From 62cc0320399aef63aa09689aaaf000adafbedeef Mon Sep 17 00:00:00 2001
From: "opensearch-trigger-bot[bot]"
 <98922864+opensearch-trigger-bot[bot]@users.noreply.github.com>
Date: Wed, 25 Sep 2024 17:29:41 -0700
Subject: [PATCH] [CVE-2024-45801] Bump `dompurify` from 3.0.11 to 3.1.6
 (#8346) (#8350)

* [CVE-2024-45801] Bump `dompurify` from 3.0.11 to 3.1.6



* Changeset file for PR #8346 created/updated

---------



(cherry picked from commit ee9785ca234d8c487f135d24a60832132b16a396)

Signed-off-by: Miki <miki@amazon.com>
Signed-off-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
Co-authored-by: opensearch-changeset-bot[bot] <154024398+opensearch-changeset-bot[bot]@users.noreply.github.com>
---
 changelogs/fragments/8346.yml | 2 ++
 yarn.lock                     | 6 +++---
 2 files changed, 5 insertions(+), 3 deletions(-)
 create mode 100644 changelogs/fragments/8346.yml

diff --git a/changelogs/fragments/8346.yml b/changelogs/fragments/8346.yml
new file mode 100644
index 000000000000..66708de94eae
--- /dev/null
+++ b/changelogs/fragments/8346.yml
@@ -0,0 +1,2 @@
+security:
+- [CVE-2024-45801] Bump `dompurify` from 3.0.11 to 3.1.6 ([#8346](https://github.com/opensearch-project/OpenSearch-Dashboards/pull/8346))
\ No newline at end of file
diff --git a/yarn.lock b/yarn.lock
index ea1b9fee3128..a27f4bbe3d3d 100644
--- a/yarn.lock
+++ b/yarn.lock
@@ -7192,9 +7192,9 @@ domhandler@^4.0, domhandler@^4.0.0, domhandler@^4.2.0, domhandler@^4.2.2, domhan
     domelementtype "^2.2.0"
 
 dompurify@^3.0.11:
-  version "3.0.11"
-  resolved "https://registry.yarnpkg.com/dompurify/-/dompurify-3.0.11.tgz#c163f5816eaac6aeef35dae2b77fca0504564efe"
-  integrity sha512-Fan4uMuyB26gFV3ovPoEoQbxRRPfTu3CvImyZnhGq5fsIEO+gEFLp45ISFt+kQBWsK5ulDdT0oV28jS1UrwQLg==
+  version "3.1.6"
+  resolved "https://registry.yarnpkg.com/dompurify/-/dompurify-3.1.6.tgz#43c714a94c6a7b8801850f82e756685300a027e2"
+  integrity sha512-cTOAhc36AalkjtBpfG6O8JimdTMWNXjiePT2xQH/ppBGi/4uIpmj8eKyIkMJErXWARyINV/sB38yf8JCLF5pbQ==
 
 domutils@1.5.1:
   version "1.5.1"