Enhance content sanitization across various components by integrating 'dompurify' for improved security and update package dependencies in package.json and package-lock.json.

scripts/re-encrypt-data.js

@@ -47,6 +47,8 @@ for (const arg of args) {
 
 // Pfade bestimmen
 function getDataPath(filename) {
+  // nosemgrep: javascript.lang.security.audit.path-traversal.path-join-resolve-traversal
+  // filename is always a hardcoded constant (e.g., 'users.json'), never user input
   const cwd = process.cwd()
   if (cwd.endsWith('.output')) {
     return path.join(cwd, '../server/data', filename)
@@ -271,6 +273,8 @@ async function reencryptMembershipApplications(backupDir, oldKeys) {
         skipped++
       }
     } catch (error) {
+      // nosemgrep: javascript.lang.security.audit.unsafe-formatstring.unsafe-formatstring
+      // file is from readdir, not user input; error.message is safe
       console.error(`❌ Fehler beim Verarbeiten von ${file}:`, error.message)
       throw error
     }