We are using DependencyCheck to detect the use of external libraries with vulnerabilities and a few weeks ago 2 files from this project were detected by this tool when using version 3.0.6 of DOMPurify (Check artifacts attached):
We don't know how are you using DomPurify at files ~/public/redocly/redoc.standalone.js and ~/public/swagger-ui/swagger-ui-bundle.js. It would be of great help if this can be checked and upgraded this dependency to use a DOMPurify version of 3.1.3 or superior.
DjordyKoert
commented
1 day ago
Version
4.32.0
Question
We are using DependencyCheck to detect the use of external libraries with vulnerabilities and a few weeks ago 2 files from this project were detected by this tool when using version 3.0.6 of DOMPurify (Check artifacts attached):
https://github.com/advisories/GHSA-mmhx-hmjr-r674
artifact_{fee3bae6-6c40-52e0-a4e1-7e693d7c0408}.tar.gz
We don't know how are you using DomPurify at files ~/public/redocly/redoc.standalone.js and ~/public/swagger-ui/swagger-ui-bundle.js. It would be of great help if this can be checked and upgraded this dependency to use a DOMPurify version of 3.1.3 or superior.
Additional context
No response