v0.1.0-beta.4 - CodeQL HIGH fix
Pre-release
Pre-release
CodeQL HIGH fix: js/incomplete-multi-character-sanitization on the HTML-comment strip now strips to a FIXED POINT (repeat until stable) - the canonical fix for an overlapping-marker bypass. bad-tag-filter (the parser is a CommonMark block-classifier, not a security sanitizer - HTML is passthrough-flagged, never sanitized), the dead-code notes, and Scorecard posture are dismissed-with-reason.