Current version used by sanitize-html has vulnerabilities

GHSA-7fh5-64p2-3v2j

Hi @suharelli
If you look again at package.json you'll see this is a semver (Semantic Versioning) rule. The "^" means "at least" that version, e.g. it will install the newest in the 8.x series. It does not install that specific version. We do not update package.json every time a dependency releases an update, as long as the semantic versioning rule is correct.
Thanks,
Bob