[Snyk] Fix for 3 vulnerabilities

[snyk-io]

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • apps/connect/package.json
  • apps/connect/package-lock.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	251/1000 Why? Confidentiality impact: High, Integrity impact: Low, Availability impact: None, Scope: Changed, Exploit Maturity: Proof of Concept, User Interaction (UI): Required, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.01055, Social Trends: No, Days since published: 2, Reachable: No, Transitive dependency: No, Is Malicious: No, Business Criticality: High, Provider Urgency: Medium, Package Popularity Score: 99, Impact: 7.86, Likelihood: 3.19, Score Version: V5	Cross-site Scripting (XSS) SNYK-JS-DOMPURIFY-8184974	No	Proof of Concept
	131/1000 Why? Confidentiality impact: Low, Integrity impact: High, Availability impact: None, Scope: Unchanged, Exploit Maturity: No data, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: High, Attack Vector: Network, EPSS: 0.01055, Social Trends: No, Days since published: 5, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: High, Package Popularity Score: 99, Impact: 7.03, Likelihood: 1.86, Score Version: V5	Improper Verification of Cryptographic Signature SNYK-JS-ELLIPTIC-8172694	Yes	No Known Exploit
	170/1000 Why? Confidentiality impact: None, Integrity impact: High, Availability impact: None, Scope: Unchanged, Exploit Maturity: Proof of Concept, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.01055, Social Trends: No, Days since published: 0, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: High, Package Popularity Score: 99, Impact: 5.99, Likelihood: 2.83, Score Version: V5	Improper Verification of Cryptographic Signature SNYK-JS-ELLIPTIC-8187303	Yes	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: @wormhole-foundation/wormhole-connect

The new version differs by 217 commits.

• f6da020 [QA] Amount displayed in "More routes available" message should have more decimal places (#2762)
• 8ae2ebc [Redesign] Prevent zoom on input fields for mobile (#2805)
• 616e81e updated sanctioned wallets list (#2799)
• 3dc9445 remove FAQ section (#2808)
• ddab878 always use a transparent background (#2793)
• 15ee509 Update NTT section in README (#2790)
• e38c2f8 Rename WMATIC -> WPOL wrappedTokens entry (#2798)
• fdf3d77 [Redesign] Custom config feature flag for in-progress widget (#2792)
• 3d98c3c dont overwrite base theme (#2791)
• e8e4d4b bumped ntt sdk for solana 2.0 deprecated method changes (#2777)
• faa32c7 bug fix: Assert signer connected to right EVM chain before sending (#2778)
• 9548507 export buildConfig for external config validation (#2788)
• 2e26ca2 Display DestinationCapacityWarning (#2785)
• 3266738 New approach to CDN-hosted Connect (#2769)
• 2c1732e [Redesign] Fixing a few non-breaking warnings/errors reported in Browser console (#2774)
• 2468254 Fix missing OKX wallet from default (#2761)
• d50b6d1 remove syntactically incorrect HTML tag (#2768)
• b76b8cd tokens with large balances not selectable fix (#2767)
• eb2e0be AutomaticCCTP show min amount required message (#2764)
• 6ed2d3c remove keys not used by v2 design (#2738)
• 6656771 Fix Claim button text when background default is transparent (#2758)
• 24509c9 log the provided config in load event (#2755)
• 0a136ef Clear some `TODO SDKV2`s and related dead code (#2756)
• d90abfc [Redesign] Remove number type to avoid arrows and check type manually (#2754)

See the full diff

Package name: dompurify

The new version differs by 52 commits.

• 3fe78d7 chore: Preparing 3.1.3 release
• b20ce99 fix: Added smaller-than-null check for __depth hardening code
• 1e52026 fix: Hardened the depth tracking code against prototype pollution
• 8df72f1 fix: Made the regex for comment scrubbing a bit stricter
• ae517d6 fix: Expanded the comment scrubbing regex matching a bit further
• b6818ce fix: Added better configurability for new comment behavior
• aafd7a8 docs: Changed inline comments slightly to be more accurate
• a377bf8 test: Fixed the tests
• d1d5d22 fix: Added experiemental comment scrubbing inside attributes
• dc61232 fix Feature address input for target XLabs/portal-bridge-ui#949
• 0b63a98 Merge pull request Deployment/w bridge test XLabs/portal-bridge-ui#948 from ssi02014/refac/purify
• c68783e refac: refactoring nodeType by adding a NODE_TYPE object
• abb21f8 fix: Added experimental change to prohibit __depth clobbering
• 705ad8e Merge branch 'main' of github.com:cure53/DOMPurify
• 7422567 fix: Added experimental clobbering check after removal
• fbfd2b7 Update README.md with latest shout outs
• 74664db chore: Updated package-lock.json with new release number
• 5f17b27 chore: Preparing 3.1.2 release
• 5d492ee test: Fixed the tests for older Chrome and Safari
• 8075b37 fix: Adjusted the list of permitted SVG HTML integration points
• 61b761f fix: Switched to using the getParentNode API for some calls
• ee17313 docs: Added new mentions of honor to the readme
• 7bbd12b chore: Preparing 3.1.1 release
• 87eff29 Merge branch 'main' of github.com:cure53/DOMPurify

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Cross-site Scripting (XSS)