[Snyk] Upgrade dompurify from 2.2.7 to 2.5.3

This PR was automatically created by Snyk using the credentials of a real user.

![snyk-top-banner](https://github.com/andygongea/OWASP-Benchmark/assets/818805/c518c423-16fe-447e-b67f-ad5a49b5d123)

Snyk has created this PR to upgrade dompurify from 2.2.7 to 2.5.3.

:information_source: Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

- The recommended version is **29 versions** ahead of your current version. - The recommended version was released on **22 days ago**. #### Issues fixed by the recommended upgrade: | | Issue | Score | Exploit Maturity | :-------------------------:|:-------------------------|:-------------------------|:------------------------- ![medium severity](https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/m.png 'medium severity') | Template Injection
[SNYK-JS-DOMPURIFY-6474511](https://snyk.io/vuln/SNYK-JS-DOMPURIFY-6474511) | **586** | Proof of Concept

Release notes

Package name: dompurify

2.5.3 - 2024-05-11
- Fixed several mXSS variations found by and thanks to @ kevin-mizu & @ Ry0taK
- Added better configurability for comment scrubbing default behavior
- Added better hardening against Prototype Pollution attacks, thanks @ kevin-mizu
- Fixed some smaller issues in README and other documentation
2.5.2 - 2024-04-30
- Addressed and fixed a mXSS variation found by @ kevin-mizu
- Addressed and fixed a mXSS variation found by Adam Kues of Assetnote
- Updated tests for older Safari and Chrome versions
2.5.1 - 2024-04-26
- Fixed an mXSS sanitizer bypass reported by @ icesfont
- Added new code to track element nesting depth
- Added new code to enforce a maximum nesting depth of 255
- Added coverage tests and necessary clobbering protections
Note that this is a security release and should be upgraded to immediately. Please also note that further releases may follow as the underlying vulnerability is apparently new and further variations may be discovered.
2.5.0 - 2024-04-07
2.4.9 - 2024-03-21
2.4.8 - 2024-03-19
2.4.7 - 2023-07-11
2.4.6 - 2023-07-10
2.4.5 - 2023-03-01
2.4.4 - 2023-02-13
2.4.3 - 2023-01-06
2.4.2 - 2023-01-05
2.4.1 - 2022-11-10
2.4.0 - 2022-08-24
2.3.12 - 2022-08-23
2.3.11 - 2022-08-23
2.3.10 - 2022-07-18
2.3.9 - 2022-07-11
2.3.8 - 2022-05-13
2.3.7 - 2022-05-11
2.3.6 - 2022-02-16
2.3.5 - 2022-01-26
2.3.4 - 2021-12-07
2.3.3 - 2021-09-20
2.3.2 - 2021-09-15
2.3.1 - 2021-08-13
2.3.0 - 2021-07-06
2.2.9 - 2021-06-01
2.2.8 - 2021-04-28
2.2.7 - 2021-03-12

from dompurify GitHub release notes

--- > [!IMPORTANT] > > - Check the changes in this PR to ensure they won't cause issues with your project. > - This PR was automatically created by Snyk using the credentials of a real user. > - Max score is 1000. Note that the real score may have changed since the PR was raised. --- **Note:** _You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs._ **For more information:** > - 🧐 [View latest project report](https://app.snyk.io/org/fecgov/project/2a97cddb-4b62-4d54-b18f-3b85d55a5e10?utm_source=github&utm_medium=referral&page=upgrade-pr) > - 📜 [Customise PR templates](https://docs.snyk.io/scan-using-snyk/pull-requests/snyk-fix-pull-or-merge-requests/customize-pr-templates) > - 🛠 [Adjust upgrade PR settings](https://app.snyk.io/org/fecgov/project/2a97cddb-4b62-4d54-b18f-3b85d55a5e10/settings/integration?utm_source=github&utm_medium=referral&page=upgrade-pr) > - 🔕 [Ignore this dependency or unsubscribe from future upgrade PRs](https://app.snyk.io/org/fecgov/project/2a97cddb-4b62-4d54-b18f-3b85d55a5e10/settings/integration?pkg=dompurify&utm_source=github&utm_medium=referral&page=upgrade-pr#auto-dep-upgrades)

fecgov / fec-cms

[Snyk] Upgrade dompurify from 2.2.7 to 2.5.3 #6314

Snyk has created this PR to upgrade dompurify from 2.2.7 to 2.5.3.

Codecov Report