From 9aaa242c735ca1b9b4fbf637192beb92ad5a719f Mon Sep 17 00:00:00 2001
From: Jimmy Conner <jconner@ciq.com>
Date: Thu, 5 Mar 2026 10:37:48 -0600
Subject: [PATCH] Upgrade dompurify to resolve CVE-2026-0540

---
 awx/ui/package-lock.json | 21 +++++++--------------
 awx/ui/package.json      |  2 +-
 2 files changed, 8 insertions(+), 15 deletions(-)

diff --git a/awx/ui/package-lock.json b/awx/ui/package-lock.json
index 0b42bffa..0fb5a64b 100644
--- a/awx/ui/package-lock.json
+++ b/awx/ui/package-lock.json
@@ -17,7 +17,7 @@
         "cheerio": "1.0.0-rc.12",
         "d3": "7.9.0",
         "dagre": "^0.8.5",
-        "dompurify": "3.3.1",
+        "dompurify": "^3.3.2",
         "formik": "2.4.6",
         "has-ansi": "5.0.1",
         "html-entities": "2.6.0",
@@ -5996,16 +5996,6 @@
         "@testing-library/dom": ">=7.21.4"
       }
     },
-    "node_modules/@trysound/sax": {
-      "version": "0.2.0",
-      "resolved": "https://registry.npmjs.org/@trysound/sax/-/sax-0.2.0.tgz",
-      "integrity": "sha512-L7z9BgrNEcYyUYtF+HaEfiS5ebkh9jXqbszz7pC0hRBPaatV0XjSD3+eHrpqFemQfgwiFF0QPIarnIihIDn7OA==",
-      "dev": true,
-      "license": "ISC",
-      "engines": {
-        "node": ">=10.13.0"
-      }
-    },
     "node_modules/@tybys/wasm-util": {
       "version": "0.10.1",
       "resolved": "https://registry.npmjs.org/@tybys/wasm-util/-/wasm-util-0.10.1.tgz",
@@ -10557,10 +10547,13 @@
       }
     },
     "node_modules/dompurify": {
-      "version": "3.3.1",
-      "resolved": "https://registry.npmjs.org/dompurify/-/dompurify-3.3.1.tgz",
-      "integrity": "sha512-qkdCKzLNtrgPFP1Vo+98FRzJnBRGe4ffyCea9IwHB1fyxPOeNTHpLKYGd4Uk9xvNoH0ZoOjwZxNptyMwqrId1Q==",
+      "version": "3.3.2",
+      "resolved": "https://registry.npmjs.org/dompurify/-/dompurify-3.3.2.tgz",
+      "integrity": "sha512-6obghkliLdmKa56xdbLOpUZ43pAR6xFy1uOrxBaIDjT+yaRuuybLjGS9eVBoSR/UPU5fq3OXClEHLJNGvbxKpQ==",
       "license": "(MPL-2.0 OR Apache-2.0)",
+      "engines": {
+        "node": ">=20"
+      },
       "optionalDependencies": {
         "@types/trusted-types": "^2.0.7"
       }
diff --git a/awx/ui/package.json b/awx/ui/package.json
index 419604d5..fc60e47d 100644
--- a/awx/ui/package.json
+++ b/awx/ui/package.json
@@ -17,7 +17,7 @@
     "cheerio": "1.0.0-rc.12",
     "d3": "7.9.0",
     "dagre": "^0.8.5",
-    "dompurify": "3.3.1",
+    "dompurify": "^3.3.2",
     "formik": "2.4.6",
     "has-ansi": "5.0.1",
     "html-entities": "2.6.0",