chore: lock file maintenance

[renovate]

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence
dompurify	3.2.3 -> 3.2.4

GitHub Vulnerability Alerts

CVE-2025-26791

DOMPurify before 3.2.4 has an incorrect template literal regular expression, sometimes leading to mutation cross-site scripting (mXSS).

---

Release Notes

cure53/DOMPurify (dompurify)

v3.2.4: DOMPurify 3.2.4

Compare Source

• Fixed a conditional and config dependent mXSS-style bypass reported by @​nsysean
• Added a new feature to allow specific hook removal, thanks @​davecardwell
• Added purify.js and purify.min.js to exports, thanks @​Aetherinox
• Added better logic in case no window object is president, thanks @​yehuya
• Updated some dependencies called out by dependabot
• Updated license files etc to show the correct year

---

Configuration

📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[vercel]

The latest updates on your projects. Learn more about Vercel for Git ↗︎

Name	Status	Preview	Comments	Updated (UTC)
blocksuite	✅ Ready (Inspect)	Visit Preview	💬 Add feedback	Feb 14, 2025 11:27pm

1 Skipped Deployment

Name	Status	Preview	Comments	Updated (UTC)
blocksuite-docs	⬜️ Ignored (Inspect)	Visit Preview		Feb 14, 2025 11:27pm

[changeset-bot]

⚠️ No Changeset found

Latest commit: eaf4ed4

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

This PR includes no changesets

When changesets are added to this PR, you'll see the packages that this PR includes changesets for and the associated semver types

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR

[graphite-app]

How to use the Graphite Merge Queue

Add the label merge to this PR to add it to the merge queue.

You must have a Graphite account in order to use the merge queue. Sign up using this link.

An organization admin has enabled the Graphite Merge Queue in this repository.

Please do not merge from GitHub as this will restart CI on PRs being processed by the merge queue.

[socket-security]

New and removed dependencies detected. Learn more about Socket for GitHub ↗︎

Package	New capabilities	Transitives	Size	Publisher

🚮 Removed packages: npm/@humanfs/core@0.19.1, npm/deep-is@0.1.4, npm/esrecurse@4.3.0, npm/flat-cache@4.0.1, npm/levn@0.4.1

View full report↗︎

[nx-cloud]

View your CI Pipeline Execution ↗ for commit eaf4ed4.

Command	Status	Duration	Result
nx vite:build @blocksuite/playground	✅ Succeeded	1s	View ↗

---

☁️ Nx Cloud last updated this comment at 2025-02-14 23:28:10 UTC

[github-actions]

size-limit report 📦

Path	Size
@blocksuite/affine	13 B (0%)
@blocksuite/affine/effects	2.11 MB (-0.11% 🔽)
@blocksuite/affine/block-std	158.78 KB (0%)
@blocksuite/affine/block-std/gfx	82.71 KB (0%)
@blocksuite/affine/global	13 B (0%)
@blocksuite/affine/global/utils	13.9 KB (0%)
@blocksuite/affine/global/env	217 B (0%)
@blocksuite/affine/global/exceptions	562 B (0%)
@blocksuite/affine/global/di	1.65 KB (0%)
@blocksuite/affine/global/types	13 B (0%)
@blocksuite/affine/store	78.67 KB (0%)
@blocksuite/affine/inline	32.64 KB (0%)
@blocksuite/affine/inline/consts	242 B (0%)
@blocksuite/affine/inline/types	13 B (0%)
@blocksuite/affine/presets	1.9 MB (+0.01% 🔺)
@blocksuite/affine/blocks	2 MB (-0.02% 🔽)
@blocksuite/affine/blocks/schemas	97.59 KB (0%)