fix(deps): update dependency sanitize-html to v2.12.1 #3579

renovate · 2024-02-22T16:56:58Z

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence
sanitize-html	`2.12.0` -> `2.12.1`

apostrophecms/sanitize-html (sanitize-html)

Do not parse sourcemaps in post-css. This fixes a vulnerability in which information about the existence or non-existence of files on a server could be disclosed via properly crafted HTML input when the style attribute is allowed by the configuration. Thanks to the Snyk Security team for the disclosure and to Dylan Armstrong for the fix.

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Enabled.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

This PR has been generated by Mend Renovate. View repository job log here.

coveralls · 2024-02-22T17:08:30Z

coverage: 65.655%. remained the same
when pulling 7e605ab on renovate/sanitize-html-2.x-lockfile
into d28d3e5 on master.

fix(deps): update dependency sanitize-html to v2.12.1

7e605ab

renovate bot added [status] needs review PRs that are ready to be reviewed. [type] chore labels Feb 22, 2024

renovate-approve bot approved these changes Feb 22, 2024

View reviewed changes

renovate bot merged commit 38ed316 into master Feb 22, 2024
10 checks passed

renovate bot deleted the renovate/sanitize-html-2.x-lockfile branch February 22, 2024 20:12

Provide feedback