[Snyk] Upgrade dompurify from 3.1.0 to 3.1.1

[heather-formio]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to upgrade dompurify from 3.1.0 to 3.1.1.

:information_source: Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

---

- The recommended version is **1 version** ahead of your current version. - The recommended version was released **21 days ago**, on 2024-04-26.

Release notes

Package name: dompurify

• 3.1.1 - 2024-04-26
  
  • Fixed an mXSS sanitiser bypass reported by @ icesfont
  • Added new code to track element nesting depth
  • Added new code to enforce a maximum nesting depth of 255
  • Added coverage tests and necessary clobbering protections

  Note that this is a security release and should be upgraded to immediately. Please also note that further releases may follow as the underlying vulnerability is apparently new and further variations may be discovered.

• 3.1.0 - 2024-04-07
  
  • Added new setting SAFE_FOR_XML to enable better control over comment scrubbing
  • Updated README to warn about happy-dom not being safe for use with DOMPurify yet
  • Updated the LICENSE file to show the accurate year number
  • Updated several build and test dependencies

from dompurify GitHub release notes

Commit messages

Package name: dompurify

• 7bbd12b chore: Preparing 3.1.1 release
• 87eff29 Merge branch 'main' of github.com:cure53/DOMPurify
• 809a902 fix: Set the MAX_NESTING_DEPTH to 255 for good measure and adjusted tests
• c0d418c Merge pull request #942 from kyselberg/main
• 2a554b4 docs: additional info in example
• 6e240ec docs: correct hook name and remove misleading comment
• ef4bbb4 chore: Re-generated dist versions
• 1f494b9 Merge pull request #941 from icesfont/fix/deep-nesting-mxss
• 813d065 fix: added __removalCount to account for nodes removed from parents when calculating depth
• 6dbc2bd fix: Fixed a faulty edit and changed the code acccordingly
• 65d35b8 fix: Added experimental __depth increment for copied elements
• 4299c0a fix: Added __depth tracking for ShadowDOM and template elements as well
• 81d963c fix: Slightly changed the execution order for __depth tracking
• ce799c3 fix: Added __depth field to sanitized DOM nodes for better tracking
• f051738 fix: Fixed an off-by-one with the nesting counter causing over-sanitization
• c725ce0 fix: Changed the behavior of the nesting counter ever so slightly
• c5369f2 fix: Addressed a possible bypass issue caused by deep-nesting
• 632f122 see #939

Compare

---

**Note:** _You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs._ For more information: 🧐 [View latest project report](https://app.snyk.io/org/heather-jrc/project/744bedfc-61f3-43e0-b360-803f18578069?utm_source=github&utm_medium=referral&page=upgrade-pr) 🛠 [Adjust upgrade PR settings](https://app.snyk.io/org/heather-jrc/project/744bedfc-61f3-43e0-b360-803f18578069/settings/integration?utm_source=github&utm_medium=referral&page=upgrade-pr) 🔕 [Ignore this dependency or unsubscribe from future upgrade PRs](https://app.snyk.io/org/heather-jrc/project/744bedfc-61f3-43e0-b360-803f18578069/settings/integration?pkg=dompurify&utm_source=github&utm_medium=referral&page=upgrade-pr#auto-dep-upgrades) **Note:** _This is a default PR template raised by Snyk. Find out more about how you can customise Snyk PRs in our [documentation.](https://docs.snyk.io/scan-using-snyk/snyk-open-source/automatic-and-manual-prs-with-snyk-open-source/customize-pr-templates-closed-beta)_