Dompurify dependency

[StefanJonssonInExchange]

Hi, I see here that you recently updated dompurify dependency due to an aikido issue. That's great.

However, if you scan again there will be a new issue that can be found here, and it seems like you need to update again to 3.2.4 or above.

I tried to do a PR for this but I seem to be lacking permission to push my local branch.

So I have two questions.

• Can you update the package again?
• How can I know when it will be released? On NPM the last publish was 5months ago, but latest commit in master is 2weeks ago.

Thanks in advance.

[hainenber]

The next package is one major version away from the recently updated one so I guess the author will have to consider whether IE11 is still supported for their case currently. DOMPurify v3 no longer supports Microsoft Internet Explorer, according to its release.

cc @HackbrettXXX as you are the original author for this change with the original context.

[rescarabel0]

looks like there's even a vulnerability in GitHub Database (GHSA-vhxf-7vqr-mrjg) and this is actually becoming a problem, the npm audit on my automation isn't letting this pass

[HackbrettXXX]

I think dropping IE support is ok. We would have to release a new major version of jsPDF, but that's fine. We would have dropped IE support anyway some time in the future. Could someone prepare a PR? I will merge it and release the new version.

[hainenber]

Thanks for the revert! I'll set up a PR

[hainenber]

New PR just dropped with flying green colors from CI :D