chore(deps): bump dompurify from 3.4.2 to 3.4.5

[dependabot]

Bumps dompurify from 3.4.2 to 3.4.5.

Release notes

Sourced from dompurify's releases.

DOMPurify 3.4.5

• Fixed a bypass caused by the new HTML element selectedcontent added in 3.4.4, thanks @​KabirAcharya

Note that this is a security release for an issue introduced in 3.4.4 and should be upgraded to immediately.

DOMPurify 3.4.4

• Added the selectedcontent element to default allow-list, thanks @​lukewarlow
• Added the command and commandfor attributes to default allowed-list, thanks @​lukewarlow
• Added better template scrubbing for IN_PLACE operations, thanks @​DEMON1A
• Added stronger checks for cross-realm windows, thanks @​DEMON1A & @​fg0x0
• Updated demo website and made sure it uses the latest from main
• Updated existing workflows, fuzzer, dependabot, etc., added more tests
• Bumped several dependencies where possible

🚨 This release had been flagged as deprecated, please use DOMPurify 3.4.5 instead 🚨

DOMPurify 3.4.3

• Fixed an issue with handling of nested Shadow DOM trees, thanks @​fishjojo1
• Fixed the template regexes to be more robust against ReDoS attacks, thanks @​aleung27
• Updated the node iteration code to catch more Shadow DOM related issues
• Updated Playwright and added Node 26 to test matrix
• Updated existing workflows, fuzzer, release signing, etc., added more tests
• Bumped several dependencies where possible

Commits

• 011b0c7 release: 3.4.5 (#1382)
• 5817ad9 release: 3.4.4 (#1374)
• 520edb0 release: 3.4.3 (#1352)
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[netlify]

✅ Deploy Preview for btcmap ready!

Name	Link
🔨 Latest commit	9b3b51d
🔍 Latest deploy log	https://app.netlify.com/projects/btcmap/deploys/6a0d633722737e0008ae8eec
😎 Deploy Preview	https://deploy-preview-1010--btcmap.netlify.app
📱 Preview on mobile	Toggle QR Code... Use your smartphone camera to open QR code link.
Lighthouse	1 paths audited Performance: 50 (🔴 down 42 from production) Accessibility: 97 (no change from production) Best Practices: 92 (🔴 down 8 from production) SEO: 96 (no change from production) PWA: 90 (no change from production) View the detailed breakdown and full score reports

---

To edit notification comments on pull requests, go to your Netlify project configuration.

[socket-security]

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff	Package	Supply Chain Security	Vulnerability	Quality	Maintenance	License
	marked@​18.0.4
	@​sveltejs/​kit@​2.60.1
	postcss@​8.5.15
	axios@​1.16.1
	date-fns@​4.2.1
	dompurify@​3.4.5
	lint-staged@​17.0.5

View full report

[dependabot]

Looks like dompurify is up-to-date now, so this is no longer needed.