Skip to content

Bump sanitize-html and @types/sanitize-html#5429

Merged
tdonohue merged 1 commit intodspace-7_xfrom
dependabot/npm_and_yarn/dspace-7_x/multi-8726e17512
Apr 8, 2026
Merged

Bump sanitize-html and @types/sanitize-html#5429
tdonohue merged 1 commit intodspace-7_xfrom
dependabot/npm_and_yarn/dspace-7_x/multi-8726e17512

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot Bot commented on behalf of github Apr 7, 2026
edited
Loading

Bumps sanitize-html and @types/sanitize-html. These dependencies needed to be updated together.
Updates sanitize-html from 2.17.1 to 2.17.2

Changelog

Sourced from sanitize-html's changelog.

2.17.2

Changes

  • Upgrade htmlparser2 from 8.x to 10.1.0. This improves security by correctly decoding zero-padded numeric character references (e.g., &[#0000001](https://github.com/apostrophecms/apostrophe/tree/HEAD/packages/sanitize-html/issues/0000001)) that previously bypassed javascript: URL detection. Also fixes double-encoding of entities inside raw text elements like textarea and option.
Commits

Updates @types/sanitize-html from 2.16.0 to 2.16.1

Commits

@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Apr 7, 2026
@dependabot dependabot Bot force-pushed the dependabot/npm_and_yarn/dspace-7_x/multi-8726e17512 branch from 1d7e9fb to 70ddf4e Compare April 8, 2026 15:55
@github-actions
Copy link
Copy Markdown

github-actions Bot commented Apr 8, 2026

Hi @dependabot,
Conflicts have been detected against the base branch.
Please resolve these conflicts as soon as you can. Thanks!

@dependabot
Bump sanitize-html and @types/sanitize-html
bd7fca7 
Bumps [sanitize-html](https://github.com/apostrophecms/apostrophe/tree/HEAD/packages/sanitize-html) and [@types/sanitize-html](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/sanitize-html). These dependencies needed to be updated together.

Updates `sanitize-html` from 2.17.1 to 2.17.2
- [Changelog](https://github.com/apostrophecms/apostrophe/blob/main/packages/sanitize-html/CHANGELOG.md)
- [Commits](https://github.com/apostrophecms/apostrophe/commits/sanitize-html@2.17.2/packages/sanitize-html)

Updates `@types/sanitize-html` from 2.16.0 to 2.16.1
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases)
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/sanitize-html)

---
updated-dependencies:
- dependency-name: sanitize-html
  dependency-version: 2.17.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
- dependency-name: "@types/sanitize-html"
  dependency-version: 2.16.1
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot force-pushed the dependabot/npm_and_yarn/dspace-7_x/multi-8726e17512 branch from 70ddf4e to bd7fca7 Compare April 8, 2026 17:39
@tdonohue tdonohue added this to the 7.6.7 milestone Apr 8, 2026
@github-project-automation github-project-automation Bot moved this to 👍 Reviewer Approved in DSpace Maintenance (9.x, 8.x, 7.6.x) Apr 8, 2026
@tdonohue tdonohue merged commit c65d8a9 into dspace-7_x Apr 8, 2026
19 checks passed
@tdonohue tdonohue deleted the dependabot/npm_and_yarn/dspace-7_x/multi-8726e17512 branch April 8, 2026 21:44
@github-project-automation github-project-automation Bot moved this from 👍 Reviewer Approved to ✅ Done in DSpace Maintenance (9.x, 8.x, 7.6.x) Apr 8, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@tdonohue tdonohue tdonohue approved these changes

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code

Projects

DSpace Maintenance (9.x, 8.x, 7.6.x)
Status: ✅ Done

Milestone

7.6.7

Development

Successfully merging this pull request may close these issues.

1 participant

@tdonohue