Upgrading dompurify package in QuickLayout Docs

Andrei Banshchikov · meta-codesync[bot] · commit dee401cdf5e6 · 2026-04-28T02:24:04.000-07:00
Summary: Received an alert on a vulnerability in dompurify package, upgraded direct dep from 3.4.0 to 3.4.1 and added a `resolutions` pin to also force the transitive dompurify@^3.3.1 (resolved to 3.3.3) up to 3.4.1. Mirrors D101617088 approach (yarn `resolutions`).

Differential Revision: D102589444

fbshipit-source-id: d5f20a572faf9d62cb6e303f900fd474620c83ce
diff --git a/Sources/QuickLayout/docs/package.json b/Sources/QuickLayout/docs/package.json
@@ -23,7 +23,7 @@
     "classnames": "^2.5.1",
     "clsx": "^2.0.0",
     "docusaurus-plugin-internaldocs-fb": "1.19.2",
-    "dompurify": "3.4.0",
+    "dompurify": "3.4.1",
     "js-yaml": "^4.1.1",
     "loader-utils": "3.3.1",
     "prism-react-renderer": "^2.3.0",
@@ -53,6 +53,7 @@
   },
   "resolutions": {
     "brace-expansion": "1.1.13",
+    "dompurify": "3.4.1",
     "express/path-to-regexp": "0.1.13",
     "lodash": "4.18.1",
     "picomatch": "2.3.2"
diff --git a/Sources/QuickLayout/docs/yarn.lock b/Sources/QuickLayout/docs/yarn.lock
@@ -5205,17 +5205,10 @@ domhandler@^5.0.2, domhandler@^5.0.3:
   dependencies:
     domelementtype "^2.3.0"
 
-dompurify@3.4.0:
-  version "3.4.0"
-  resolved "https://registry.yarnpkg.com/dompurify/-/dompurify-3.4.0.tgz#b1fc33ebdadb373241621e0a30e4ad81573dfd0b"
-  integrity sha512-nolgK9JcaUXMSmW+j1yaSvaEaoXYHwWyGJlkoCTghc97KgGDDSnpoU/PlEnw63Ah+TGKFOyY+X5LnxaWbCSfXg==
-  optionalDependencies:
-    "@types/trusted-types" "^2.0.7"
-
-dompurify@^3.3.1:
-  version "3.3.3"
-  resolved "https://registry.yarnpkg.com/dompurify/-/dompurify-3.3.3.tgz#680cae8af3e61320ddf3666a3bc843f7b291b2b6"
-  integrity sha512-Oj6pzI2+RqBfFG+qOaOLbFXLQ90ARpcGG6UePL82bJLtdsa6CYJD7nmiU8MW9nQNOtCHV3lZ/Bzq1X0QYbBZCA==
+dompurify@3.4.1, dompurify@^3.3.1:
+  version "3.4.1"
+  resolved "https://registry.yarnpkg.com/dompurify/-/dompurify-3.4.1.tgz#521d04483ac12631b2aedf434a5f5390933b8789"
+  integrity sha512-JahakDAIg1gyOm7dlgWSDjV4n7Ip2PKR55NIT6jrMfIgLFgWo81vdr1/QGqWtFNRqXP9UV71oVePtjqS2ebnPw==
   optionalDependencies:
     "@types/trusted-types" "^2.0.7"
 
@@ -8932,7 +8925,7 @@ path-root@^0.1.1:
   dependencies:
     path-root-regex "^0.1.0"
 
-path-to-regexp@0.1.13, path-to-regexp@~0.1.12:
+path-to-regexp@0.1.13:
   version "0.1.13"
   resolved "https://registry.yarnpkg.com/path-to-regexp/-/path-to-regexp-0.1.13.tgz#9b22ec16bc3ab88d05a0c7e369869421401ab17d"
   integrity sha512-A/AGNMFN3c8bOlvV9RreMdrv7jsmF9XIfDeCd87+I8RNg6s78BhJxMu69NEMHBSJFxKidViTEdruRwEk/WIKqA==
@@ -8949,6 +8942,11 @@ path-to-regexp@^1.7.0:
   dependencies:
     isarray "0.0.1"
 
+path-to-regexp@~0.1.12:
+  version "0.1.12"
+  resolved "https://registry.yarnpkg.com/path-to-regexp/-/path-to-regexp-0.1.12.tgz#d5e1a12e478a976d432ef3c58d534b9923164bb7"
+  integrity sha512-RA1GjUVMnvYFxuqovrEqZoxxW5NUZqbwKtYz/Tt7nXerk0LbLblQmrsgdeOxV5SFHf0UDggjS/bSeOZwt1pmEQ==
+
 path-type@^4.0.0:
   version "4.0.0"
   resolved "https://registry.yarnpkg.com/path-type/-/path-type-4.0.0.tgz#84ed01c0a7ba380afe09d90a8c180dcd9d03043b"
