fix: DOMPurify contains a cross-site scripting vulnerability (#18665)

Resolves [Dependabot Alert 597](https://github.com/twentyhq/twenty/security/dependabot/597), [Dependabot Alert 598](https://github.com/twentyhq/twenty/security/dependabot/598), [Dependabot Alert 599](https://github.com/twentyhq/twenty/security/dependabot/599) and [Dependabot Alert 600](https://github.com/twentyhq/twenty/security/dependabot/600).
2026-04-21 13:37:22 +00:00 · 2026-03-16 13:49:03 +05:00 · 2026-03-16 13:49:03 +05:00 · 2c2f66b584
commit 2c2f66b584
parent 95a35f8a1d
2 changed files with 6 additions and 6 deletions
--- a/packages/twenty-server/package.json
+++ b/packages/twenty-server/package.json
@ -103,7 +103,7 @@
    "dataloader": "2.2.2",
    "date-fns": "2.30.0",
    "deep-equal": "2.2.3",
-    "dompurify": "3.2.6",
+    "dompurify": "3.3.3",
    "dotenv": "16.4.5",
    "express": "4.22.1",
    "express-session": "^1.18.2",
--- a/yarn.lock
+++ b/yarn.lock
@ -34002,15 +34002,15 @@ __metadata:
  languageName: node
  linkType: hard

-"dompurify@npm:3.2.6":
-  version: 3.2.6
-  resolution: "dompurify@npm:3.2.6"
+"dompurify@npm:3.3.3":
+  version: 3.3.3
+  resolution: "dompurify@npm:3.3.3"
  dependencies:
    "@types/trusted-types": "npm:^2.0.7"
  dependenciesMeta:
    "@types/trusted-types":
      optional: true
-  checksum: 10c0/c8f8e5b0879a0d93c84a2e5e78649a47d0c057ed0f7850ca3d573d2cca64b84fb1ff85bd4b20980ade69c4e5b80ae73011340f1c2ff375c7ef98bb8268e1d13a
+  checksum: 10c0/097c14a21a3f6cb95beded9ecd255f7c3512c42767b048390c747b0fe35736f6a71e02320fc50a9ac2be645834b463e4760915d595d502a56452daf339d0ea9c
  languageName: node
  linkType: hard

@ -56717,7 +56717,7 @@ __metadata:
    dataloader: "npm:2.2.2"
    date-fns: "npm:2.30.0"
    deep-equal: "npm:2.2.3"
-    dompurify: "npm:3.2.6"
+    dompurify: "npm:3.3.3"
    dotenv: "npm:16.4.5"
    express: "npm:4.22.1"
    express-session: "npm:^1.18.2"