Skip to content

[Snyk] Security upgrade dompurify from 3.3.3 to 3.4.0 #6048

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
maidul98 wants to merge 1 commit into
base: main
Choose a base branch
from
+5 −5

fix: frontend/package.json & frontend/package-lock.json to reduce vul…

1e11abc
Select commit
Loading
Failed to load commit list.
Open

[Snyk] Security upgrade dompurify from 3.3.3 to 3.4.0 #6048

fix: frontend/package.json & frontend/package-lock.json to reduce vul…
1e11abc
Select commit
Loading
Failed to load commit list.
Claude / Claude Code Review completed Apr 16, 2026 in 9m 41s

Code review found 1 potential issue

Found 1 candidates, confirmed 1. See review comments for details.

Details

Severity Count
🔴 Important 0
🟡 Nit 1
🟣 Pre-existing 0
Severity File:Line Issue
🟡 Nit frontend/package.json:92 dompurify 3.4.0 may violate min-release-age=7 policy

Annotations

Check warning on line 92 in frontend/package.json

See this annotation in the file changed.

@claude claude / Claude Code Review

dompurify 3.4.0 may violate min-release-age=7 policy 

This PR bumps dompurify to 3.4.0 (published 2026-04-14), but the repo's `frontend/.npmrc` enforces `min-release-age=7`, meaning the package won't satisfy the constraint until 2026-04-21. Any developer who deletes `package-lock.json` and runs `npm install` between now and April 21 will get a resolution failure. Consider delaying merge until April 21 or pinning an older version that already satisfies the 7-day window.
View more details on Claude