chore(deps): update dependency dompurify to v3.4.7

[thomhurst]

This PR contains the following updates:

Package	Type	Update	Change
dompurify	resolutions	patch	3.4.6 → 3.4.7

---

Release Notes

cure53/DOMPurify (dompurify)

v3.4.7: DOMPurify 3.4.7

Compare Source

• Hardened the handling of Shadow Roots when using IN_PLACE, thanks @​GameZoneHacker
• Removed a problem leading to permanent hook pollution, thanks @​offset
• Refactored the test suite and expanded test coverage significantly

---

Configuration

📅 Schedule: (UTC)

• Branch creation
  • At any time (no schedule defined)
• Automerge
  • At any time (no schedule defined)

🚦 Automerge: Enabled.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR has been generated by Mend Renovate.

[claude]

Dependency Update Review: dompurify 3.4.6 → 3.4.7

This is a straightforward patch update to DOMPurify, a security-critical XSS sanitization library used in the docs site.

Changes are scoped correctly — only docs/package.json and docs/yarn.lock are touched. No .NET source, tests, or configuration is affected.

Why this update is worth taking:

• Security hardening: Shadow Root handling when using IN_PLACE was hardened (potential XSS vector addressed)
• Bug fix: Permanent hook pollution was resolved — this could have caused subtle, hard-to-debug sanitization bypasses in long-lived page sessions
• No breaking changes in a patch release; the ^3.3.1 range constraint is preserved

No concerns. Patch security fixes to DOMPurify should be merged promptly. LGTM.

[codacy-production]

Up to standards ✅

🟢 Issues 0 issues

Results:
0 new issues

View in Codacy

_{NEW Get contextual insights on your PRs based on Codacy's metrics, along with PR and Jira context, without leaving GitHub. Enable AI reviewer
TIP This summary will be updated as you push new changes.}