fix(deps): update dependency striptags to v3.2.0 [security] #316
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
![renovate[bot]](https://avatars.githubusercontent.com/in/2740?s=60&v=4){kind=small}
renovate
bot
force-pushed
the
renovate/npm-striptags-vulnerability
branch
2 times, most recently
from
a89223f to
ae0fd28
Compare
renovate
bot
force-pushed
the
renovate/npm-striptags-vulnerability
branch
from
ae0fd28 to
93b7946
Compare
renovate
bot
force-pushed
the
renovate/npm-striptags-vulnerability
branch
3 times, most recently
from
8c77c85 to
d63de54
Compare
renovate
bot
force-pushed
the
renovate/npm-striptags-vulnerability
branch
from
d63de54 to
87b465e
Compare
renovate
bot
force-pushed
the
renovate/npm-striptags-vulnerability
branch
3 times, most recently
from
2bf15dc to
32f7ee6
Compare
renovate
bot
force-pushed
the
renovate/npm-striptags-vulnerability
branch
3 times, most recently
from
69c0c13 to
f6c4225
Compare
renovate
bot
force-pushed
the
renovate/npm-striptags-vulnerability
branch
3 times, most recently
from
809c180 to
0808990
Compare
renovate
bot
force-pushed
the
renovate/npm-striptags-vulnerability
branch
from
0808990 to
94f7a43
Compare
renovate
bot
force-pushed
the
renovate/npm-striptags-vulnerability
branch
2 times, most recently
from
f0640c1 to
67a6c03
Compare
renovate
bot
force-pushed
the
renovate/npm-striptags-vulnerability
branch
3 times, most recently
from
1420825 to
db45348
Compare
renovate
bot
force-pushed
the
renovate/npm-striptags-vulnerability
branch
3 times, most recently
from
c31dd40 to
5761dcc
Compare
renovate
bot
force-pushed
the
renovate/npm-striptags-vulnerability
branch
2 times, most recently
from
3ff9c94 to
80bfdc9
Compare
renovate
bot
force-pushed
the
renovate/npm-striptags-vulnerability
branch
2 times, most recently
from
0bb2f99 to
399a21b
Compare
renovate
bot
force-pushed
the
renovate/npm-striptags-vulnerability
branch
from
399a21b to
9bd4c3d
Compare
renovate
bot
force-pushed
the
renovate/npm-striptags-vulnerability
branch
from
9bd4c3d to
4873714
Compare
renovate
bot
force-pushed
the
renovate/npm-striptags-vulnerability
branch
3 times, most recently
from
abc0244 to
1729260
Compare
renovate
bot
force-pushed
the
renovate/npm-striptags-vulnerability
branch
from
1729260 to
9f68fc3
Compare
renovate
bot
changed the title
renovate
bot
changed the title
renovate
bot
force-pushed
the
renovate/npm-striptags-vulnerability
branch
4 times, most recently
from
7dc383d to
5cc3a61
Compare
renovate
bot
force-pushed
the
renovate/npm-striptags-vulnerability
branch
from
5cc3a61 to
25cf686
Compare
renovate
bot
force-pushed
the
renovate/npm-striptags-vulnerability
branch
3 times, most recently
from
38bdbbe to
48bb881
Compare
renovate
bot
force-pushed
the
renovate/npm-striptags-vulnerability
branch
3 times, most recently
from
aa0f2bb to
63717fe
Compare
renovate
bot
force-pushed
the
renovate/npm-striptags-vulnerability
branch
2 times, most recently
from
cc0ad6a to
ec9671d
Compare
renovate
bot
force-pushed
the
renovate/npm-striptags-vulnerability
branch
from
ec9671d to
3b3e0f7
Compare
renovate
bot
force-pushed
the
renovate/npm-striptags-vulnerability
branch
from
3b3e0f7 to
ea93aba
Compare
renovate
bot
force-pushed
the
renovate/npm-striptags-vulnerability
branch
2 times, most recently
from
ea2815a to
dc6dd04
Compare
renovate
bot
force-pushed
the
renovate/npm-striptags-vulnerability
branch
from
dc6dd04 to
15a3198
Compare
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR contains the following updates:
3.1.1->3.2.0GitHub Vulnerability Alerts
CVE-2021-32696
A type-confusion vulnerability can cause
striptagsto concatenate unsanitized strings when an array-like object is passed in as thehtmlparameter. This can be abused by an attacker who can control the shape of their input, e.g. if query parameters are passed directly into the function.Impact
XSS
Patches
3.2.0Workarounds
Ensure that the
htmlparameter is a string before calling the function.Release Notes
ericnorris/striptags (striptags)
v3.2.0Compare Source
This release fixes a potential type confusion vulnerability when passing in a non-string argument to the function.
Configuration
📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).
🚦 Automerge: Enabled.
♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR was generated by Mend Renovate. View the repository job log.