Skip to content

feat(deps): bump sanitize-html from 2.17.2 to 2.17.3#3779

Merged
justlevine merged 1 commit into
mainfrom
dependabot/npm_and_yarn/sanitize-html-2.17.3
Apr 20, 2026
Merged

feat(deps): bump sanitize-html from 2.17.2 to 2.17.3#3779
justlevine merged 1 commit into
mainfrom
dependabot/npm_and_yarn/sanitize-html-2.17.3

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Apr 16, 2026

Copy link
Copy Markdown
Contributor

Bumps sanitize-html from 2.17.2 to 2.17.3.

Changelog

Sourced from sanitize-html's changelog.

2.17.3 (2026-04-15)

Security

  • Fix vulnerability introduced in version 2.17.2 that allowed XSS attacks if the developer chose to permit option tags. There was no vulnerability when not explicitly allowing option tags.
Commits

@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code labels Apr 16, 2026
@vercel

vercel Bot commented Apr 16, 2026

Copy link
Copy Markdown

The latest updates on your projects. Learn more about Vercel for GitHub.

1 Skipped Deployment
Project Deployment Actions Updated (UTC)
wpgraphql-com Skipped Skipped Apr 20, 2026 2:35pm

Bumps [sanitize-html](https://github.com/apostrophecms/apostrophe/tree/HEAD/packages/sanitize-html) from 2.17.2 to 2.17.3.
- [Changelog](https://github.com/apostrophecms/apostrophe/blob/main/packages/sanitize-html/CHANGELOG.md)
- [Commits](https://github.com/apostrophecms/apostrophe/commits/sanitize-html@2.17.3/packages/sanitize-html)

---
updated-dependencies:
- dependency-name: sanitize-html
  dependency-version: 2.17.3
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot force-pushed the dependabot/npm_and_yarn/sanitize-html-2.17.3 branch from b46103a to 26ca591 Compare April 20, 2026 14:35
@justlevine justlevine merged commit 123177c into main Apr 20, 2026
89 of 102 checks passed
@justlevine justlevine deleted the dependabot/npm_and_yarn/sanitize-html-2.17.3 branch April 20, 2026 15:50
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant