[Snyk] Security upgrade dompurify from 3.3.0 to 3.4.0

[JJediny]

Snyk has created this PR to fix 1 vulnerabilities in the npm dependencies of this project.

Snyk changed the following file(s):

• spiffworkflow-frontend/package.json

Vulnerabilities that will be fixed with an upgrade:

	Issue	Score
	Operator Precedence Logic Error SNYK-JS-DOMPURIFY-16078387	601

---

Important

• Check the changes in this PR to ensure they won't cause issues with your project.
• Max score is 1000. Note that the real score may have changed since the PR was raised.
• This PR was automatically created by Snyk using the credentials of a real user.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report
📜 Customise PR templates
🛠 Adjust project settings
📚 Read about Snyk's upgrade logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Learn about vulnerability in an interactive lesson of Snyk Learn.

[Copilot]

Pull request overview

Updates the frontend dependency dompurify to address a Snyk-reported vulnerability in the React/Vite app.

Changes:

• Bumps dompurify version spec in spiffworkflow-frontend/package.json to ^3.4.0.

[Copilot]

package-lock.json is present in this repo and still pins dompurify to ^3.2.6. Updating only package.json can leave CI/builds using the old resolved version; please run npm install (or npm update dompurify) and commit the resulting package-lock.json changes so the upgrade actually takes effect.

[Copilot]

PR title/description says dompurify is being upgraded from 3.3.0, but this file shows it was ^3.2.6 before the change. Please align the PR metadata/title with the actual previous version (or confirm the correct baseline) to avoid confusion during review and auditing.