Skip to content

Build(deps): Bump sanitize-html from 2.17.3 to 2.17.4#90

Merged
github-actions[bot] merged 1 commit into
mainfrom
dependabot/npm_and_yarn/sanitize-html-2.17.4
May 26, 2026
Merged

Build(deps): Bump sanitize-html from 2.17.3 to 2.17.4#90
github-actions[bot] merged 1 commit into
mainfrom
dependabot/npm_and_yarn/sanitize-html-2.17.4

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot Bot commented on behalf of github May 21, 2026
edited
Loading

Bumps sanitize-html from 2.17.3 to 2.17.4.

Changelog

Sourced from sanitize-html's changelog.

2.17.4

Changes

  • sanitize-html and launder now share a single implementation of naughtyHref, based on that which previously existed in sanitize-html.

Security

  • Security vulnerability: the xmp tag could be used to pass forbidden markup through sanitize-html, even when xmp itself is not explicitly allowed All users of sanitize-html should update immediately. Thanks to Vincenzo Turturro for reporting the vulnerability.
Commits

@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels May 21, 2026
@pejuam
Copy link
Copy Markdown
Contributor

pejuam commented May 26, 2026

@dependabot rebase

@dependabot
Build(deps): Bump sanitize-html from 2.17.3 to 2.17.4
91f3cc4 
Bumps [sanitize-html](https://github.com/apostrophecms/apostrophe/tree/HEAD/packages/sanitize-html) from 2.17.3 to 2.17.4.
- [Changelog](https://github.com/apostrophecms/apostrophe/blob/main/packages/sanitize-html/CHANGELOG.md)
- [Commits](https://github.com/apostrophecms/apostrophe/commits/HEAD/packages/sanitize-html)

---
updated-dependencies:
- dependency-name: sanitize-html
  dependency-version: 2.17.4
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot force-pushed the dependabot/npm_and_yarn/sanitize-html-2.17.4 branch from 48eacae to 91f3cc4 Compare May 26, 2026 06:06
@github-actions github-actions Bot merged commit a8afe5d into main May 26, 2026
4 checks passed
@github-actions github-actions Bot deleted the dependabot/npm_and_yarn/sanitize-html-2.17.4 branch May 26, 2026 06:25
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@github-actions github-actions[bot] github-actions[bot] approved these changes

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@pejuam