build(deps): bump dompurify from 2.4.9 to 3.0.11 in /superset-frontend/plugins/legacy-preset-chart-nvd3

[dependabot]

Bumps dompurify from 2.4.9 to 3.0.11.

Release notes

Sourced from dompurify's releases.

DOMPurify 3.0.11

• Fixed another conditional bypass caused by Processing Instructions, thanks @​Ry0taK
• Fixed the regex for HTML Custom Element detection, thanks @​AlekseySolovey3T

DOMPurify 3.0.10

• Fixed two possible bypasses when sanitizing an XML document and later using it in HTML, thanks @​Slonser
• Bumped up some build and test dependencies

DOMPurify 3.0.9

• Fixed a problem with proper detection of Custom Elements, thanks @​kevin-mizu
• Refactored the hasOwnProperty logic, thanks @​ssi02014
• Removed a superfluous console.warn making HappyDom happier, thanks @​HugoPoi
• Modernized some of the demo hooks for better looks, thanks @​Steb95

DOMPurify 3.0.8

• Fixed errors caused by conditional exports, thanks @​ssi02014
• Fixed a type error when working with custom element config, thanks @​cpmotion

DOMPurify 3.0.7

• Added better protection against CSPP attacks, thanks @​kevin-mizu
• Updated browser versions for automated tests
• Updated Node versions for automated tests
• Refactored code base, thanks @​ssi02014
• Refactored build system & deployment, thanks @​ssi02014

DOMPurify 3.0.6

• Refactored the core code-base and several utilities, thanks @​ssi02014
• Updated and fixed several sections of the README, thanks @​ssi02014
• Updated several outdated build and test dependencies

DOMPurify 3.0.5

• Fixed a licensing issue spotted and reported by @​george-thomas-hill
• Updated several build and test dependencies

DOMPurify 3.0.4

• Fixed a bypass in jsdom 22 in case the noframes element is permitted, thanks @​leeN
• Fixed a typo with shadowrootmod which should be shadowrootmode, thanks @​masatokinugawa

DOMPurify 3.0.3

• Added new TRUSTED_TYPES_POLICY configuration option, thanks @​dejang
• Added feDropShadow to the SVG filter allow-list, thanks @​SelfMadeSystem

DOMPurify 3.0.2

• Fixed an issue with ALLOWED_URI_REGEXP not being reset, thanks @​mukilane
• Added mprescripts tag to allowed MathML elements, thanks @​duyhai94
• Added SMS URI scheme to allowed URI schemes, tanks @​Kiwka
• Updated supported browser versions for nicer code and smaller size, thanks @​buzinas

DOMPurify 3.0.1

• Fixed a problem with improper reset of custom HTML options, thanks @​ammaraskar

... (truncated)

Commits

• a9fd4ae Merge pull request #921 from cure53/main
• 03d20b1 chore: Preparing 3.0.11 release
• c60a4df fix: Made the NodeFilter see CDATA sections as well, thanks @​Ry0taK
• dce81a5 fix: Addressed a conditional bypass pattern spotted by @​Ry0taK
• f2b637f Merge pull request #917 from cure53/main
• 51eea81 chore: Preparing 3.0.10 release
• dbc1d26 Merge pull request #915 from cure53/dependabot/npm_and_yarn/follow-redirects-...
• aaa6da1 build(deps-dev): bump follow-redirects from 1.15.4 to 1.15.6
• fcb9dbd fix: added a fix to handle invalid HTML Custom Element tagNames better
• 1b59639 fix: Fixed a possible issue with XML processing instructions deployed in HTML
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[dependabot]

The following labels could not be found: npm, dependabot.

[dependabot]

Superseded by #354.