From 68c4f4956a66758cc3f7d5c1325bc9bb5811ac1c Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Wed, 4 Mar 2026 22:41:07 +0000
Subject: [PATCH] Bump dompurify from 3.2.6 to 3.3.1 in /client

Bumps [dompurify](https://github.com/cure53/DOMPurify) from 3.2.6 to 3.3.1.
- [Release notes](https://github.com/cure53/DOMPurify/releases)
- [Commits](https://github.com/cure53/DOMPurify/compare/3.2.6...3.3.1)

---
updated-dependencies:
- dependency-name: dompurify
  dependency-version: 3.3.1
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 client/package.json | 2 +-
 client/yarn.lock    | 8 ++++----
 2 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/client/package.json b/client/package.json
index 10a2febc..81069907 100644
--- a/client/package.json
+++ b/client/package.json
@@ -12,7 +12,7 @@
   "dependencies": {
     "@surfnet/sds": "^0.0.157",
     "@vitejs/plugin-react": "^5.1.0",
-    "dompurify": "^3.2.6",
+    "dompurify": "^3.3.1",
     "i18n-js": "^4.5.1",
     "isomorphic-dompurify": "^2.26.0",
     "js-cookie": "^3.0.5",
diff --git a/client/yarn.lock b/client/yarn.lock
index ce2c14ed..13a6beab 100644
--- a/client/yarn.lock
+++ b/client/yarn.lock
@@ -1699,10 +1699,10 @@ dom-helpers@^5.0.1:
     "@babel/runtime" "^7.8.7"
     csstype "^3.0.2"
 
-dompurify@^3.2.6:
-  version "3.2.6"
-  resolved "https://registry.yarnpkg.com/dompurify/-/dompurify-3.2.6.tgz#ca040a6ad2b88e2a92dc45f38c79f84a714a1cad"
-  integrity sha512-/2GogDQlohXPZe6D6NOgQvXLPSYBqIWMnZ8zzOhn09REE4eyAzb+Hed3jhoM9OkuaJ8P6ZGTTVWQKAi8ieIzfQ==
+dompurify@^3.2.6, dompurify@^3.3.1:
+  version "3.3.1"
+  resolved "https://registry.yarnpkg.com/dompurify/-/dompurify-3.3.1.tgz#c7e1ddebfe3301eacd6c0c12a4af284936dbbb86"
+  integrity sha512-qkdCKzLNtrgPFP1Vo+98FRzJnBRGe4ffyCea9IwHB1fyxPOeNTHpLKYGd4Uk9xvNoH0ZoOjwZxNptyMwqrId1Q==
   optionalDependencies:
     "@types/trusted-types" "^2.0.7"