apostrophe 3.63.0 → 3.63.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +6 -0
- package/package.json +2 -2
package/CHANGELOG.md
CHANGED
|
@@ -1,5 +1,11 @@
|
|
|
1
1
|
# Changelog
|
|
2
2
|
|
|
3
|
+
## 3.63.1 (2024-02-22)
|
|
4
|
+
|
|
5
|
+
### Security
|
|
6
|
+
|
|
7
|
+
* Bump dependency on `sanitize-html` to `^2.12.1` at a minimum, to ensure that `npm update apostrophe` is sufficient to guarantee a security update is installed. This security update prevents specially crafted HTML documents from revealing the existence or non-existence of files on the server. The vulnerability did not expose any other information about those files. Thanks to the [Snyk Security team](https://snyk.io/) for the disclosure and to [Dylan Armstrong](https://dylan.is/) for the fix.
|
|
8
|
+
|
|
3
9
|
## 3.63.0 (2024-02-21)
|
|
4
10
|
|
|
5
11
|
### Adds
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "apostrophe",
|
|
3
|
-
"version": "3.63.
|
|
3
|
+
"version": "3.63.1",
|
|
4
4
|
"description": "The Apostrophe Content Management System.",
|
|
5
5
|
"main": "index.js",
|
|
6
6
|
"scripts": {
|
|
@@ -122,7 +122,7 @@
|
|
|
122
122
|
"regexp-quote": "0.0.0",
|
|
123
123
|
"resolve": "^1.19.0",
|
|
124
124
|
"resolve-from": "^5.0.0",
|
|
125
|
-
"sanitize-html": "^2.
|
|
125
|
+
"sanitize-html": "^2.12.1",
|
|
126
126
|
"sass": "^1.52.3",
|
|
127
127
|
"sass-loader": "^10.1.1",
|
|
128
128
|
"server-destroy": "^1.0.1",
|