apostrophecms/sanitize-html (sanitize-html)
### [`v2.12.1`](https://togithub.com/apostrophecms/sanitize-html/blob/HEAD/CHANGELOG.md#2121-2024-02-22)
[Compare Source](https://togithub.com/apostrophecms/sanitize-html/compare/5a5a74e179ef98075a0c61789f64e009f6b4ac29...2.12.1)
- Do not parse sourcemaps in `post-css`. This fixes a vulnerability in which information about the existence or non-existence of files on a server could be disclosed via properly crafted HTML input when the `style` attribute is allowed by the configuration. Thanks to the [Snyk Security team](https://snyk.io/) for the disclosure and to [Dylan Armstrong](https://dylan.is/) for the fix.
Configuration
📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).
🚦 Automerge: Enabled.
â™» Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
[ ] If you want to rebase/retry this PR, check this box
This PR has been generated by Mend Renovate. View repository job log here.
This PR contains the following updates:
2.12.0->2.12.1Release Notes
apostrophecms/sanitize-html (sanitize-html)
### [`v2.12.1`](https://togithub.com/apostrophecms/sanitize-html/blob/HEAD/CHANGELOG.md#2121-2024-02-22) [Compare Source](https://togithub.com/apostrophecms/sanitize-html/compare/5a5a74e179ef98075a0c61789f64e009f6b4ac29...2.12.1) - Do not parse sourcemaps in `post-css`. This fixes a vulnerability in which information about the existence or non-existence of files on a server could be disclosed via properly crafted HTML input when the `style` attribute is allowed by the configuration. Thanks to the [Snyk Security team](https://snyk.io/) for the disclosure and to [Dylan Armstrong](https://dylan.is/) for the fix.Configuration
📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).
🚦 Automerge: Enabled.
â™» Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR has been generated by Mend Renovate. View repository job log here.