dompurify version update

[jwkk1]

address known prototype pollution and XSS bypass
vulnerabilities

[aedart]

I too could really use this patch. Also, if its not too demanding, perhaps consider using peerDependencies to allow developers update nested dependencies?
In any case, a patch is really needed in this case. The vulnerabilities keep piling up for projects that "embed" dependencies. It's difficult (or sometimes impossible) to force use up-to-date dependencies that are included in the distributed files.

[ktecho]

@jwkk1 v3.3.0 now has at least 6 known vulnerabilities. Do you know of a fork or branch that is maintained with this kind of security updates?

CC: @aedart

[aedart]

@ktecho sadly I have no knowledge of any good forks. In my case, I'm lucky that the editor / viewer that I use is safeguarded by authentication, and the server-side performs a rather strict markdown cleaning. Other developers might not be that lucky... After consulting myself with some of the public available AIs, the best solution is to migrate to another markdown-editor / viewer. Mildown might be a good candidate.

Of course, if anyone has the time and skill, creating a workable and up-to-date fork of tui's editor, would be ideal to avoid introducing breaking changes. I would really be appreciated!