fix: bump dompurify and tar for security fixes

[QuantumExplorer]

Issue being fixed or feature implemented

Fixes npm audit security vulnerabilities:

• GHSA-v8jm-5vwx-cfxm (moderate): DOMPurify XSS vulnerability in versions >=3.1.3 <3.2.7
• GHSA-qffp-2rhf-9h96 (high): tar hardlink path traversal in versions <=7.5.9
• GHSA-v2wj-7wpq-c8vv: DOMPurify vulnerability in versions <=3.3.1

What was done?

• Bumped dompurify from ^3.2.6 to ^3.3.2 in root package.json (resolves all dompurify advisories)
• Bumped tar from 7.5.9 to 7.5.10 in root package.json (resolutions) and packages/dashmate/package.json

How has this been tested?

• yarn install completes successfully
• yarn npm audit --all returns no advisories

Breaking changes

None. These are patch/minor-level dependency bumps.

Checklist

• I have performed a self-review of my own code
• I have commented my code, particularly in hard-to-understand areas
• I have added or updated relevant unit/integration/functional/e2e tests
• I have made corresponding changes to the documentation

🤖 Generated with Claude Code

Summary by CodeRabbit

• Chores
  • Updated tar package to version 7.5.10
  • Updated dompurify to version 3.3.2

[coderabbitai]

Caution

Review failed

The pull request is closed.

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: e65b0b40-cbc8-4572-8611-6d4373adb8d4

📥 Commits

Reviewing files that changed from the base of the PR and between 44dbf4d and 9aed29f.

⛔ Files ignored due to path filters (4)

• .yarn/cache/dompurify-npm-3.2.6-8d2a7542b7-b91631ed0e.zip is excluded by !**/.yarn/**, !**/*.zip
• .yarn/cache/dompurify-npm-3.3.2-7ead7ae3aa-3ca0255967.zip is excluded by !**/.yarn/**, !**/*.zip
• .yarn/cache/tar-npm-7.5.10-83147ff192-98ba6421a2.zip is excluded by !**/.yarn/**, !**/*.zip
• yarn.lock is excluded by !**/yarn.lock, !**/*.lock

📒 Files selected for processing (3)

• .pnp.cjs
• package.json
• packages/dashmate/package.json

---

📝 Walkthrough

Walkthrough

Dependency version updates across multiple configuration and package files. The tar package is bumped from 7.5.9 to 7.5.10 in three locations, and dompurify is updated from ^3.2.6 to ^3.3.2 in the root package configuration.

Changes

Cohort / File(s)	Summary
Root Package Configuration package.json	Bumps tar resolution from 7.5.9 to 7.5.10 and updates dompurify dependency from ^3.2.6 to ^3.3.2.
Dashmate Package packages/dashmate/package.json	Updates tar dependency from 7.5.9 to 7.5.10.
Generated PnP Module .pnp.cjs	Replaces all tar package version references from "npm:7.5.9" to "npm:7.5.10" in module imports and static definitions.

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~3 minutes

Poem

🐰 Hop along, dear packages new,
Tar springs forth in 7-5-10 hue,
DomPurify gleams in triple-three,
Dependencies dance in harmony! 🎉
The code stays pure, the versions bright,
Our warren's tools: forever right!

✨ Finishing Touches

• 📝 Generate docstrings (stacked PR)
• 📝 Generate docstrings (commit on current branch)

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch fix/security-dompurify-tar

Tip

Try Coding Plans. Let us write the prompt for your AI agent so you can ship faster (with fewer bugs).
Share your feedback on Discord.

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[thepastaclaw]

@coderabbitai review

[coderabbitai]

✅ Actions performed

Review triggered.

Note: CodeRabbit is an incremental review system and does not re-review already reviewed commits. This command is applicable only when automatic reviews are paused.