-
Notifications
You must be signed in to change notification settings - Fork 272
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
chore(deps): bump sanitize-html from 2.11.0 to 2.12.1 #4328
chore(deps): bump sanitize-html from 2.11.0 to 2.12.1 #4328
Conversation
070c16b
to
1957402
Compare
1957402
to
11e5914
Compare
11e5914
to
5b3d2cc
Compare
@dependabot rebase |
Looks like this PR has been edited by someone other than Dependabot. That means Dependabot can't rebase it - sorry! If you're happy for Dependabot to recreate it from scratch, overwriting any edits, you can request |
@dependabot recreate |
5b3d2cc
to
7fcd8a8
Compare
@dependabot rebase |
7fcd8a8
to
06b01db
Compare
🚨 Potential security issues detected. Learn more about Socket for GitHub ↗︎ To accept the risk, merge this PR and you will not be notified again.
Next stepsWhat is an install script?Install scripts are run when the package is installed. The majority of malware in npm is hidden in install scripts. Packages should not be running non-essential scripts during install and there are often solutions to problems people solve with install scripts that can be run at publish time instead. Take a deeper look at the dependencyTake a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support [AT] socket [DOT] dev. Remove the packageIf you happen to install a dependency that Socket reports as Known Malware you should immediately remove it and select a different dependency. For other alert types, you may may wish to investigate alternative packages or consider if there are other ways to mitigate the specific risk posed by the dependency. Mark a package as acceptable riskTo ignore an alert, reply with a comment starting with
|
@dependabot rebase |
Bumps [sanitize-html](https://github.com/apostrophecms/sanitize-html) from 2.11.0 to 2.12.1. - [Changelog](https://github.com/apostrophecms/sanitize-html/blob/main/CHANGELOG.md) - [Commits](apostrophecms/sanitize-html@2.11.0...2.12.1) --- updated-dependencies: - dependency-name: sanitize-html dependency-type: direct:production ... Signed-off-by: dependabot[bot] <[email protected]> TICKET: WP-0000
06b01db
to
cbd26e3
Compare
Bumps sanitize-html from 2.11.0 to 2.12.1.
Changelog
Sourced from sanitize-html's changelog.
Commits
4a7d7dd
Merge pull request #654 from apostrophecms/release-2.12.1f8e02be
release 2.12.1c5dbdf7
Merge pull request #650 from dylanarmstrong/fix/ignore-source-maps5a5a74e
Merge pull request #652 from apostrophecms/add-thanks-to-changelogee71ff0
Add community contribution thanks youa226fe7
Merge pull request #651 from apostrophecms/release-2.12.0ff18600
release 2.12.01e2294c
test: added test for postcss mapc376501
doc: update changelog075499d
fix: ignore source maps when processing with postcssYou can trigger a rebase of this PR by commenting
@dependabot rebase
.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebase
will rebase this PR@dependabot recreate
will recreate this PR, overwriting any edits that have been made to it@dependabot merge
will merge this PR after your CI passes on it@dependabot squash and merge
will squash and merge this PR after your CI passes on it@dependabot cancel merge
will cancel a previously requested merge and block automerging@dependabot reopen
will reopen this PR if it is closed@dependabot close
will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually@dependabot show <dependency name> ignore conditions
will show all of the ignore conditions of the specified dependency@dependabot ignore this major version
will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this minor version
will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this dependency
will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)You can disable automated security fix PRs for this repo from the Security Alerts page.