web-profiler-bundle - retire.js reports DOMPurify 3.0.9 has known vulnerabilities

### Symfony version(s) affected

7.2.3

### Description

Hi team,

I'm using retire.js to scan for vulnerabilities in my project and it reports that `vendor/symfony/web-profiler-bundle/Resources/views/Script/Mermaid/mermaid-flowchart-v2.min.js` includes `DOMPurify 3.0.9` which in turn has known vulnerabilities.

I know that web-profiler-bundle is only in dev, but I run the `retire` command in dev, and the client wants to see it report no vulnerabilities in my project.

Any chance of updating web-profiler-bundle to use a more recent version of Mermaid? Thanks

### How to reproduce

1. Create a new Symfony project
2. Install retire.js with `npm install -g retire`
3. Run `retire`

### Possible Solution

_No response_

### Additional Context

_No response_

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Uh oh!

web-profiler-bundle - retire.js reports DOMPurify 3.0.9 has known vulnerabilities #59852

Symfony version(s) affected

Description

How to reproduce

Possible Solution

Additional Context

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Uh oh!

web-profiler-bundle - retire.js reports DOMPurify 3.0.9 has known vulnerabilities #59852

Description

Symfony version(s) affected

Description

How to reproduce

Possible Solution

Additional Context

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions