This repository has been archived by the owner on Oct 30, 2024. It is now read-only.
chore(deps): update dependency sanitize-html to >= 2.12.1 [security] - autoclosed #670
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
svc-secops
added
dependencies
⚠ Artifact update problemRenovate failed to update an artifact related to this branch. You probably do not want to merge this PR as-is. ♻ Renovate will retry this branch, including artifacts, only when one of the following happens:
The artifact failure details are included below: File name: package-lock.json |
❌ Deploy Preview for apollo-monodocs failed.
|
svc-secops
force-pushed
the
renovate/npm-sanitize-html-vulnerability
branch
from
86200a0
to
f075bb9
Compare
svc-secops
force-pushed
the
renovate/npm-sanitize-html-vulnerability
branch
6 times, most recently
from
33b0c63
to
52e00d7
Compare
svc-secops
force-pushed
the
renovate/npm-sanitize-html-vulnerability
branch
4 times, most recently
from
dc631de
to
8b4976d
Compare
svc-secops
force-pushed
the
renovate/npm-sanitize-html-vulnerability
branch
5 times, most recently
from
eab6a86
to
24829f9
Compare
svc-secops
force-pushed
the
renovate/npm-sanitize-html-vulnerability
branch
4 times, most recently
from
6d5cbf6
to
6a3417a
Compare
svc-secops
force-pushed
the
renovate/npm-sanitize-html-vulnerability
branch
5 times, most recently
from
4095f9c
to
59f2508
Compare
svc-secops
force-pushed
the
renovate/npm-sanitize-html-vulnerability
branch
2 times, most recently
from
aa7cdc8
to
e4678f5
Compare
svc-secops
force-pushed
the
renovate/npm-sanitize-html-vulnerability
branch
2 times, most recently
from
628d10f
to
3252d21
Compare
svc-secops
force-pushed
the
renovate/npm-sanitize-html-vulnerability
branch
from
3252d21
to
fd143a3
Compare
|
svc-secops
force-pushed
the
renovate/npm-sanitize-html-vulnerability
branch
3 times, most recently
from
bf46991
to
1222bc1
Compare
svc-secops
force-pushed
the
renovate/npm-sanitize-html-vulnerability
branch
4 times, most recently
from
391e833
to
cf19429
Compare
svc-secops
force-pushed
the
renovate/npm-sanitize-html-vulnerability
branch
5 times, most recently
from
e00c596
to
cbacbae
Compare
svc-secops
force-pushed
the
renovate/npm-sanitize-html-vulnerability
branch
5 times, most recently
from
9490564
to
ef78946
Compare
svc-secops
force-pushed
the
renovate/npm-sanitize-html-vulnerability
branch
from
ef78946
to
a4785aa
Compare
svc-secops
force-pushed
the
renovate/npm-sanitize-html-vulnerability
branch
from
a4785aa
to
8ab7dd4
Compare
svc-secops
changed the title
svc-secops
changed the title
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR contains the following updates:
1.27.5->>= 2.12.1](https://renovatebot.com/diffs/npm/sanitize-html/1.27.5/>= 2.12.1)GitHub Vulnerability Alerts
CVE-2021-26540
Apostrophe Technologies sanitize-html before 2.3.2 does not properly validate the hostnames set by the "allowedIframeHostnames" option when the "allowIframeRelativeUrls" is set to true, which allows attackers to bypass hostname whitelist for iframe element, related using an src value that starts with "/\example.com".
CVE-2021-26539
Apostrophe Technologies sanitize-html before 2.3.1 does not properly handle internationalized domain name (IDN) which could allow an attacker to bypass hostname whitelist validation set by the "allowedIframeHostnames" option.
CVE-2024-21501
Versions of the package sanitize-html before 2.12.1 are vulnerable to Information Exposure when used on the backend and with the style attribute allowed, allowing enumeration of files in the system (including project dependencies). An attacker could exploit this vulnerability to gather details about the file system structure and dependencies of the targeted server.
CVE-2022-25887
The package sanitize-html before 2.7.1 are vulnerable to Regular Expression Denial of Service (ReDoS) due to insecure global regular expression replacement logic of HTML comment removal.
Configuration
📅 Schedule: Branch creation - "" in timezone Etc/UTC, Automerge - "after 8am and before 4pm on tuesday" in timezone Etc/UTC.
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR has been generated by Renovate Bot.