Bumped dompurify to 3.4.1 across ghost/core, activitypub, portal (TryGhost#27587)

## Summary

Bumps `dompurify` from a vulnerable `3.3.x` release to `3.4.1` (current
latest) in the three workspaces that depend on it directly:

- `ghost/core`: `3.3.0` → `3.4.1`
- `apps/activitypub`: `3.3.1` → `3.4.1`
- `apps/portal`: `3.3.1` → `3.4.1`

Patch and minor versions within the dompurify 3.x line are backward-compatible; the `sanitize()` API and option shape are unchanged.

Author: 9larsons

apps/activitypub/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@tryghost/activitypub",
-  "version": "3.1.13",
+  "version": "3.1.14",
   "license": "MIT",
   "repository": {
     "type": "git",
@@ -82,7 +82,7 @@
     "@tryghost/admin-x-framework": "workspace:*",
     "@tryghost/shade": "workspace:*",
     "clsx": "2.1.1",
-    "dompurify": "3.3.1",
+    "dompurify": "3.4.1",
     "html2canvas-objectfit-fix": "1.2.0",
     "react": "18.3.1",
     "react-dom": "18.3.1",

apps/portal/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@tryghost/portal",
-  "version": "2.68.18",
+  "version": "2.68.19",
   "license": "MIT",
   "repository": "https://github.com/TryGhost/Ghost",
   "author": "Ghost Foundation",
@@ -121,7 +121,7 @@
     "@vitest/ui": "3.2.4",
     "concurrently": "8.2.2",
     "cross-fetch": "4.1.0",
-    "dompurify": "3.3.1",
+    "dompurify": "3.4.1",
     "eslint": "catalog:",
     "eslint-plugin-i18next": "6.1.3",
     "jsdom": "28.1.0",

ghost/core/package.json

@@ -165,7 +165,7 @@
     "csso": "5.0.5",
     "csv-writer": "1.6.0",
     "date-fns": "2.30.0",
-    "dompurify": "3.3.0",
+    "dompurify": "3.4.1",
     "downsize": "0.0.8",
     "entities": "4.5.0",
     "express": "4.21.2",