[Snyk] Security upgrade dompurify from 3.3.0 to 3.3.2

[JJediny]

Snyk has created this PR to fix 2 vulnerabilities in the npm dependencies of this project.

Snyk changed the following file(s):

• spiffworkflow-frontend/package.json

Vulnerabilities that will be fixed with an upgrade:

	Issue	Score
	Prototype Pollution SNYK-JS-DOMPURIFY-15874903	551
	Permissive List of Allowed Inputs SNYK-JS-DOMPURIFY-15874905	551

---

Important

• Check the changes in this PR to ensure they won't cause issues with your project.
• Max score is 1000. Note that the real score may have changed since the PR was raised.
• This PR was automatically created by Snyk using the credentials of a real user.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report
📜 Customise PR templates
🛠 Adjust project settings
📚 Read about Snyk's upgrade logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Prototype Pollution

[Copilot]

Pull request overview

This Snyk-generated PR aims to remediate reported DOMPurify vulnerabilities in the frontend by upgrading the dompurify dependency version range.

Changes:

• Update dompurify dependency in the frontend package.json to ^3.3.2.

[Copilot]

package-lock.json still pins dompurify to 3.3.0 (and the root dependency entry is still ^3.2.6). With npm workflows that respect the lockfile, this PR may not actually pull in 3.3.2 and could leave the reported vulnerabilities unresolved. Please regenerate/commit the lockfile so it resolves dompurify to 3.3.2 as well.

[Copilot]

The PR metadata/title says this upgrades dompurify from 3.3.0 → 3.3.2, but package.json is changing the declared range from ^3.2.6 → ^3.3.2 (while the existing lockfile already resolves to 3.3.0). Consider updating the PR description (or commit message) to reflect the actual change to avoid confusion during review/audit.