Hi,
I'm getting security issue when installed react-trace:
on "dompurify", it needs to be upgraded to v3.4.11
@react-trace is pinning dompurify to v3.2.7
v3.2.7 falls inside the affected range of CVE-2026-41238 / GHSA-v9jr-rg53-9pgp (DOMPurify Prototype Pollution → XSS bypass via CUSTOM_ELEMENT_HANDLING fallback), which affects 3.0.1 – 3.3.3 and is fixed in 3.4.0. Severity High (CVSS 7.1).
Hi,
I'm getting security issue when installed react-trace:
on "dompurify", it needs to be upgraded to v3.4.11
@react-trace is pinning dompurify to v3.2.7
v3.2.7 falls inside the affected range of CVE-2026-41238 / GHSA-v9jr-rg53-9pgp (DOMPurify Prototype Pollution → XSS bypass via CUSTOM_ELEMENT_HANDLING fallback), which affects 3.0.1 – 3.3.3 and is fixed in 3.4.0. Severity High (CVSS 7.1).