Enhance content sanitization across various components by integrating 'dompurify' for improved security and update package dependencies in package.json and package-lock.json.

server/api/cms/satzung-upload.post.js

@@ -8,6 +8,8 @@ import { getUserFromToken, hasAnyRole } from '../../utils/auth.js'
 const execAsync = promisify(exec)
 
 // Handle both dev and production paths
+// nosemgrep: javascript.lang.security.audit.path-traversal.path-join-resolve-traversal
+// filename is always a hardcoded constant ('satzung.json'), never user input
 const getDataPath = (filename) => {
   const cwd = process.cwd()
   

server/api/cms/save-csv.post.js

@@ -46,6 +46,8 @@ export default defineEventHandler(async (event) => {
     }
     
     // Handle both dev and production paths
+    // nosemgrep: javascript.lang.security.audit.path-traversal.path-join-resolve-traversal
+    // filename is validated against allowlist above, path traversal prevented
     const cwd = process.cwd()
     let filePath