starred/spamscanner
1
0
Fork 0
mirror of https://github.com/spamscanner/spamscanner.git synced 2026-04-27 12:45:50 +03:00
Code Issues 2 Projects Releases 5 Packages Wiki Activity

[PR #17] [CLOSED] [Snyk] Upgrade sanitize-html from 2.4.0 to 2.7.0 #20

New issue
Closed
opened 2026-03-04 00:58:27 +03:00 by kerem · 0 comments
kerem commented 2026-03-04 00:58:27 +03:00
Owner
Copy link

📋 Pull Request Information

Original PR: https://github.com/spamscanner/spamscanner/pull/17
Author: @snyk-bot
Created: 4/8/2022
Status: Closed

Base: masterHead: snyk-upgrade-0500bc3cc998eeebe20150f07cff4a68

📝 Commits (1)

  • a8440cb fix: upgrade sanitize-html from 2.4.0 to 2.7.0

📊 Changes

2 files changed (+26 additions, -27 deletions)

View changed files

📝 package.json (+1 -1)
📝 yarn.lock (+25 -26)

📄 Description

Snyk has created this PR to upgrade sanitize-html from 2.4.0 to 2.7.0.

merge advice
ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

  • The recommended version is 7 versions ahead of your current version.
  • The recommended version was released 2 months ago, on 2022-02-04.

The recommended version fixes:

Severity Issue PriorityScore (*) Exploit Maturity
Information Exposure
SNYK-JS-NANOID-2332193		 307/1000
Why? Proof of Concept exploit, CVSS 4		 Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs

🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.

## 📋 Pull Request Information **Original PR:** https://github.com/spamscanner/spamscanner/pull/17 **Author:** [@snyk-bot](https://github.com/snyk-bot) **Created:** 4/8/2022 **Status:** ❌ Closed **Base:** `master` ← **Head:** `snyk-upgrade-0500bc3cc998eeebe20150f07cff4a68` --- ### 📝 Commits (1) - [`a8440cb`](https://github.com/spamscanner/spamscanner/commit/a8440cba91f8883190391bacea1d3785d89d2ff5) fix: upgrade sanitize-html from 2.4.0 to 2.7.0 ### 📊 Changes **2 files changed** (+26 additions, -27 deletions) <details> <summary>View changed files</summary> 📝 `package.json` (+1 -1) 📝 `yarn.lock` (+25 -26) </details> ### 📄 Description <h3>Snyk has created this PR to upgrade sanitize-html from 2.4.0 to 2.7.0.</h3> ![merge advice](https://app.snyk.io/badges/merge-advice/?package_manager=yarn&package_name=sanitize-html&from_version=2.4.0&to_version=2.7.0&pr_id=15cb4c95-f696-49b5-ab45-ac69bad8a419&visibility=true&has_feature_flag=false) :information_source: Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project. <hr/> - The recommended version is **7 versions** ahead of your current version. - The recommended version was released **2 months ago**, on 2022-02-04. The recommended version fixes: Severity | Issue | PriorityScore (*) | Exploit Maturity | :-------------------------:|:-------------------------|-------------------------|:------------------------- <img src="https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/m.png" width="20" height="20" title="medium severity"/> | Information Exposure<br/> [SNYK-JS-NANOID-2332193](https://snyk.io/vuln/SNYK-JS-NANOID-2332193) | **307/1000** <br/> **Why?** Proof of Concept exploit, CVSS 4 | Proof of Concept (*) Note that the real score may have changed since the PR was raised. <hr/> **Note:** *You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.* For more information: <img src="https://api.segment.io/v1/pixel/track?data=eyJ3cml0ZUtleSI6InJyWmxZcEdHY2RyTHZsb0lYd0dUcVg4WkFRTnNCOUEwIiwiYW5vbnltb3VzSWQiOiIxNWNiNGM5NS1mNjk2LTQ5YjUtYWI0NS1hYzY5YmFkOGE0MTkiLCJldmVudCI6IlBSIHZpZXdlZCIsInByb3BlcnRpZXMiOnsicHJJZCI6IjE1Y2I0Yzk1LWY2OTYtNDliNS1hYjQ1LWFjNjliYWQ4YTQxOSJ9fQ==" width="0" height="0"/> 🧐 [View latest project report](https://app.snyk.io/org/titanism/project/31f9eeb1-e0ca-41b6-8260-3db1fdd55c29?utm_source&#x3D;github&amp;utm_medium&#x3D;referral&amp;page&#x3D;upgrade-pr) 🛠 [Adjust upgrade PR settings](https://app.snyk.io/org/titanism/project/31f9eeb1-e0ca-41b6-8260-3db1fdd55c29/settings/integration?utm_source&#x3D;github&amp;utm_medium&#x3D;referral&amp;page&#x3D;upgrade-pr) 🔕 [Ignore this dependency or unsubscribe from future upgrade PRs](https://app.snyk.io/org/titanism/project/31f9eeb1-e0ca-41b6-8260-3db1fdd55c29/settings/integration?pkg&#x3D;sanitize-html&amp;utm_source&#x3D;github&amp;utm_medium&#x3D;referral&amp;page&#x3D;upgrade-pr#auto-dep-upgrades) <!--- (snyk:metadata:{"prId":"15cb4c95-f696-49b5-ab45-ac69bad8a419","prPublicId":"15cb4c95-f696-49b5-ab45-ac69bad8a419","dependencies":[{"name":"sanitize-html","from":"2.4.0","to":"2.7.0"}],"packageManager":"yarn","type":"auto","projectUrl":"https://app.snyk.io/org/titanism/project/31f9eeb1-e0ca-41b6-8260-3db1fdd55c29?utm_source=github&utm_medium=referral&page=upgrade-pr","projectPublicId":"31f9eeb1-e0ca-41b6-8260-3db1fdd55c29","env":"prod","prType":"upgrade","vulns":["SNYK-JS-NANOID-2332193"],"issuesToFix":[{"issueId":"SNYK-JS-NANOID-2332193","severity":"medium","title":"Information Exposure","exploitMaturity":"proof-of-concept","priorityScore":307,"priorityScoreFactors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"cvssScore","label":"4","score":200}]}],"upgrade":["SNYK-JS-NANOID-2332193"],"upgradeInfo":{"versionsDiff":7,"publishedDate":"2022-02-04T15:48:59.737Z"},"templateVariants":["merge-advice-badge-shown","priorityScore"],"hasFixes":true,"isMajorUpgrade":false,"isBreakingChange":false,"priorityScoreList":[307]}) ---> --- <sub>🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.</sub>
kerem 2026-03-04 00:58:27 +03:00
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
master
snyk-fix-e485913811a1a5163568193c35fd37b4
snyk-fix-e976c8078925d2a26cf9558096aee49e
snyk-fix-191b5fbf534d95b549ecc570f62e6ce3
refactor/workers
test/perf
v6.1.5
v6.1.4
v6.1.3
v6.1.2
v6.1.1
v6.1.0
v6.0.1
v6.0.0
v5.1.5
v5.1.4
v5.1.3
v5.1.2
v5.1.1
v5.1.0
v5.0.0
v4.0.0
v3.0.7
v3.0.6
v3.0.5
v3.0.4
v3.0.3
v3.0.2
v3.0.1
v3.0.0
v2.3.0
v2.2.2
v2.2.1
v2.2.0
v2.1.0
v2.0.0
v1.2.5
v1.2.4
v1.2.3
v1.2.2
v1.2.1
v1.2.0
v1.1.5
v1.1.4
v1.1.3
v1.1.2
v1.1.1
v1.1.0
v1.0.8
v1.0.7
v1.0.6
v1.0.5
v1.0.4
v1.0.3
v1.0.2
v1.0.1
v1.0.0
v0.0.10
v0.0.7
v0.0.8
v0.0.9
v0.0.6
v0.0.5
v0.0.4
v0.0.3
v0.0.2
v0.0.1
Labels
Clear labels   
bug

   
bug

   
enhancement

   
help wanted

   
pull-request

Mirrored from GitHub Pull Request

No labels
bug
bug
enhancement
help wanted
pull-request
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
starred/spamscanner#20
No description provided.