Update dependency sanitize-html to v1.27.5 #39
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR contains the following updates:
1.22.0
->1.27.5
Release Notes
apostrophecms/sanitize-html (sanitize-html)
v1.27.5
Compare Source
v1.27.4
Compare Source
Array.prototype.includes
, replacing it withArray.prototype.indexOf
.v1.27.3
Compare Source
transformTags
with outtextFilter
. Thanks to Andrzej Porebski for the help with a failing test.v1.27.2
Compare Source
srcset
withparse-srcset
. Thanks to Massimiliano Mirra for the contribution.v1.27.1
Compare Source
xtend
package with nativeObject.assign
.v1.27.0
Compare Source
allowedIframeDomains
option. This works similar toallowedIframeHostnames
, where you would set it to an array of web domains. It would then permit any hostname on those domains to be used in iframesrc
attributes. Thanks to Stanislav Kravchenko for the contribution.v1.26.0
Compare Source
option
element to the defaultnonTextTagsArray
of tags with contents that aren't meant to be displayed visually as text. This can be overridden with thenonTextTags
option.v1.25.0
Compare Source
enforceHtmlBoundary
option to process code bounded by thehtml
tag, discarding any code outside of those tags.style
andscript
tags are allowed, as they are inherently vulnerable to being used in XSS attacks. That warning can be disabled by including the optionallowVulnerableTags: true
so this choice is knowing and explicit.v1.24.0
Compare Source
disallowedTagsMode: 'escape'
set. Thanks to Thiago Negri for the contribution.abbr
to the defaultallowedTags
for better accessibility support. Thanks to Will Farrell for the contribution.mediaChildren
property to theframe
object in custom filters. This allows you to check for links or other parent tags that contain self-contained media to prevent collapse, regardless of whether there is also text inside. Thanks to axdg for the initial implementation and Marco Arduini for a failing test contribution.v1.23.0
Compare Source
sideEffects: false
on package.json to allow module bundlers like webpack tree-shake this module and all the dependencies from client build. Thanks to Egor Voronov for the contribution.tagName
(HTML element name) as a second parameter passed totextFilter
. Thanks to Slava for the contribution.v1.22.1
Compare Source
ncreases the patch version of
lodash.mergewith
to enforce an audit fix.Configuration
📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).
🚦 Automerge: Enabled.
♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR was generated by Mend Renovate. View the repository job log.