Bump loofah from 2.2.0 to 2.2.1 #3

dependabot-preview · 2018-03-20T02:14:50Z

Bumps loofah from 2.2.0 to 2.2.1.

Changelog

Sourced from loofah's changelog.

2.2.1 / 2018-03-19

Addresses CVE-2018-8048. Loofah allowed non-whitelisted attributes to be present in sanitized output when input with specially-crafted HTML fragments.

This CVE's public notice is at flavorjones/loofah#144

Commits

See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

If you'd like to skip this version, you can just close this PR. If you have any feedback just mention @dependabot in the comments below.

Bumps [loofah](https://github.com/flavorjones/loofah) from 2.2.0 to 2.2.1. - [Release notes](https://github.com/flavorjones/loofah/releases) - [Changelog](https://github.com/flavorjones/loofah/blob/master/CHANGELOG.md) - [Commits](https://github.com/flavorjones/loofah/commits) Signed-off-by: dependabot[bot] <[email protected]>

dependabot-preview bot added the dependencies label Mar 20, 2018

blijblijblij approved these changes Mar 20, 2018

View reviewed changes

blijblijblij merged commit 20df4a6 into develop Mar 20, 2018

blijblijblij deleted the dependabot/bundler/develop/loofah-2.2.1 branch March 20, 2018 07:06

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Bump loofah from 2.2.0 to 2.2.1 #3

Bump loofah from 2.2.0 to 2.2.1 #3

dependabot-preview bot commented Mar 20, 2018

Bump loofah from 2.2.0 to 2.2.1 #3

Bump loofah from 2.2.0 to 2.2.1 #3

Conversation

dependabot-preview bot commented Mar 20, 2018

2.2.1 / 2018-03-19