server-notifications-node icon indicating copy to clipboard operation
server-notifications-node copied to clipboard

Published 20 hours ago verified publisher icon TwilioDevEd

[Snyk] Security upgrade sanitize-html from 1.27.5 to 2.7.1

Open twilio-product-security opened this issue 2 years ago • 0 comments

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

merge advice

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • package.json
    • package-lock.json

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
medium severity 551/1000
Why? Recently disclosed, Has a fix available, CVSS 5.3		 Regular Expression Denial of Service (ReDoS)
SNYK-JS-SANITIZEHTML-2957526		 Yes No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: sanitize-html The new version differs by 164 commits.
  • b4682c1 Merge pull request #557 from apostrophecms/release-2.7.1
  • b6c4971 release 2.7.1 (with security fix previously tested and approved by Miro)
  • 6683aad remove DoS vulnerability
  • 7c7ccb4 credit
  • 994f962 Merge pull request #555 from paweljq/fix_protocol_relative_script_tag
  • 3c3f075 Merge pull request #556 from cha147/patch-1
  • 8e3b00f fix typos in readme
  • 329dae7 Fix protocol relative url in scripts tags #531
  • 3cdc262 release 2.7.0 (#534)
  • 72989f1 Merge pull request #530 from apostrophecms/zade-credit
  • 208cdb4 zade credit
  • 7338f8b Merge pull request #529 from zadeviggers/patch-1
  • 1971a57 Update defaults in readme
  • 43f28f3 Update changelog
  • 5fccedb Allow srcset
  • be9c90d Add common image attributes
  • 379b55b Bumps version (#523)
  • da9767f Fixes important stripping (#522)
  • d077c9f Merge pull request #521 from alex-rantos/fix-trailing-text
  • d905b3b typo on changelog
  • 836c5ab add CHANGELOG entry
  • c1112fb fix trailing text issue
  • d737f39 Bumps version (#520)
  • e5027ef Merge pull request #515 from apostrophecms/revert-505-504-whatwg-url

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information: 🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Learn about vulnerability in an interactive lesson of Snyk Learn.

twilio-product-security avatar Aug 30 '22 08:08 twilio-product-security