From 50ee22413fea1a6bb4fa8a4b22ece7e200be0d8d Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Fri, 22 May 2026 16:05:38 +0000 Subject: [PATCH] Update dependency sanitize-html to v2.17.4 [SECURITY] (#33583) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> --- apps/web/package.json | 2 +- pnpm-lock.yaml | 26 +++++++++++++++++--------- 2 files changed, 18 insertions(+), 10 deletions(-) diff --git a/apps/web/package.json b/apps/web/package.json index 3537a1cca3..c01f90d635 100644 --- a/apps/web/package.json +++ b/apps/web/package.json @@ -101,7 +101,7 @@ "react-transition-group": "^4.4.1", "rfc4648": "^1.4.0", "sanitize-filename": "^1.6.3", - "sanitize-html": "2.17.3", + "sanitize-html": "2.17.4", "tar-js": "^0.3.0", "ua-parser-js": "1.0.40", "what-input": "^5.2.10" diff --git a/pnpm-lock.yaml b/pnpm-lock.yaml index 296291f19f..87e19236bc 100644 --- a/pnpm-lock.yaml +++ b/pnpm-lock.yaml @@ -466,7 +466,7 @@ importers: version: 1.0.3 matrix-js-sdk: specifier: github:matrix-org/matrix-js-sdk#develop - version: https://codeload.github.com/matrix-org/matrix-js-sdk/tar.gz/b125ef6855303575ae8f2fcc41427e746f22e8c9 + version: https://codeload.github.com/matrix-org/matrix-js-sdk/tar.gz/793166b9cf971afd6dcfb8f37f07d17a232eefaa matrix-widget-api: specifier: ^1.17.0 version: 1.17.0 @@ -525,8 +525,8 @@ importers: specifier: ^1.6.3 version: 1.6.4 sanitize-html: - specifier: 2.17.3 - version: 2.17.3 + specifier: 2.17.4 + version: 2.17.4 tar-js: specifier: ^0.3.0 version: 0.3.0 @@ -9651,6 +9651,9 @@ packages: launch-editor@2.13.2: resolution: {integrity: sha512-4VVDnbOpLXy/s8rdRCSXb+zfMeFR0WlJWpET1iA9CQdlZDfwyLjUuGQzXU4VeOoey6AicSAluWan7Etga6Kcmg==} + launder@1.7.1: + resolution: {integrity: sha512-mU6WRz5EusL9ZZuiZ5SO4Y6C0P9PAUR9iwdb6bzj4KDihm28DiHFw+/yk9DBH4f+Pv1wuzQ4e2jV3oQ7mkIqvw==} + layout-base@1.0.2: resolution: {integrity: sha512-8h2oVEZNktL4BH2JCOI90iD1yXwL6iNW7KcCKT2QZgQJR2vbqDsldCTPRU9NifTCqHZci57XvQQ15YTu+sTYPg==} @@ -9944,8 +9947,8 @@ packages: matrix-events-sdk@0.0.1: resolution: {integrity: sha512-1QEOsXO+bhyCroIe2/A5OwaxHvBm7EsSQ46DEDn8RBIfQwN5HWBpFvyWWR4QY0KHPPnnJdI99wgRiAl7Ad5qaA==} - matrix-js-sdk@https://codeload.github.com/matrix-org/matrix-js-sdk/tar.gz/b125ef6855303575ae8f2fcc41427e746f22e8c9: - resolution: {tarball: https://codeload.github.com/matrix-org/matrix-js-sdk/tar.gz/b125ef6855303575ae8f2fcc41427e746f22e8c9} + matrix-js-sdk@https://codeload.github.com/matrix-org/matrix-js-sdk/tar.gz/793166b9cf971afd6dcfb8f37f07d17a232eefaa: + resolution: {tarball: https://codeload.github.com/matrix-org/matrix-js-sdk/tar.gz/793166b9cf971afd6dcfb8f37f07d17a232eefaa} version: 41.5.0 engines: {node: '>=22.0.0'} @@ -11800,8 +11803,8 @@ packages: sanitize-filename@1.6.4: resolution: {integrity: sha512-9ZyI08PsvdQl2r/bBIGubpVdR3RR9sY6RDiWFPreA21C/EFlQhmgo20UZlNjZMMZNubusLhAQozkA0Od5J21Eg==} - sanitize-html@2.17.3: - resolution: {integrity: sha512-Kn4srCAo2+wZyvCNKCSyB2g8RQ8IkX/gQs2uqoSRNu5t9I2qvUyAVvRDiFUVAiX3N3PNuwStY0eNr+ooBHVWEg==} + sanitize-html@2.17.4: + resolution: {integrity: sha512-2HW7v2ol/uAM7sX4hbD8Z59OGWmAPrvjL8E71UWlBcj6m+kcF6ilQBLny+cIgY214QJeJT5tQuxKKqX0SQqjGQ==} sax@1.6.0: resolution: {integrity: sha512-6R3J5M4AcbtLUdZmRv2SygeVaM7IhrLXu9BmnOGmmACak8fiUtOsYNWUS4uK7upbmHIBbLBeFeI//477BKLBzA==} @@ -23205,6 +23208,10 @@ snapshots: picocolors: 1.1.1 shell-quote: 1.8.3 + launder@1.7.1: + dependencies: + dayjs: 1.11.20 + layout-base@1.0.2: {} layout-base@2.0.1: {} @@ -23501,7 +23508,7 @@ snapshots: matrix-events-sdk@0.0.1: {} - matrix-js-sdk@https://codeload.github.com/matrix-org/matrix-js-sdk/tar.gz/b125ef6855303575ae8f2fcc41427e746f22e8c9: + matrix-js-sdk@https://codeload.github.com/matrix-org/matrix-js-sdk/tar.gz/793166b9cf971afd6dcfb8f37f07d17a232eefaa: dependencies: '@babel/runtime': 7.29.2 '@matrix-org/matrix-sdk-crypto-wasm': 18.2.0 @@ -25797,12 +25804,13 @@ snapshots: dependencies: truncate-utf8-bytes: 1.0.2 - sanitize-html@2.17.3: + sanitize-html@2.17.4: dependencies: deepmerge: 4.3.1 escape-string-regexp: 4.0.0 htmlparser2: 10.1.0 is-plain-object: 5.0.0 + launder: 1.7.1 parse-srcset: 1.0.2 postcss: 8.5.14