. All vulnerabilities are within acceptable time thresholds.

Severity Breaches (with fixes) Breaches (no fixes) SLA Threshold (with/no fixes) Status
🔴 Critical 0 0 15 / 30 days ✅ Passed
🟠 High 0 0 30 / 120 days ✅ Passed
🟡 Medium 0 0 90 / 365 days ✅ Passed
🔵 Low 0 0 180 / 365 days ✅ Passed

✅ BUILD PASSED - All security checks passed

@github-actions
Copy link
Copy Markdown

github-actions Bot commented Apr 28, 2026

Coverage Report

Status Category Percentage Covered / Total
🔵 Lines 63.58% 2319 / 3647
🔵 Statements 62.47% 2354 / 3768
🔵 Functions 61.28% 421 / 687
🔵 Branches 57.04% 1349 / 2365
File CoverageNo changed files found.
Generated in workflow #800 for commit 0e6f02f by the Vitest Coverage Report Action

karancs06
karancs06 approved these changes Apr 28, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

@karancs06 karancs06 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@hitesh-shetty-cstk hitesh-shetty-cstk merged commit 4b86713 into develop_v4 Apr 29, 2026
9 checks passed
@hitesh-shetty-cstk hitesh-shetty-cstk deleted the fix/VB-1385-bump-dompurify branch April 29, 2026 09:29
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@karancs06 karancs06 karancs06 approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@hitesh-shetty-cstk @karancs06