bumped DomPurify to 2.5.8 (critical CVE)

Oaphi · Oaphi · commit a84dbe82dca6 · 2025-09-16T12:36:36.000+03:00
diff --git a/app/views/layouts/_head.html.erb b/app/views/layouts/_head.html.erb
@@ -30,7 +30,7 @@
 <% if SiteSetting['DonationsEnabled'] && (SiteSetting['LoadStripeEverywhere'] || controller_name == 'donations') %>
   <%= javascript_include_tag "https://js.stripe.com/v3/" %>
 <% end %>
-<%= javascript_include_tag "https://cdn.jsdelivr.net/npm/dompurify@2.2.9/dist/purify.min.js" %>
+<%= javascript_include_tag "https://cdn.jsdelivr.net/npm/dompurify@2.5.8/dist/purify.min.js" %>
 <%= javascript_include_tag "/assets/community/#{@community.host.split('.')[0]}.js" %>
 <%= javascript_include_tag 'application' %>
 <script src="https://cdn.jsdelivr.net/npm/@codidact/co-design@latest/js/co-design.js" defer></script>
