fix: resolve DOMPurify XSS vulnerabilities (GHSA-v8jm-5vwx-cfxm, GHSA-v2wj-7wpq-c8vv)

Add yarn resolution to pin dompurify>=3.3.2, fixing transitive dependency from swagger-ui-react that was stuck at 3.2.6. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-03-21 18:58:03 +00:00 · 2026-03-17 18:03:09 +00:00
parent cfc28cf3a0
commit e44556d100
2 changed files with 660 additions and 67 deletions
--- a/frontend/package.json
+++ b/frontend/package.json
@@ -94,6 +94,9 @@
    "*.{js,jsx,ts,tsx}": "npm run lint:fix",
    "*.{js,jsx,ts,tsx,json,css,md,mdx}": "npm run prettier:fix"
  },
+  "resolutions": {
+    "dompurify": "^3.3.2"
+  },
  "keywords": [],
  "author": "",
  "license": "Apache-2.0"
--- a/frontend/yarn.lock
+++ b/frontend/yarn.lock