BoDonkey
commented
5 months ago Hi @suharelli If you look again at package.json you'll see this is a semver (Semantic Versioning) rule. The "^" means "at least" that version, e.g. it will install the newest in the 8.x series. It does not install that specific version. We do not update package.json every time a dependency releases an update, as long as the semantic versioning rule is correct. Thanks, Bob
Current version used by sanitize-html has vulnerabilities
https://github.com/advisories/GHSA-7fh5-64p2-3v2j