diff --git a/package.json b/package.json
index aa0fa4a2d..c6f5fc5de 100644
--- a/package.json
+++ b/package.json
@@ -58,7 +58,7 @@
"ldapjs": "1.0.2",
"lodash": "4.17.11",
"mailparser": "2.4.3",
- "marked": "0.6.1",
+ "marked": "2.0.7",
"matchdep": "2.0.0",
"memoize-one": "5.0.0",
"mkdirp": "0.5.1",
@@ -97,7 +97,7 @@
"redux-saga-thunk": "0.7.3",
"request": "2.88.0",
"rimraf": "2.6.3",
- "sanitize-html": "1.20.0",
+ "sanitize-html": "2.4.0",
"script-loader": "0.7.2",
"semver": "5.6.0",
"serve-favicon": "2.5.0",
diff --git a/src/controllers/accounts.js b/src/controllers/accounts.js
index 6e90d73ae..2c074351d 100644
--- a/src/controllers/accounts.js
+++ b/src/controllers/accounts.js
@@ -19,6 +19,7 @@ var userSchema = require('../models/user')
var groupSchema = require('../models/group')
var permissions = require('../permissions')
var emitter = require('../emitter')
+var xss = require('xss')
var accountsController = {}
@@ -51,7 +52,7 @@ accountsController.signup = function (req, res) {
if (privacyPolicy === null || _.isUndefined(privacyPolicy.value)) {
content.data.privacyPolicy = 'No Privacy Policy has been set.'
} else {
- content.data.privacyPolicy = marked(privacyPolicy.value)
+ content.data.privacyPolicy = xss(marked(privacyPolicy.value))
}
return res.render('pub_signup', content)
diff --git a/src/controllers/api/v1/tickets.js b/src/controllers/api/v1/tickets.js
index b6eba9d17..fdc95d1a6 100644
--- a/src/controllers/api/v1/tickets.js
+++ b/src/controllers/api/v1/tickets.js
@@ -442,7 +442,7 @@ apiTickets.create = function (req, res) {
var tIssue = ticket.issue
tIssue = tIssue.replace(/(\r\n|\n\r|\r|\n)/g, '
')
tIssue = sanitizeHtml(tIssue).trim()
- ticket.issue = marked(tIssue)
+ ticket.issue = xss(marked(tIssue))
ticket.history = [HistoryItem]
ticket.subscribers = [req.user._id]
@@ -603,8 +603,8 @@ apiTickets.createPublicTicket = function (req, res) {
group: group._id,
type: ticketType._id,
priority: _.first(ticketType.priorities)._id, // TODO: change when priority order is complete!
- subject: sanitizeHtml(postData.ticket.subject).trim(),
- issue: sanitizeHtml(postData.ticket.issue).trim(),
+ subject: xss(sanitizeHtml(postData.ticket.subject).trim()),
+ issue: xss(sanitizeHtml(postData.ticket.issue).trim()),
history: [HistoryItem],
subscribers: [savedUser._id]
})
@@ -614,6 +614,7 @@ apiTickets.createPublicTicket = function (req, res) {
tIssue = tIssue.replace(/(\r\n|\n\r|\r|\n)/g, '
')
tIssue = sanitizeHtml(tIssue).trim()
ticket.issue = marked(tIssue)
+ ticket.issue = xss(ticket.issue)
ticket.save(function (err, t) {
if (err) return next(err)
@@ -912,7 +913,7 @@ apiTickets.postComment = function (req, res) {
var Comment = {
owner: owner,
date: new Date(),
- comment: marked(comment)
+ comment: xss(marked(comment))
}
t.updated = Date.now()
@@ -984,7 +985,7 @@ apiTickets.postInternalNote = function (req, res) {
var Note = {
owner: payload.owner || req.user._id,
date: new Date(),
- note: marked(payload.note)
+ note: xss(marked(payload.note))
}
ticket.updated = Date.now()
diff --git a/src/controllers/main.js b/src/controllers/main.js
index b1b280d57..4c691388a 100644
--- a/src/controllers/main.js
+++ b/src/controllers/main.js
@@ -18,6 +18,7 @@ var path = require('path')
var passport = require('passport')
var winston = require('winston')
var pkg = require('../../package')
+var xss = require('xss')
var mainController = {}
@@ -77,7 +78,7 @@ mainController.about = function (req, res) {
if (privacyPolicy === null || _.isUndefined(privacyPolicy.value)) {
content.data.privacyPolicy = 'No Privacy Policy has been set.'
} else {
- content.data.privacyPolicy = marked(privacyPolicy.value)
+ content.data.privacyPolicy = xss(marked(privacyPolicy.value))
}
return res.render('about', content)
diff --git a/src/controllers/tickets.js b/src/controllers/tickets.js
index c3bb51c8e..8f303a53b 100644
--- a/src/controllers/tickets.js
+++ b/src/controllers/tickets.js
@@ -17,7 +17,7 @@ var winston = require('winston')
var groupSchema = require('../models/group')
var departmentSchema = require('../models/department')
var permissions = require('../permissions')
-
+var xss = require('xss')
/**
* @since 1.0
* @author Chris Brame
@@ -57,7 +57,7 @@ ticketsController.pubNewIssue = function (req, res) {
if (privacyPolicy === null || _.isUndefined(privacyPolicy.value)) {
content.data.privacyPolicy = 'No Privacy Policy has been set.'
} else {
- content.data.privacyPolicy = marked(privacyPolicy.value)
+ content.data.privacyPolicy = xss(marked(privacyPolicy.value))
}
return res.render('pub_createTicket', content)
diff --git a/src/models/ticket.js b/src/models/ticket.js
index 1405fd1f9..a8b47dfac 100644
--- a/src/models/ticket.js
+++ b/src/models/ticket.js
@@ -19,6 +19,7 @@ var _ = require('lodash')
var moment = require('moment')
var sanitizeHtml = require('sanitize-html')
// var redisCache = require('../cache/rediscache');
+var xss = require('xss')
// Needed - For Population
var groupSchema = require('./group')
@@ -439,7 +440,7 @@ ticketSchema.methods.setIssue = function (ownerId, issue, callback) {
var self = this
issue = issue.replace(/(\r\n|\n\r|\r|\n)/g, '
')
issue = sanitizeHtml(issue).trim()
- self.issue = marked(issue)
+ self.issue = xss(marked(issue))
var historyItem = {
action: 'ticket:update:issue',
diff --git a/src/socketio/ticketSocket.js b/src/socketio/ticketSocket.js
index a806f7c0c..158f9d388 100644
--- a/src/socketio/ticketSocket.js
+++ b/src/socketio/ticketSocket.js
@@ -23,6 +23,7 @@ var prioritySchema = require('../models/ticketpriority')
var userSchema = require('../models/user')
var roleSchema = require('../models/role')
var permissions = require('../permissions')
+var xss = require('xss')
var events = {}
@@ -332,7 +333,7 @@ events.onSetCommentText = function (socket) {
comment = sanitizeHtml(comment).trim()
- var markedComment = marked(comment)
+ var markedComment = xss(marked(comment))
ticketSchema.getTicketById(ticketId, function (err, ticket) {
if (err) return winston.error(err)
@@ -384,7 +385,7 @@ events.onSetNoteText = function (socket) {
marked.setOptions({
breaks: true
})
- var markedNote = marked(note)
+ var markedNote = xss(marked(note))
ticketSchema.getTicketById(ticketId, function (err, ticket) {
if (err) return winston.error(err)
diff --git a/yarn.lock b/yarn.lock
index ae93a6286..2148016c4 100644
--- a/yarn.lock
+++ b/yarn.lock
@@ -1635,7 +1635,7 @@ array-union@^1.0.1, array-union@^1.0.2:
dependencies:
array-uniq "^1.0.1"
-array-uniq@^1.0.1, array-uniq@^1.0.2:
+array-uniq@^1.0.1:
version "1.0.3"
resolved "https://registry.yarnpkg.com/array-uniq/-/array-uniq-1.0.3.tgz#af6ac877a25cc7f74e058894753858dfdb24fdb6"
integrity sha1-r2rId6Jcx/dOBYiUdThY39sk/bY=
@@ -2913,6 +2913,11 @@ color-name@1.1.3:
resolved "https://registry.yarnpkg.com/color-name/-/color-name-1.1.3.tgz#a7d0558bd89c42f795dd42328f740831ca53bc25"
integrity sha1-p9BVi9icQveV3UIyj3QIMcpTvCU=
+colorette@^1.2.2:
+ version "1.2.2"
+ resolved "https://registry.yarnpkg.com/colorette/-/colorette-1.2.2.tgz#cbcc79d5e99caea2dbf10eb3a26fd8b3e6acfa94"
+ integrity sha512-MKGMzyfeuutC/ZJ1cba9NqcNpfeqMUcYmyF1ZFY6/Cn7CNSAKx6a+s48sqLqyAiZuaP2TcqMhoo+dlwFnVxT9w==
+
colors@1.0.3, colors@1.0.x:
version "1.0.3"
resolved "https://registry.yarnpkg.com/colors/-/colors-1.0.3.tgz#0433f44d809680fdeb60ed260f1b0c262e82a40b"
@@ -3691,6 +3696,11 @@ deepmerge@3.0.0:
resolved "https://registry.yarnpkg.com/deepmerge/-/deepmerge-3.0.0.tgz#ca7903b34bfa1f8c2eab6779280775a411bfc6ba"
integrity sha512-a8z8bkgHsAML+uHLqmMS83HHlpy3PvZOOuiTQqaa3wu8ZVg3h0hqHk6aCsGdOnZV2XMM/FRimNGjUh0KCcmHBw==
+deepmerge@^4.2.2:
+ version "4.2.2"
+ resolved "https://registry.yarnpkg.com/deepmerge/-/deepmerge-4.2.2.tgz#44d2ea3679b8f4d4ffba33f03d865fc1e7bf4955"
+ integrity sha512-FJ3UgI4gIl+PHZm53knsuSFpE+nESMr7M4v9QcgB7S63Kj/6WqMiFQJpBBYz1Pt+66bZpP3Q7Lye0Oo9MPKEdg==
+
defaults@^1.0.3:
version "1.0.3"
resolved "https://registry.yarnpkg.com/defaults/-/defaults-1.0.3.tgz#c656051e9817d9ff08ed881477f3fe4019f3ef7d"
@@ -3892,6 +3902,15 @@ dom-serializer@0, dom-serializer@~0.1.0:
domelementtype "~1.1.1"
entities "~1.1.1"
+dom-serializer@^1.0.1:
+ version "1.3.2"
+ resolved "https://registry.yarnpkg.com/dom-serializer/-/dom-serializer-1.3.2.tgz#6206437d32ceefaec7161803230c7a20bc1b4d91"
+ integrity sha512-5c54Bk5Dw4qAxNOI1pFEizPSjVsx5+bpJKmL2kPn8JhBUq2q09tTCa3mjijun2NfK78NMouDYNMBkOrPZiS+ig==
+ dependencies:
+ domelementtype "^2.0.1"
+ domhandler "^4.2.0"
+ entities "^2.0.0"
+
domain-browser@^1.1.1:
version "1.2.0"
resolved "https://registry.yarnpkg.com/domain-browser/-/domain-browser-1.2.0.tgz#3d31f50191a6749dd1375a7f522e823d42e54eda"
@@ -3902,6 +3921,11 @@ domelementtype@1, domelementtype@^1.3.0, domelementtype@^1.3.1:
resolved "https://registry.yarnpkg.com/domelementtype/-/domelementtype-1.3.1.tgz#d048c44b37b0d10a7f2a3d5fee3f4333d790481f"
integrity sha512-BSKB+TSpMpFI/HOxCNr1O8aMOTZ8hT3pM3GQ0w/mWRmkhEDSFJkkyzz4XQsBV44BChwGkrDfMyjVD0eA2aFV3w==
+domelementtype@^2.0.1, domelementtype@^2.2.0:
+ version "2.2.0"
+ resolved "https://registry.yarnpkg.com/domelementtype/-/domelementtype-2.2.0.tgz#9a0b6c2782ed6a1c7323d42267183df9bd8b1d57"
+ integrity sha512-DtBMo82pv1dFtUmHyr48beiuq792Sxohr+8Hm9zoxklYPfa6n0Z3Byjj2IV7bmr2IyqClnqEQhfgHJJ5QF0R5A==
+
domelementtype@~1.1.1:
version "1.1.3"
resolved "https://registry.yarnpkg.com/domelementtype/-/domelementtype-1.1.3.tgz#bd28773e2642881aec51544924299c5cd822185b"
@@ -3921,6 +3945,13 @@ domhandler@^2.3.0:
dependencies:
domelementtype "1"
+domhandler@^4.0.0, domhandler@^4.2.0:
+ version "4.2.0"
+ resolved "https://registry.yarnpkg.com/domhandler/-/domhandler-4.2.0.tgz#f9768a5f034be60a89a27c2e4d0f74eba0d8b059"
+ integrity sha512-zk7sgt970kzPks2Bf+dwT/PLzghLnsivb9CcxkvR8Mzr66Olr0Ofd8neSbglHJHaHa2MadfoSdNlKYAaafmWfA==
+ dependencies:
+ domelementtype "^2.2.0"
+
domutils@1.5, domutils@1.5.1:
version "1.5.1"
resolved "https://registry.yarnpkg.com/domutils/-/domutils-1.5.1.tgz#dcd8488a26f563d61079e48c9f7b7e32373682cf"
@@ -3937,6 +3968,15 @@ domutils@^1.5.1:
dom-serializer "0"
domelementtype "1"
+domutils@^2.5.2:
+ version "2.7.0"
+ resolved "https://registry.yarnpkg.com/domutils/-/domutils-2.7.0.tgz#8ebaf0c41ebafcf55b0b72ec31c56323712c5442"
+ integrity sha512-8eaHa17IwJUPAiB+SoTYBo5mCdeMgdcAoXJ59m6DT1vw+5iLS3gNoqYaRowaBKtGVrOF1Jz4yDTgYKLK2kvfJg==
+ dependencies:
+ dom-serializer "^1.0.1"
+ domelementtype "^2.2.0"
+ domhandler "^4.2.0"
+
dot-prop@^3.0.0:
version "3.0.0"
resolved "https://registry.yarnpkg.com/dot-prop/-/dot-prop-3.0.0.tgz#1b708af094a49c9a0e7dbcad790aba539dac1177"
@@ -4216,6 +4256,11 @@ entities@^1.1.1, entities@~1.1.1:
resolved "https://registry.yarnpkg.com/entities/-/entities-1.1.2.tgz#bdfa735299664dfafd34529ed4f8522a275fea56"
integrity sha512-f2LZMYl1Fzu7YSBKg+RoROelpOaNrcGmE9AZubeDfrCEia483oW4MI4VyFd5VNHIgQ/7qm1I0wUHK1eJnn2y2w==
+entities@^2.0.0:
+ version "2.2.0"
+ resolved "https://registry.yarnpkg.com/entities/-/entities-2.2.0.tgz#098dc90ebb83d8dffa089d55256b351d34c4da55"
+ integrity sha512-p92if5Nz619I0w+akJrLZH0MX0Pb5DX39XOwQTtXSdQQOaYH03S1uIQp4mhOZtAXrxq4ViO67YTiLBo2638o9A==
+
env-ci@^3.0.0:
version "3.2.0"
resolved "https://registry.yarnpkg.com/env-ci/-/env-ci-3.2.0.tgz#982f02a0501ca8c43bf0765c5bd3d83ffb28b23a"
@@ -4316,6 +4361,11 @@ escape-string-regexp@1.0.5, escape-string-regexp@^1.0.2, escape-string-regexp@^1
resolved "https://registry.yarnpkg.com/escape-string-regexp/-/escape-string-regexp-1.0.5.tgz#1b61c0562190a8dff6ae3bb2cf0200ca130b86d4"
integrity sha1-G2HAViGQqN/2rjuyzwIAyhMLhtQ=
+escape-string-regexp@^4.0.0:
+ version "4.0.0"
+ resolved "https://registry.yarnpkg.com/escape-string-regexp/-/escape-string-regexp-4.0.0.tgz#14ba83a5d373e3d311e5afca29cf5bfad965bf34"
+ integrity sha512-TtpcNJ3XAzx3Gq8sWRzJaVajRs0uVxA2YAkdb1jm2YkPz4G6egUFAyA3n5vtEIZefPk5Wa4UXbKuS5fKkJWdgA==
+
escodegen@1.8.x:
version "1.8.1"
resolved "https://registry.yarnpkg.com/escodegen/-/escodegen-1.8.1.tgz#5a5b53af4693110bebb0867aa3430dd3b70a1018"
@@ -6097,7 +6147,7 @@ htmlparser2@3.8.x:
entities "1.0"
readable-stream "1.1"
-htmlparser2@^3.10.0, htmlparser2@^3.9.0:
+htmlparser2@^3.9.0:
version "3.10.1"
resolved "https://registry.yarnpkg.com/htmlparser2/-/htmlparser2-3.10.1.tgz#bd679dc3f59897b6a34bb10749c855bb53a9392f"
integrity sha512-IgieNijUMbkDovyoKObU1DUhm1iwNYE/fuifEoEHfd1oZKZDaONBSkal7Y01shxsM49R4XaMdGez3WnF9UfiCQ==
@@ -6121,6 +6171,16 @@ htmlparser2@^3.9.1, htmlparser2@^3.9.2:
inherits "^2.0.1"
readable-stream "^3.0.6"
+htmlparser2@^6.0.0:
+ version "6.1.0"
+ resolved "https://registry.yarnpkg.com/htmlparser2/-/htmlparser2-6.1.0.tgz#c4d762b6c3371a05dbe65e94ae43a9f845fb8fb7"
+ integrity sha512-gyyPk6rgonLFEDGoeRgQNaEUvdJ4ktTmmUh/h2t7s+M8oPpIPxgNACWa+6ESR57kXstwqPiCut0V8NRpcwgU7A==
+ dependencies:
+ domelementtype "^2.0.1"
+ domhandler "^4.0.0"
+ domutils "^2.5.2"
+ entities "^2.0.0"
+
http-cache-semantics@^3.8.1:
version "3.8.1"
resolved "https://registry.yarnpkg.com/http-cache-semantics/-/http-cache-semantics-3.8.1.tgz#39b0e16add9b605bf0a9ef3d9daaf4843b4cacd2"
@@ -6790,6 +6850,11 @@ is-plain-object@^2.0.1, is-plain-object@^2.0.3, is-plain-object@^2.0.4:
dependencies:
isobject "^3.0.1"
+is-plain-object@^5.0.0:
+ version "5.0.0"
+ resolved "https://registry.yarnpkg.com/is-plain-object/-/is-plain-object-5.0.0.tgz#4427f50ab3429e9025ea7d52e9043a9ef4159344"
+ integrity sha512-VRSzKkbMm5jMDoKLbltAkFQ5Qr7VDiTFGXxYFXXowVj387GeGNOCsOH6Msy00SGZ3Fp84b1Naa1psqgcCIEP5Q==
+
is-promise@^2.0.0, is-promise@^2.1.0:
version "2.1.0"
resolved "https://registry.yarnpkg.com/is-promise/-/is-promise-2.1.0.tgz#79a2a9ece7f096e80f36d2b2f3bc16c1ff4bf3fa"
@@ -7253,6 +7318,11 @@ kind-of@^6.0.0, kind-of@^6.0.2:
resolved "https://registry.yarnpkg.com/kind-of/-/kind-of-6.0.2.tgz#01146b36a6218e64e58f3a8d66de5d7fc6f6d051"
integrity sha512-s5kLOcnH0XqDO+FvuaLX8DDjZ18CGFk7VygH40QoKPUQhW4e2rvM0rwUq0t8IQDOwYSeLK01U90OjzBTme2QqA==
+klona@^2.0.3:
+ version "2.0.4"
+ resolved "https://registry.yarnpkg.com/klona/-/klona-2.0.4.tgz#7bb1e3affb0cb8624547ef7e8f6708ea2e39dfc0"
+ integrity sha512-ZRbnvdg/NxqzC7L9Uyqzf4psi1OM4Cuc+sJAkQPjO6XkQIJTNbfK2Rsmbw8fx1p2mkZdp2FZYo2+LwXYY/uwIA==
+
latest-version@^3.0.0:
version "3.1.0"
resolved "https://registry.yarnpkg.com/latest-version/-/latest-version-3.1.0.tgz#a205383fea322b33b5ae3b18abee0dc2f356ee15"
@@ -7742,11 +7812,6 @@ lodash.merge@^4.4.0, lodash.merge@^4.6.0:
resolved "https://registry.yarnpkg.com/lodash.merge/-/lodash.merge-4.6.1.tgz#adc25d9cb99b9391c59624f379fbba60d7111d54"
integrity sha512-AOYza4+Hf5z1/0Hztxpm2/xiPZgi/cjMqdnKTUWTBSKchJlxXXuUSxCCl8rJlf4g6yww/j6mA8nC8Hw/EZWxKQ==
-lodash.mergewith@^4.6.1:
- version "4.6.1"
- resolved "https://registry.yarnpkg.com/lodash.mergewith/-/lodash.mergewith-4.6.1.tgz#639057e726c3afbdb3e7d42741caa8d6e4335927"
- integrity sha512-eWw5r+PYICtEBgrBE5hhlT6aAa75f411bgDz/ZL2KZqYV03USvucsxcHUIlGTDTECs1eunpI7HOV7U+WLDvNdQ==
-
lodash.once@^4.0.0:
version "4.1.1"
resolved "https://registry.yarnpkg.com/lodash.once/-/lodash.once-4.1.1.tgz#0dd3971213c7c56df880977d504c88fb471a97ac"
@@ -8064,10 +8129,10 @@ marked-terminal@^3.2.0:
node-emoji "^1.4.1"
supports-hyperlinks "^1.0.1"
-marked@0.6.1:
- version "0.6.1"
- resolved "https://registry.yarnpkg.com/marked/-/marked-0.6.1.tgz#a63addde477bca9613028de4b2bc3629e53a0562"
- integrity sha512-+H0L3ibcWhAZE02SKMqmvYsErLo4EAVJxu5h3bHBBDvvjeWXtl92rGUSBYHL2++5Y+RSNgl8dYOAXcYe7lp1fA==
+marked@2.0.7:
+ version "2.0.7"
+ resolved "https://registry.yarnpkg.com/marked/-/marked-2.0.7.tgz#bc5b857a09071b48ce82a1f7304913a993d4b7d1"
+ integrity sha512-BJXxkuIfJchcXOJWTT2DOL+yFWifFv2yGYOUzvXg8Qz610QKw+sHCvTMYwA+qWGhlA2uivBezChZ/pBy1tWdkQ==
marked@^0.6.0:
version "0.6.0"
@@ -8656,6 +8721,11 @@ nan@^2.13.2:
resolved "https://registry.yarnpkg.com/nan/-/nan-2.14.2.tgz#f5376400695168f4cc694ac9393d0c9585eeea19"
integrity sha512-M2ufzIiINKCuDfBSAUr1vWQ+vuVcA9kqx8JJUsbQi6yf1uGRyb7HfpdfUr5qLXf3B/t8dPvcjhKMmlfnP47EzQ==
+nanoid@^3.1.23:
+ version "3.1.23"
+ resolved "https://registry.yarnpkg.com/nanoid/-/nanoid-3.1.23.tgz#f744086ce7c2bc47ee0a8472574d5c78e4183a81"
+ integrity sha512-FiB0kzdP0FFVGDKlRLEQ1BgDzU87dy5NnzjeW9YZNt+/c3+q82EQDUwniSAUxp/F0gFNI1ZhKU1FqYsMuqZVnw==
+
nanomatch@^1.2.9:
version "1.2.13"
resolved "https://registry.yarnpkg.com/nanomatch/-/nanomatch-1.2.13.tgz#b87a8aa4fc0de8fe6be88895b38983ff265bd119"
@@ -9661,6 +9731,11 @@ parse-passwd@^1.0.0:
resolved "https://registry.yarnpkg.com/parse-passwd/-/parse-passwd-1.0.0.tgz#6d5b934a456993b23d37f40a382d6f1666a8e5c6"
integrity sha1-bVuTSkVpk7I9N/QKOC1vFmao5cY=
+parse-srcset@^1.0.2:
+ version "1.0.2"
+ resolved "https://registry.yarnpkg.com/parse-srcset/-/parse-srcset-1.0.2.tgz#f2bd221f6cc970a938d88556abc589caaaa2bde1"
+ integrity sha1-8r0iH2zJcKk42IVWq8WJyqqiveE=
+
parse5@^3.0.1:
version "3.0.3"
resolved "https://registry.yarnpkg.com/parse5/-/parse5-3.0.3.tgz#042f792ffdd36851551cf4e9e066b3874ab45b5c"
@@ -10048,6 +10123,15 @@ postcss@^7.0.5, postcss@^7.0.6:
source-map "^0.6.1"
supports-color "^6.1.0"
+postcss@^8.0.2:
+ version "8.3.4"
+ resolved "https://registry.yarnpkg.com/postcss/-/postcss-8.3.4.tgz#41ece1c43f2f7c74dc7d90144047ce052757b822"
+ integrity sha512-/tZY0PXExXXnNhKv3TOvZAOUYRyuqcCbBm2c17YMDK0PlVII3K7/LKdt3ScHL+hhouddjUWi+1sKDf9xXW+8YA==
+ dependencies:
+ colorette "^1.2.2"
+ nanoid "^3.1.23"
+ source-map-js "^0.6.2"
+
precond@0.2:
version "0.2.3"
resolved "https://registry.yarnpkg.com/precond/-/precond-0.2.3.tgz#aa9591bcaa24923f1e0f4849d240f47efc1075ac"
@@ -11320,21 +11404,18 @@ safefs@^3.1.2:
resolved "https://registry.yarnpkg.com/safer-buffer/-/safer-buffer-2.1.2.tgz#44fa161b0187b9549dd84bb91802f9bd8385cd6a"
integrity sha512-YZo3K82SD7Riyi0E1EQPojLz7kpepnSQI9IyPbHHg1XXXevb5dJI7tpyN2ADxGcQbHG7vcyRHk0cbwqcQriUtg==
-sanitize-html@1.20.0:
- version "1.20.0"
- resolved "https://registry.yarnpkg.com/sanitize-html/-/sanitize-html-1.20.0.tgz#9a602beb1c9faf960fb31f9890f61911cc4d9156"
- integrity sha512-BpxXkBoAG+uKCHjoXFmox6kCSYpnulABoGcZ/R3QyY9ndXbIM5S94eOr1IqnzTG8TnbmXaxWoDDzKC5eJv7fEQ==
+sanitize-html@2.4.0:
+ version "2.4.0"
+ resolved "https://registry.yarnpkg.com/sanitize-html/-/sanitize-html-2.4.0.tgz#8da7524332eb210d968971621b068b53f17ab5a3"
+ integrity sha512-Y1OgkUiTPMqwZNRLPERSEi39iOebn2XJLbeiGOBhaJD/yLqtLGu6GE5w7evx177LeGgSE+4p4e107LMiydOf6A==
dependencies:
- chalk "^2.4.1"
- htmlparser2 "^3.10.0"
- lodash.clonedeep "^4.5.0"
- lodash.escaperegexp "^4.1.2"
- lodash.isplainobject "^4.0.6"
- lodash.isstring "^4.0.1"
- lodash.mergewith "^4.6.1"
- postcss "^7.0.5"
- srcset "^1.0.0"
- xtend "^4.0.1"
+ deepmerge "^4.2.2"
+ escape-string-regexp "^4.0.0"
+ htmlparser2 "^6.0.0"
+ is-plain-object "^5.0.0"
+ klona "^2.0.3"
+ parse-srcset "^1.0.2"
+ postcss "^8.0.2"
saslprep@^1.0.0:
version "1.0.2"
@@ -12039,6 +12120,11 @@ source-list-map@^2.0.0:
resolved "https://registry.yarnpkg.com/source-list-map/-/source-list-map-2.0.1.tgz#3993bd873bfc48479cca9ea3a547835c7c154b34"
integrity sha512-qnQ7gVMxGNxsiL4lEuJwe/To8UnK7fAnmbGEEH8RpLouuKbeEm0lhbQVFIrNSuB+G7tVrAlVsZgETT5nljf+Iw==
+source-map-js@^0.6.2:
+ version "0.6.2"
+ resolved "https://registry.yarnpkg.com/source-map-js/-/source-map-js-0.6.2.tgz#0bb5de631b41cfbda6cfba8bd05a80efdfd2385e"
+ integrity sha512-/3GptzWzu0+0MBQFrDKzw/DvvMTUORvgY6k6jd/VS6iCR4RDTKWH6v6WPwQoUO8667uQEf9Oe38DxAYWY5F/Ug==
+
source-map-resolve@^0.5.0:
version "0.5.2"
resolved "https://registry.yarnpkg.com/source-map-resolve/-/source-map-resolve-0.5.2.tgz#72e2cc34095543e43b2c62b2c4c10d4a9054f259"
@@ -12178,14 +12264,6 @@ sprintf-js@~1.0.2:
resolved "https://registry.yarnpkg.com/sprintf-js/-/sprintf-js-1.0.3.tgz#04e6926f662895354f3dd015203633b857297e2c"
integrity sha1-BOaSb2YolTVPPdAVIDYzuFcpfiw=
-srcset@^1.0.0:
- version "1.0.0"
- resolved "https://registry.yarnpkg.com/srcset/-/srcset-1.0.0.tgz#a5669de12b42f3b1d5e83ed03c71046fc48f41ef"
- integrity sha1-pWad4StC87HV6D7QPHEEb8SPQe8=
- dependencies:
- array-uniq "^1.0.2"
- number-is-nan "^1.0.0"
-
sshpk@^1.7.0:
version "1.16.1"
resolved "https://registry.yarnpkg.com/sshpk/-/sshpk-1.16.1.tgz#fb661c0bef29b39db40769ee39fa70093d6f6877"