Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Update dependency sanitize-html to v1.27.5 #39

Open
wants to merge 1 commit into
base: develop
Choose a base branch
from

Conversation

renovate[bot]
Copy link

@renovate renovate bot commented Jul 12, 2023

This PR contains the following updates:

Package Change Age Adoption Passing Confidence
sanitize-html 1.22.0 -> 1.27.5 age adoption passing confidence

Release Notes

apostrophecms/sanitize-html (sanitize-html)

v1.27.5

Compare Source

  • Updates README to include ES modules syntax.

v1.27.4

Compare Source

  • Fixes an IE11 regression from using Array.prototype.includes, replacing it with Array.prototype.indexOf.

v1.27.3

Compare Source

  • Fixes a bug when using transformTags with out textFilter. Thanks to Andrzej Porebski for the help with a failing test.

v1.27.2

Compare Source

  • Fixes CHANGELOG links. Thanks to Alex Mayer for the contribution.
  • Replaces srcset with parse-srcset. Thanks to Massimiliano Mirra for the contribution.

v1.27.1

Compare Source

  • Removes the unused chalk dependency.
  • Adds configuration for a Github stale bot.
  • Replace xtend package with native Object.assign.

v1.27.0

Compare Source

  • Adds the allowedIframeDomains option. This works similar to allowedIframeHostnames, where you would set it to an array of web domains. It would then permit any hostname on those domains to be used in iframe src attributes. Thanks to Stanislav Kravchenko for the contribution.

v1.26.0

Compare Source

  • Adds the option element to the default nonTextTagsArray of tags with contents that aren't meant to be displayed visually as text. This can be overridden with the nonTextTags option.

v1.25.0

Compare Source

  • Adds enforceHtmlBoundary option to process code bounded by the html tag, discarding any code outside of those tags.
  • Migrates to the main lodash package from the per method packages since they are deprecated and cause code duplication. Thanks to Merceyz for the contribution.
  • Adds a warning when style and script tags are allowed, as they are inherently vulnerable to being used in XSS attacks. That warning can be disabled by including the option allowVulnerableTags: true so this choice is knowing and explicit.

v1.24.0

Compare Source

  • Fixes a bug where self-closing tags resulted in deletion with disallowedTagsMode: 'escape' set. Thanks to Thiago Negri for the contribution.
  • Adds abbr to the default allowedTags for better accessibility support. Thanks to Will Farrell for the contribution.
  • Adds a mediaChildren property to the frame object in custom filters. This allows you to check for links or other parent tags that contain self-contained media to prevent collapse, regardless of whether there is also text inside. Thanks to axdg for the initial implementation and Marco Arduini for a failing test contribution.

v1.23.0

Compare Source

  • Adds eslint configuration and adds eslint to test script.
  • Sets sideEffects: false on package.json to allow module bundlers like webpack tree-shake this module and all the dependencies from client build. Thanks to Egor Voronov for the contribution.
  • Adds the tagName (HTML element name) as a second parameter passed to textFilter. Thanks to Slava for the contribution.

v1.22.1

Compare Source

ncreases the patch version of lodash.mergewith to enforce an audit fix.


Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Enabled.

Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.


  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

0 participants