qaboard icon indicating copy to clipboard operation
qaboard copied to clipboard
verified publisher icon Samsung

[Snyk] Security upgrade sanitize-html from 2.6.1 to 2.12.1

Open arthur-flam opened this issue 2 years ago • 0 comments

This PR was automatically created by Snyk using the credentials of a real user.


Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • webapp/package.json

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
medium severity 658/1000
Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 5.3		 Information Exposure
SNYK-JS-SANITIZEHTML-6256334		 No Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: sanitize-html The new version differs by 102 commits.
  • 4a7d7dd Merge pull request #654 from apostrophecms/release-2.12.1
  • f8e02be release 2.12.1
  • c5dbdf7 Merge pull request #650 from dylanarmstrong/fix/ignore-source-maps
  • 5a5a74e Merge pull request #652 from apostrophecms/add-thanks-to-changelog
  • ee71ff0 Add community contribution thanks you
  • a226fe7 Merge pull request #651 from apostrophecms/release-2.12.0
  • ff18600 release 2.12.0
  • 1e2294c test: added test for postcss map
  • c376501 doc: update changelog
  • 075499d fix: ignore source maps when processing with postcss
  • eb932f8 Merge pull request #646 from gkumar9891/allow-svg-element
  • 31def35 changes to documentation
  • b268d15 changes in documentation
  • 54a6ac2 allow svg element
  • c52a9f0 Merge pull request #634 from zhna123/empty-alt
  • 2c7ac45 Added more tests and modified CHANGELOG
  • 4f6cea6 Added 'allowedEmptyAttributes' option and kept empty 'alt' value by default.
  • cb6efe1 Merge pull request #628 from alfreema/patch-1
  • 9856e7b Delete .circleci directory
  • 1bde207 Update README.md - Remove circleci reference
  • b3400f2 Update README.md
  • c4491ea Merge pull request #625 from apostrophecms/2.11.0
  • 7bd3e3f release 2.11.0
  • 6c0e5fe thank you

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information: 🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Learn about vulnerability in an interactive lesson of Snyk Learn.

arthur-flam avatar Feb 24 '24 03:02 arthur-flam