[Snyk] Upgrade sanitize-html from 1.6.1 to 1.27.4

[snyk-bot]

Snyk has created this PR to upgrade sanitize-html from 1.6.1 to 1.27.4.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

---

• The recommended version is 49 versions ahead of your current version.
• The recommended version was released a month ago, on 2020-08-26.

The recommended version fixes:

Severity	Issue	PriorityScore (*)	Exploit Maturity
	Cross-site Scripting (XSS) npm:sanitize-html:20161026	656/1000 Why? Mature exploit, Has a fix available, CVSS 5.4	Mature

(*) Note that the real score may have changed since the PR was raised.

Release notes

Package name: sanitize-html

• 1.27.4 - 2020-08-26
  

  Replaces another usage of includes (#404)

• 1.27.3 - 2020-08-12
• 1.27.2 - 2020-07-29
• 1.27.1 - 2020-07-15
• 1.27.0 - 2020-06-17
• 1.26.0 - 2020-06-03
• 1.25.0 - 2020-05-29
• 1.24.0 - 2020-05-20
• 1.23.0 - 2020-04-09
• 1.22.1 - 2020-03-12
• 1.22.0 - 2020-02-23
  

  1.22.0: htmlparser2 4.x fixes longstanding bugs

• 1.21.1 - 2020-01-17
  

  …drunov.

• 1.21.0 - 2020-01-17
  

  1.21.0: new disallowedTagsMode feature, thanks to Yehonatan Zecharia

• 1.20.1 - 2019-04-25
• 1.20.0 - 2018-12-17
  

  1.20.0: use files key to reduce size of npm package, thanks to Steven

• 1.19.3 - 2018-12-05
  

  …` that might or might not have XSS implications](#269).

• 1.19.2 - 2018-12-03
  
  • Switched out the heavy postcss dependency for the lightweight css-tree module. No API changes. Thanks to Justin Braithwaite.
  • Various doc updates. Thanks to Pulkit Aggarwal and Cody Robertson.
• 1.19.1 - 2018-09-28
  

  …never published)

• 1.19.0 - 2018-09-12
  
  • New allowIframeRelativeUrls option. It defaults to true unless allowedIframeHostnames is present, in which case it defaults to false, for backwards compatibility with existing behavior in both cases; however you can now set the option explicitly to allow both certain hostnames and relative URLs. Thanks to Rick Martin.
• 1.18.5 - 2018-09-05
• 1.18.4 - 2018-08-02
• 1.18.3 - 2018-08-01
• 1.18.2 - 2018-02-20
• 1.18.1 - 2018-02-20
• 1.18.0 - 2018-02-20
• 1.17.0 - 2018-01-15
• 1.16.3 - 2017-12-12
• 1.16.2 - 2017-12-12
• 1.16.1 - 2017-11-21
• 1.16.0 - 2017-11-21
• 1.15.0 - 2017-10-30
• 1.14.3 - 2017-10-30
• 1.14.2 - 2017-10-30
• 1.14.1 - 2017-01-13
• 1.14.0 - 2017-01-13
• 1.13.0 - 2016-07-19
• 1.12.0 - 2016-06-16
• 1.11.4 - 2016-03-28
• 1.11.3 - 2016-01-13
• 1.11.2 - 2015-12-01
• 1.11.1 - 2015-10-13
• 1.11.0 - 2015-10-08
• 1.10.1 - 2015-09-28
• 1.10.0 - 2015-08-31
• 1.9.0 - 2015-08-18
• 1.8.0 - 2015-08-10
• 1.7.2 - 2015-07-22
• 1.7.1 - 2015-07-21
• 1.7.0 - 2015-06-03
• 1.6.1 - 2015-02-18

from sanitize-html GitHub release notes

Commit messages

Package name: sanitize-html

• 343190e Replaces another usage of includes (Twitter share button has no functionality after completing Bonfire exercise freeCodeCamp/freeCodeCamp#404)
• ed3d6a7 Replaces includes with indexOf (Twitter zipline API endpoints freeCodeCamp/freeCodeCamp#401)
• 788b7a6 Fixes issue with using transformTags without textFilter (Redirects to Bonfires when you pass a waypoint.  freeCodeCamp/freeCodeCamp#396)
• 1f45e5f Bumps version (Revert Mac keyboard shortcuts in field guide freeCodeCamp/freeCodeCamp#390)
• 8b49708 Merge pull request Replace CodeCademy Angular courses with CodeSchool 'Shaping Up With AngularJS' freeCodeCamp/freeCodeCamp#388 from apostrophecms/parse-srcset
• 4971211 Tidies up indentation
• 745417f Minor eslint cleanup
• 0628c6d Fixes dependency regression and updates changelog
• 16790c7 Merge pull request Fixes #352 - Camper News email notification freeCodeCamp/freeCodeCamp#368 from bard/fix-srcset
• 66c040e Merge branch 'main' into fix-srcset
• 4756533 Adds changelog entry (Local Weather App throws TypeError freeCodeCamp/freeCodeCamp#384)
• 7ad8e5a Merge pull request Implement Amazon SNS for email campaign freeCodeCamp/freeCodeCamp#379 from amayer5125/readme-cleanup
• cb3a00c README: Fix Code Examples
• 86c45b7 README: Update Links to Use Main Branch
• 8bce251 Merge pull request Store Bonfire solutions with whitespace and line breaks freeCodeCamp/freeCodeCamp#365 from TrySound/object-assign
• 1ac9306 Update changelog
• 7b116f6 Replace xtend with builtin Object.assign
• b906c54 Merge pull request Usability improvements and courseware/field-guide copy improvements freeCodeCamp/freeCodeCamp#373 from TrySound/drop-chalk
• e93008f Merge branch 'main' into drop-chalk
• aade3e0 Adds stale bot config and bumps version (Recommend adding "curry" link to resources on "Arguments Optional" bonfire freeCodeCamp/freeCodeCamp#375)
• 2384ed4 Update changelog
• 6e6714e Drop chalk
• d7031b3 Updates changelog and bumps version (Start a node server challenge displaying mongoDB video freeCodeCamp/freeCodeCamp#370)
• 5ba0273 Merge pull request slight tidy and example freeCodeCamp/freeCodeCamp#360 from StanisLove/regexped-allowed-iframe-hosts

Compare

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs

[github-actions]

Stale pull request message