Merge pull request #33741 from overleaf/lg-sanitize-html-upgrade

[Security upgrade] Upgrade sanitize-html to 2.17.4 (GHSA-rpr9-rxv7-x643)

GitOrigin-RevId: 40a11361eac35d44a6fd7069e0d0d7c02a6628ec
This commit is contained in:
Olzhas Askar
2026-05-20 12:06:07 +02:00
committed by Copybot
parent ad651a22fa
commit bb0dc07d22
5 changed files with 95 additions and 28 deletions
+1 -1
View File
@@ -88,7 +88,7 @@
"@contentful/rich-text-html-renderer": "16.0.2",
"@contentful/rich-text-types": "16.0.2",
"i18next": "23.10.0",
"sanitize-html": "2.12.1",
"sanitize-html": "2.17.4",
"lodash": "4.18.1",
"express-session": "1.17.2",
"ioredis": "4.27.11",
+1 -1
View File
@@ -180,7 +180,7 @@
"referer-parser": "patch:referer-parser@npm%3A0.0.3#~/.yarn/patches/referer-parser-npm-0.0.3.patch",
"request": "2.88.2",
"requestretry": "7.1.0",
"sanitize-html": "^2.8.1",
"sanitize-html": "^2.17.4",
"stripe": "^18.4.0",
"tough-cookie": "^4.0.0",
"tsscmp": "^1.0.6",
+55 -17
View File
@@ -6,7 +6,7 @@
"": {
"devDependencies": {
"node-fetch": "^2.7.0",
"sanitize-html": "^2.12.1",
"sanitize-html": "^2.17.4",
"yargs": "^17.7.2"
}
},
@@ -66,6 +66,13 @@
"integrity": "sha512-dOy+3AuW3a2wNbZHIuMZpTcgjGuLU/uBL/ubcZF9OXbDo8ff4O8yVp5Bf0efS8uEoYo5q4Fx7dY9OgQGXgAsQA==",
"dev": true
},
"node_modules/dayjs": {
"version": "1.11.20",
"resolved": "https://registry.npmjs.org/dayjs/-/dayjs-1.11.20.tgz",
"integrity": "sha512-YbwwqR/uYpeoP4pu043q+LTDLFBLApUP6VxRihdfNTqu4ubqMlGDLd6ErXhEgsyvY0K6nCs7nggYumAN+9uEuQ==",
"dev": true,
"license": "MIT"
},
"node_modules/deepmerge": {
"version": "4.2.2",
"resolved": "https://registry.npmjs.org/deepmerge/-/deepmerge-4.2.2.tgz",
@@ -80,6 +87,7 @@
"resolved": "https://registry.npmjs.org/dom-serializer/-/dom-serializer-2.0.0.tgz",
"integrity": "sha512-wIkAryiqt/nV5EQKqQpo3SToSOV9J0DnbJqwK7Wv/Trc92zIAYZ4FlMu+JPFW1DfGFt81ZTCGgDEabffXeLyJg==",
"dev": true,
"license": "MIT",
"dependencies": {
"domelementtype": "^2.3.0",
"domhandler": "^5.0.2",
@@ -89,6 +97,19 @@
"url": "https://github.com/cheeriojs/dom-serializer?sponsor=1"
}
},
"node_modules/dom-serializer/node_modules/entities": {
"version": "4.5.0",
"resolved": "https://registry.npmjs.org/entities/-/entities-4.5.0.tgz",
"integrity": "sha512-V0hjH4dGPh9Ao5p0MoRY6BVqtwCjhz6vI5LT8AJ55H+4g9/4vbHx1I54fS0XuclLhDHArPQCiMjDxjaL8fPxhw==",
"dev": true,
"license": "BSD-2-Clause",
"engines": {
"node": ">=0.12"
},
"funding": {
"url": "https://github.com/fb55/entities?sponsor=1"
}
},
"node_modules/domelementtype": {
"version": "2.3.0",
"resolved": "https://registry.npmjs.org/domelementtype/-/domelementtype-2.3.0.tgz",
@@ -99,13 +120,15 @@
"type": "github",
"url": "https://github.com/sponsors/fb55"
}
]
],
"license": "BSD-2-Clause"
},
"node_modules/domhandler": {
"version": "5.0.3",
"resolved": "https://registry.npmjs.org/domhandler/-/domhandler-5.0.3.tgz",
"integrity": "sha512-cgwlv/1iFQiFnU96XXgROh8xTeetsnJiDsTc7TYCLFd9+/WNkIqPTxiM/8pSd8VIrhXGTf1Ny1q1hquVqDJB5w==",
"dev": true,
"license": "BSD-2-Clause",
"dependencies": {
"domelementtype": "^2.3.0"
},
@@ -117,10 +140,11 @@
}
},
"node_modules/domutils": {
"version": "3.1.0",
"resolved": "https://registry.npmjs.org/domutils/-/domutils-3.1.0.tgz",
"integrity": "sha512-H78uMmQtI2AhgDJjWeQmHwJJ2bLPD3GMmO7Zja/ZZh84wkm+4ut+IUnUdRa8uCGX88DiVx1j6FRe1XfxEgjEZA==",
"version": "3.2.2",
"resolved": "https://registry.npmjs.org/domutils/-/domutils-3.2.2.tgz",
"integrity": "sha512-6kZKyUajlDuqlHKVX1w7gyslj9MPIXzIFiz/rGu35uC1wMi+kMhQwGhl4lt9unC9Vb9INnY9Z3/ZA3+FhASLaw==",
"dev": true,
"license": "BSD-2-Clause",
"dependencies": {
"dom-serializer": "^2.0.0",
"domelementtype": "^2.3.0",
@@ -137,10 +161,11 @@
"dev": true
},
"node_modules/entities": {
"version": "4.5.0",
"resolved": "https://registry.npmjs.org/entities/-/entities-4.5.0.tgz",
"integrity": "sha512-V0hjH4dGPh9Ao5p0MoRY6BVqtwCjhz6vI5LT8AJ55H+4g9/4vbHx1I54fS0XuclLhDHArPQCiMjDxjaL8fPxhw==",
"version": "7.0.1",
"resolved": "https://registry.npmjs.org/entities/-/entities-7.0.1.tgz",
"integrity": "sha512-TWrgLOFUQTH994YUyl1yT4uyavY5nNB5muff+RtWaqNVCAK408b5ZnnbNAUEWLTCpum9w6arT70i1XdQ4UeOPA==",
"dev": true,
"license": "BSD-2-Clause",
"engines": {
"node": ">=0.12"
},
@@ -179,9 +204,9 @@
}
},
"node_modules/htmlparser2": {
"version": "8.0.2",
"resolved": "https://registry.npmjs.org/htmlparser2/-/htmlparser2-8.0.2.tgz",
"integrity": "sha512-GYdjWKDkbRLkZ5geuHs5NY1puJ+PXwP7+fHPRz06Eirsb9ugf6d8kkXav6ADhcODhFFPMIXyxkxSuMf3D6NCFA==",
"version": "10.1.0",
"resolved": "https://registry.npmjs.org/htmlparser2/-/htmlparser2-10.1.0.tgz",
"integrity": "sha512-VTZkM9GWRAtEpveh7MSF6SjjrpNVNNVJfFup7xTY3UpFtm67foy9HDVXneLtFVt4pMz5kZtgNcvCniNFb1hlEQ==",
"dev": true,
"funding": [
"https://github.com/fb55/htmlparser2?sponsor=1",
@@ -190,11 +215,12 @@
"url": "https://github.com/sponsors/fb55"
}
],
"license": "MIT",
"dependencies": {
"domelementtype": "^2.3.0",
"domhandler": "^5.0.3",
"domutils": "^3.0.1",
"entities": "^4.4.0"
"domutils": "^3.2.2",
"entities": "^7.0.1"
}
},
"node_modules/is-fullwidth-code-point": {
@@ -215,6 +241,16 @@
"node": ">=0.10.0"
}
},
"node_modules/launder": {
"version": "1.7.1",
"resolved": "https://registry.npmjs.org/launder/-/launder-1.7.1.tgz",
"integrity": "sha512-mU6WRz5EusL9ZZuiZ5SO4Y6C0P9PAUR9iwdb6bzj4KDihm28DiHFw+/yk9DBH4f+Pv1wuzQ4e2jV3oQ7mkIqvw==",
"dev": true,
"license": "MIT",
"dependencies": {
"dayjs": "^1.11.7"
}
},
"node_modules/nanoid": {
"version": "3.3.6",
"resolved": "https://registry.npmjs.org/nanoid/-/nanoid-3.3.6.tgz",
@@ -303,15 +339,17 @@
}
},
"node_modules/sanitize-html": {
"version": "2.12.1",
"resolved": "https://registry.npmjs.org/sanitize-html/-/sanitize-html-2.12.1.tgz",
"integrity": "sha512-Plh+JAn0UVDpBRP/xEjsk+xDCoOvMBwQUf/K+/cBAVuTbtX8bj2VB7S1sL1dssVpykqp0/KPSesHrqXtokVBpA==",
"version": "2.17.4",
"resolved": "https://registry.npmjs.org/sanitize-html/-/sanitize-html-2.17.4.tgz",
"integrity": "sha512-2HW7v2ol/uAM7sX4hbD8Z59OGWmAPrvjL8E71UWlBcj6m+kcF6ilQBLny+cIgY214QJeJT5tQuxKKqX0SQqjGQ==",
"dev": true,
"license": "MIT",
"dependencies": {
"deepmerge": "^4.2.2",
"escape-string-regexp": "^4.0.0",
"htmlparser2": "^8.0.0",
"htmlparser2": "^10.1.0",
"is-plain-object": "^5.0.0",
"launder": "^1.7.1",
"parse-srcset": "^1.0.2",
"postcss": "^8.3.11"
}
@@ -1,7 +1,7 @@
{
"devDependencies": {
"node-fetch": "^2.7.0",
"sanitize-html": "^2.12.1",
"sanitize-html": "^2.17.4",
"yargs": "^17.7.2"
},
"type": "module"
+37 -8
View File
@@ -7535,7 +7535,7 @@ __metadata:
requestretry: "npm:7.1.0"
resolve-url-loader: "npm:^5.0.0"
samlp: "npm:^7.0.2"
sanitize-html: "npm:^2.8.1"
sanitize-html: "npm:^2.17.4"
sass: "npm:^1.77.1"
sass-loader: "npm:^14.2.1"
scroll-into-view-if-needed: "npm:^2.2.25"
@@ -16292,7 +16292,7 @@ __metadata:
languageName: node
linkType: hard
"dayjs@npm:1.11.20, dayjs@npm:^1.10.4":
"dayjs@npm:1.11.20, dayjs@npm:^1.10.4, dayjs@npm:^1.11.7":
version: 1.11.20
resolution: "dayjs@npm:1.11.20"
checksum: 10c0/8af525e2aa100c8db9923d706c42b2b2d30579faf89456619413a5c10916efc92c2b166e193c27c02eb3174b30aa440ee1e7b72b0a2876b3da651d204db848a0
@@ -16896,7 +16896,7 @@ __metadata:
languageName: node
linkType: hard
"domutils@npm:^3.0.1":
"domutils@npm:^3.0.1, domutils@npm:^3.2.2":
version: 3.2.2
resolution: "domutils@npm:3.2.2"
dependencies:
@@ -17216,6 +17216,13 @@ __metadata:
languageName: node
linkType: hard
"entities@npm:^7.0.1":
version: 7.0.1
resolution: "entities@npm:7.0.1"
checksum: 10c0/b4fb9937bb47ecb00aaaceb9db9cdd1cc0b0fb649c0e843d05cf5dbbd2e9d2df8f98721d8b1b286445689c72af7b54a7242fc2d63ef7c9739037a8c73363e7ca
languageName: node
linkType: hard
"env-paths@npm:^2.2.0, env-paths@npm:^2.2.1":
version: 2.2.1
resolution: "env-paths@npm:2.2.1"
@@ -20607,6 +20614,18 @@ __metadata:
languageName: node
linkType: hard
"htmlparser2@npm:^10.1.0":
version: 10.1.0
resolution: "htmlparser2@npm:10.1.0"
dependencies:
domelementtype: "npm:^2.3.0"
domhandler: "npm:^5.0.3"
domutils: "npm:^3.2.2"
entities: "npm:^7.0.1"
checksum: 10c0/36394e29b80cfcc5e78e0fa4d3aa21fdaac3e6778d23e5c933e625c290987cd9a724a2eb0753ab60ed0c69dfaba0ab115f0ee50fb112fd8f0c4d522e7e0089a2
languageName: node
linkType: hard
"htmlparser2@npm:^6.1.0":
version: 6.1.0
resolution: "htmlparser2@npm:6.1.0"
@@ -22760,6 +22779,15 @@ __metadata:
languageName: node
linkType: hard
"launder@npm:^1.7.1":
version: 1.7.1
resolution: "launder@npm:1.7.1"
dependencies:
dayjs: "npm:^1.11.7"
checksum: 10c0/c4884c08cc5a1a19cbec840aac7fa97db4928c25fc99ea2981a0482df3ebdbf1cf6605226a3c968e3281025126ff10055686e81f428ecc0e8f8666ca05bae8cc
languageName: node
linkType: hard
"lazystream@npm:^1.0.0":
version: 1.0.1
resolution: "lazystream@npm:1.0.1"
@@ -30215,17 +30243,18 @@ __metadata:
languageName: node
linkType: hard
"sanitize-html@npm:2.12.1":
version: 2.12.1
resolution: "sanitize-html@npm:2.12.1"
"sanitize-html@npm:2.17.4":
version: 2.17.4
resolution: "sanitize-html@npm:2.17.4"
dependencies:
deepmerge: "npm:^4.2.2"
escape-string-regexp: "npm:^4.0.0"
htmlparser2: "npm:^8.0.0"
htmlparser2: "npm:^10.1.0"
is-plain-object: "npm:^5.0.0"
launder: "npm:^1.7.1"
parse-srcset: "npm:^1.0.2"
postcss: "npm:^8.3.11"
checksum: 10c0/0169e77845a237d0a0b74d316a861aa13dccfcc55dd5d33d49a37abc77cb60a55d02644094daae3c88f1d1a348ee5ded5ddf20073002535cdaa24291e653d34d
checksum: 10c0/5c352376a44bf8a70644f6d4421684000a982f6bda59beac051693d8fc08acbe48dc6358f5c8eb8ae4a815746260167926747a858e6a6e2daf01ccfb775100dd
languageName: node
linkType: hard