v3.4.4 release bumps resolve-url-loader to a version for which npm audit does not report a vulnerability. Note that this vulnerability did not affect Create React App projects, so this change is only necessary to satisfy auditing tools.
Migrating from 3.4.3 to 3.4.4
Inside any created project that has not been ejected, run:
v3.4.3 release bumps terser-webpack-plugin to a version for which npm audit does not report a vulnerability. Note that this vulnerability did not affect Create React App projects, so this change is only necessary to satisfy auditing tools.
Migrating from 3.4.2 to 3.4.3
Inside any created project that has not been ejected, run:
v3.4.2 release bumps webpack-dev-server to a version for which npm audit does not report a vulnerability. Note that this vulnerability did not affect Create React App projects, so this change is only necessary to satisfy auditing tools.
Migrating from 3.4.1 to 3.4.2
Inside any created project that has not been ejected, run:
Show parseStyleAttributes warning in browser only. Thanks to mog422 for this update!
Remove empty non-boolean attributes via an exhaustive, configurable list of known non-boolean attributes. Thanks to Dylan Armstrong for this update!
2.10.0 (2023-02-17)
Fix auto-adding escaped closing tags. In other words, do not add implied closing tags to disallowed tags when disallowedTagMode is set to any variant of escape -- just escape the disallowed tags that are present. This fixes [issue #464](apostrophecms/sanitize-html#464). Thanks to Daniel Liebner
Add tagAllowed() helper function which takes a tag name and checks it against options.allowedTags and returns true if the tag is allowed and false if it is not.
If the argument is a number, convert it to a string, for backwards compatibility. Thanks to Alexander Schranz.
2.8.0 (2022-12-12)
Upgrades htmlparser2 to new major version ^8.0.0. Thanks to Kedar Chandrayan for this contribution.
2.7.3 (2022-10-24)
If allowedTags is falsy but not exactly false, then do not assume that all tags are allowed. Rather, allow no tags in this case, to be on the safe side. This matches the existing documentation and fixes [issue #176](apostrophecms/sanitize-html#176). Thanks to Kedar Chandrayan for the fix.
2.7.2 (2022-09-15)
Closing tags must agree with opening tags. This fixes [issue #549](apostrophecms/sanitize-html#549), in which closing tags not associated with any permitted opening tag could be passed through. No known exploit exists, but it's better not to permit this. Thanks to
Kedar Chandrayan for the report and the fix.
2.7.1 (2022-07-20)
Protocol-relative URLs are properly supported for script tags. Thanks to paweljq.
A denial-of-service vulnerability has been fixed by replacing global regular expression replacement logic for comment removal with a new implementation. Thanks to Nariyoshi Chida of NTT Security Japan for pointing out the issue.
2.7.0 (2022-02-04)
Allows a more sensible set of default attributes on <img /> tags. Thanks to Zade Viggers.
2.6.1 (2021-12-08)
Fixes style filtering to retain !important when used.
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/aneillans/postybirb-plus/network/alerts).
Bumps postcss to 8.4.31 and updates ancestor dependencies postcss, react-scripts, sanitize-html, autoprefixer, postcss-cli and tailwindcss. These dependencies need to be updated together.
Updates
postcss
from 6.0.23 to 8.4.31Release notes
Sourced from postcss's releases.
... (truncated)
Changelog
Sourced from postcss's changelog.
... (truncated)
Commits
90208de
Release 8.4.31 version58cc860
Fix carrier return parsing4fff8e4
Improve pnpm test outputcd43ed1
Update dependenciescaa916b
Update dependencies8972f76
Typo11a5286
Typo45c5501
Release 8.4.30 versionbc3c341
Update linterb2be58a
Merge pull request #1881 from romainmenke/improve-sourcemap-performance--phil...Updates
react-scripts
from 3.2.0 to 5.0.1Changelog
Sourced from react-scripts's changelog.
... (truncated)
Commits
19fa58d
Publish9802941
fix: webpack noise printed only if error or warning (#12245)2eef1d0
Update templates to use React 18createRoot
(#12220)221e511
Publish5614c87
Add support for Tailwind (#11717)20edab4
fix(webpackDevServer): disable overlay for warnings (#11413)3afbbc0
Update all dependencies (#11624)f5467d5
feat(eslint-config-react-app): support ESLint 8.x (#11375)c7627ce
Update webpack and dev server (#11646)544befe
Update package.json (#11597)Updates
sanitize-html
from 1.27.5 to 2.11.0Changelog
Sourced from sanitize-html's changelog.
... (truncated)
Commits
Updates
autoprefixer
from 9.8.6 to 10.4.16Release notes
Sourced from autoprefixer's releases.
... (truncated)
Changelog
Sourced from autoprefixer's changelog.
... (truncated)
Commits
026083c
Release 10.4.16 version4cda7ae
Update dependencies7a49d6a
Update CIa87f4cd
improve performance (#1500)0d6496e
Update dependenciesd9064cb
Remove deprecated browsers from README (#1499)aa63324
Release 10.4.15 versione6f597d
Run tests in parallel8611ba6
Update dependenciesf8d8dab
feat:::backdrop
using@mdn/browser-compat-data
(#1498)Updates
postcss-cli
from 6.1.3 to 10.1.0Release notes
Sourced from postcss-cli's releases.
Changelog
Sourced from postcss-cli's changelog.
... (truncated)
Commits
a3574b1
10.1.083771bd
Allow non-TTY stdin watch mode (#448)e939a68
Update dependency fs-extra to v11 (#447)1cd25c2
Update dependency prettier to ~2.8.0 (#445)9fdc954
Update dependency eslint-config-problems to v7 (#443)dcdef56
Update dependency slash to v5 (#442)e1b551e
Update dependency postcss-import to v15 (#439)7bf54af
Update dependency uuid to v9 (#440)e5419b5
10.0.0d779476
Add tests for ESM configUpdates
tailwindcss
from 1.9.6 to 3.3.3Release notes
Sourced from tailwindcss's releases.
... (truncated)
Changelog
Sourced from tailwindcss's changelog.
... (truncated)
Commits
0bd81a0
3.3.36a6ceb5
Update changelogf97759f
Don’t error when a config file is missing005c1be
Don't prefix arbitrary classes inpeer
/group
variants (#11454)5b9cbb3
Make PostCSS plugin async to improve performance (#11548)1c9bb38
Allow variant to be an at-rule without a prelude (#11589)80f3e85
Sort classes using position of first matching rule (#11504)2432268
Reset dialog element styles (#11069)b885fff
Addaria-busy
utility (#10966)1fb7486
Make font settings propagate into buttons, inputs, etc. (#10940)Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase
.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show