Can we bump sanitize-html dependency to address this CVE?
gone-skiing opened this issue · comments
Eugene Krylov commented
Eugene Krylov commented
I am happy to spin up a PR...
Eugene Krylov commented
@codenirvana here is a PR to bump the dependency if your team has a minute...
#1183
Udit Vasu commented
Fixed in v4.
Felix Deierlein commented
@codenirvana: could you also create a patch for v3?
Not everyone will like to update to a new major version for a security fix.
Udit Vasu commented
@delixfe Sure but can you also check the changelog to verify the breaking changes?
Felix Deierlein commented
@codenirvana Actually, I think many of us would prefer not to have to check those. That was the reason I have asked :).
Now I did read them and I won't be affected by the breaking changes so I can easily upgrade to v4.