Skip to content

Update dependency sanitize-html to v2 #7

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
dev-mend-for-github-com wants to merge 1 commit into
base: master
Choose a base branch
from

Update dependency sanitize-html to v2

ce46154
Select commit
Loading
Failed to load commit list.
Open

Update dependency sanitize-html to v2 #7

Update dependency sanitize-html to v2
ce46154
Select commit
Loading
Failed to load commit list.
Dev - Mend for GitHub.com / Mend Security Check failed May 27, 2026 in 13m 22s

Security Report

You have successfully remediated 73 vulnerabilities, but introduced 20 new vulnerabilities in this branch.

❌ New vulnerabilities:

Vulnerability Severity CVSS Score Vulnerable Library Direct Library Suggested Fix Issue
CVE-941441-362681

Path to dependency file: /package.json

Path to vulnerable library: /node_modules/once/package.json

Dependency Hierarchy:

-> grunt-1.6.2.tgz (Root Library)

   -> glob-7.1.7.tgz

     -> ❌ once-1.4.0.tgz (Vulnerable Library)

Critical 9.8 Transitive once-1.4.0.tgz grunt-1.6.2.tgz None
CVE-2026-41907

Path to dependency file: /package.json

Path to vulnerable library: /node_modules/uuid/package.json

Dependency Hierarchy:

-> sequelize-6.37.8.tgz (Root Library)

   -> ❌ uuid-8.3.2.tgz (Vulnerable Library)

Critical 9.8 Transitive uuid-8.3.2.tgz sequelize-6.37.8.tgz Transitive https://github.com/uuidjs/uuid.git - v13.0.1,https://github.com/uuidjs/uuid.git - v12.0.1,https://github.com/uuidjs/uuid.git - v11.1.1 None
CVE-2026-41907

Path to dependency file: /package.json

Path to vulnerable library: /node_modules/request/node_modules/uuid/package.json

Dependency Hierarchy:

-> request-2.88.2.tgz (Root Library)

   -> ❌ uuid-3.4.0.tgz (Vulnerable Library)

Critical 9.8 Transitive uuid-3.4.0.tgz request-2.88.2.tgz Transitive https://github.com/uuidjs/uuid.git - v13.0.1,https://github.com/uuidjs/uuid.git - v12.0.1,https://github.com/uuidjs/uuid.git - v11.1.1 None
CVE-2026-44990

Path to dependency file: /package.json

Path to vulnerable library: /node_modules/sanitize-html/package.json

Dependency Hierarchy:

-> ❌ sanitize-html-2.12.1.tgz (Vulnerable Library)

Critical 9.3 Direct sanitize-html-2.12.1.tgz sanitize-html-2.12.1.tgz None
CVE-2026-3304

Path to dependency file: /package.json

Path to vulnerable library: /node_modules/multer/package.json

Dependency Hierarchy:

-> ❌ multer-1.4.5-lts.2.tgz (Vulnerable Library)

High 7.5 Direct multer-1.4.5-lts.2.tgz multer-1.4.5-lts.2.tgz Upgrade to version multer - 2.1.0 or greater None
CVE-2026-26996

Path to dependency file: /package.json

Path to vulnerable library: /node_modules/archiver-utils/node_modules/minimatch/package.json,/node_modules/archiver/node_modules/minimatch/package.json,/node_modules/file-js/node_modules/minimatch/package.json,/node_modules/fstream/node_modules/minimatch/package.json,/node_modules/grunt/node_modules/minimatch/package.json,/node_modules/ignore-walk/node_modules/minimatch/package.json,/node_modules/node-pre-gyp/node_modules/minimatch/package.json,/node_modules/rimraf/node_modules/minimatch/package.json,/node_modules/sqlite3/node_modules/minimatch/package.json

Dependency Hierarchy:

-> grunt-1.6.2.tgz (Root Library)

   -> ❌ minimatch-3.1.5.tgz (Vulnerable Library)

High 7.5 Transitive minimatch-3.1.5.tgz grunt-1.6.2.tgz Transitive 10.2.1 None
CVE-2026-26996

Path to dependency file: /package.json

Path to vulnerable library: /node_modules/archiver-utils/node_modules/minimatch/package.json,/node_modules/archiver/node_modules/minimatch/package.json,/node_modules/file-js/node_modules/minimatch/package.json,/node_modules/fstream/node_modules/minimatch/package.json,/node_modules/grunt/node_modules/minimatch/package.json,/node_modules/ignore-walk/node_modules/minimatch/package.json,/node_modules/node-pre-gyp/node_modules/minimatch/package.json,/node_modules/rimraf/node_modules/minimatch/package.json,/node_modules/sqlite3/node_modules/minimatch/package.json

Dependency Hierarchy:

-> libxmljs-1.0.11.tgz (Root Library)

   -> node-pre-gyp-1.0.11.tgz

     -> rimraf-3.0.2.tgz

       -> glob-7.2.3.tgz

         -> ❌ minimatch-3.1.5.tgz (Vulnerable Library)

High 7.5 Transitive minimatch-3.1.5.tgz libxmljs-1.0.11.tgz Transitive 10.2.1 None
CVE-2026-26996

Path to dependency file: /package.json

Path to vulnerable library: /node_modules/archiver-utils/node_modules/minimatch/package.json,/node_modules/archiver/node_modules/minimatch/package.json,/node_modules/file-js/node_modules/minimatch/package.json,/node_modules/fstream/node_modules/minimatch/package.json,/node_modules/grunt/node_modules/minimatch/package.json,/node_modules/ignore-walk/node_modules/minimatch/package.json,/node_modules/node-pre-gyp/node_modules/minimatch/package.json,/node_modules/rimraf/node_modules/minimatch/package.json,/node_modules/sqlite3/node_modules/minimatch/package.json

Dependency Hierarchy:

-> node-pre-gyp-0.15.0.tgz (Root Library)

   -> rimraf-2.7.1.tgz

     -> glob-7.2.3.tgz

       -> ❌ minimatch-3.1.5.tgz (Vulnerable Library)

High 7.5 Transitive minimatch-3.1.5.tgz node-pre-gyp-0.15.0.tgz Transitive 10.2.1 None
CVE-2026-26996

Path to dependency file: /package.json

Path to vulnerable library: /node_modules/archiver-utils/node_modules/minimatch/package.json,/node_modules/archiver/node_modules/minimatch/package.json,/node_modules/file-js/node_modules/minimatch/package.json,/node_modules/fstream/node_modules/minimatch/package.json,/node_modules/grunt/node_modules/minimatch/package.json,/node_modules/ignore-walk/node_modules/minimatch/package.json,/node_modules/node-pre-gyp/node_modules/minimatch/package.json,/node_modules/rimraf/node_modules/minimatch/package.json,/node_modules/sqlite3/node_modules/minimatch/package.json

Dependency Hierarchy:

-> grunt-contrib-compress-1.6.0.tgz (Root Library)

   -> archiver-1.3.0.tgz

     -> glob-7.2.3.tgz

       -> ❌ minimatch-3.1.5.tgz (Vulnerable Library)

High 7.5 Transitive minimatch-3.1.5.tgz grunt-contrib-compress-1.6.0.tgz Transitive 10.2.1 None
CVE-2026-26996

Path to dependency file: /package.json

Path to vulnerable library: /node_modules/glob/node_modules/minimatch/package.json

Dependency Hierarchy:

-> glob-10.5.0.tgz (Root Library)

   -> ❌ minimatch-9.0.9.tgz (Vulnerable Library)

High 7.5 Transitive minimatch-9.0.9.tgz glob-10.5.0.tgz Transitive 10.2.1 None
CVE-2026-26996

Path to dependency file: /package.json

Path to vulnerable library: /node_modules/archiver-utils/node_modules/minimatch/package.json,/node_modules/archiver/node_modules/minimatch/package.json,/node_modules/file-js/node_modules/minimatch/package.json,/node_modules/fstream/node_modules/minimatch/package.json,/node_modules/grunt/node_modules/minimatch/package.json,/node_modules/ignore-walk/node_modules/minimatch/package.json,/node_modules/node-pre-gyp/node_modules/minimatch/package.json,/node_modules/rimraf/node_modules/minimatch/package.json,/node_modules/sqlite3/node_modules/minimatch/package.json

Dependency Hierarchy:

-> unzipper-0.9.15.tgz (Root Library)

   -> fstream-1.0.12.tgz

     -> rimraf-2.7.1.tgz

       -> glob-7.2.3.tgz

         -> ❌ minimatch-3.1.5.tgz (Vulnerable Library)

High 7.5 Transitive minimatch-3.1.5.tgz unzipper-0.9.15.tgz Transitive 10.2.1 None
CVE-2026-26996

Path to dependency file: /package.json

Path to vulnerable library: /node_modules/archiver-utils/node_modules/minimatch/package.json,/node_modules/archiver/node_modules/minimatch/package.json,/node_modules/file-js/node_modules/minimatch/package.json,/node_modules/fstream/node_modules/minimatch/package.json,/node_modules/grunt/node_modules/minimatch/package.json,/node_modules/ignore-walk/node_modules/minimatch/package.json,/node_modules/node-pre-gyp/node_modules/minimatch/package.json,/node_modules/rimraf/node_modules/minimatch/package.json,/node_modules/sqlite3/node_modules/minimatch/package.json

Dependency Hierarchy:

-> filesniffer-1.0.3.tgz (Root Library)

   -> filehound-1.17.6.tgz

     -> file-js-0.3.0.tgz

       -> ❌ minimatch-3.1.5.tgz (Vulnerable Library)

High 7.5 Transitive minimatch-3.1.5.tgz filesniffer-1.0.3.tgz Transitive 10.2.1 None
CVE-2026-26996

Path to dependency file: /package.json

Path to vulnerable library: /node_modules/filehound/node_modules/minimatch/package.json

Dependency Hierarchy:

-> filesniffer-1.0.3.tgz (Root Library)

   -> filehound-1.17.6.tgz

     -> ❌ minimatch-5.1.9.tgz (Vulnerable Library)

High 7.5 Transitive minimatch-5.1.9.tgz filesniffer-1.0.3.tgz Transitive 10.2.1 None
CVE-2026-26996

Path to dependency file: /package.json

Path to vulnerable library: /node_modules/archiver-utils/node_modules/minimatch/package.json,/node_modules/archiver/node_modules/minimatch/package.json,/node_modules/file-js/node_modules/minimatch/package.json,/node_modules/fstream/node_modules/minimatch/package.json,/node_modules/grunt/node_modules/minimatch/package.json,/node_modules/ignore-walk/node_modules/minimatch/package.json,/node_modules/node-pre-gyp/node_modules/minimatch/package.json,/node_modules/rimraf/node_modules/minimatch/package.json,/node_modules/sqlite3/node_modules/minimatch/package.json

Dependency Hierarchy:

-> sqlite3-5.1.7.tgz (Root Library)

   -> node-gyp-8.4.1.tgz

     -> glob-7.2.3.tgz

       -> ❌ minimatch-3.1.5.tgz (Vulnerable Library)

High 7.5 Transitive minimatch-3.1.5.tgz sqlite3-5.1.7.tgz Transitive 10.2.1 None
CVE-2026-2359

Path to dependency file: /package.json

Path to vulnerable library: /node_modules/multer/package.json

Dependency Hierarchy:

-> ❌ multer-1.4.5-lts.2.tgz (Vulnerable Library)

High 7.5 Direct multer-1.4.5-lts.2.tgz multer-1.4.5-lts.2.tgz Upgrade to version multer - 2.1.0 or greater None
CVE-2025-7338

Path to dependency file: /package.json

Path to vulnerable library: /node_modules/multer/package.json

Dependency Hierarchy:

-> ❌ multer-1.4.5-lts.2.tgz (Vulnerable Library)

High 7.5 Direct multer-1.4.5-lts.2.tgz multer-1.4.5-lts.2.tgz None
CVE-2025-48997

Path to dependency file: /package.json

Path to vulnerable library: /node_modules/multer/package.json

Dependency Hierarchy:

-> ❌ multer-1.4.5-lts.2.tgz (Vulnerable Library)

High 7.5 Direct multer-1.4.5-lts.2.tgz multer-1.4.5-lts.2.tgz 2.0.1 None
CVE-2025-47944

Path to dependency file: /package.json

Path to vulnerable library: /node_modules/multer/package.json

Dependency Hierarchy:

-> ❌ multer-1.4.5-lts.2.tgz (Vulnerable Library)

High 7.5 Direct multer-1.4.5-lts.2.tgz multer-1.4.5-lts.2.tgz 2.0.0 None
CVE-2025-47935

Path to dependency file: /package.json

Path to vulnerable library: /node_modules/multer/package.json

Dependency Hierarchy:

-> ❌ multer-1.4.5-lts.2.tgz (Vulnerable Library)

High 7.5 Direct multer-1.4.5-lts.2.tgz multer-1.4.5-lts.2.tgz 2.0.0 None
CVE-2024-47764

Path to dependency file: /package.json

Path to vulnerable library: /node_modules/engine.io/node_modules/cookie/package.json

Dependency Hierarchy:

-> socket.io-3.1.2.tgz (Root Library)

   -> engine.io-4.1.2.tgz

     -> ❌ cookie-0.4.2.tgz (Vulnerable Library)

Medium 5.3 Transitive cookie-0.4.2.tgz socket.io-3.1.2.tgz Transitive 0.7.0 None

✔️ Remediated vulnerabilities:

Vulnerability Vulnerable Library
CVE-2026-26996 minimatch-5.1.6.tgz
CVE-2026-33939 handlebars-4.7.7.tgz
CVE-636288-474053 on-headers-1.0.2.tgz
CVE-2024-47764 cookie-0.6.0.tgz
CVE-2026-26996 minimatch-3.0.8.tgz
CVE-2019-25225 sanitize-html-1.4.2.tgz
CVE-2026-33938 handlebars-4.7.7.tgz
CVE-2026-26996 minimatch-9.0.5.tgz
WS-2018-0096 base64url-0.0.6.tgz
CVE-2026-33671 picomatch-2.3.1.tgz
CVE-2025-64756 glob-10.4.5.tgz
CVE-2025-47944 multer-1.4.5-lts.1.tgz
CVE-2026-33672 picomatch-2.3.1.tgz
CVE-2024-12905 tar-fs-2.1.1.tgz
CVE-2025-15284 qs-6.11.0.tgz
CVE-2025-7338 multer-1.4.5-lts.1.tgz
CVE-2026-4867 path-to-regexp-0.1.7.tgz
CVE-2026-33941 handlebars-4.7.7.tgz
CVE-2025-5889 brace-expansion-1.1.11.tgz
CVE-2026-26996 minimatch-3.1.2.tgz
CVE-2026-33750 brace-expansion-2.0.1.tgz
CVE-2024-47764 cookie-0.4.1.tgz
CVE-2025-69873 ajv-6.12.6.tgz
CVE-2026-2391 qs-6.11.0.tgz
CVE-2025-13466 body-parser-1.20.2.tgz
CVE-2024-21501 sanitize-html-1.4.2.tgz
CVE-2025-48997 multer-1.4.5-lts.1.tgz
CVE-2016-1000237 sanitize-html-1.4.2.tgz
CVE-2024-21538 cross-spawn-7.0.3.tgz
CVE-2025-47935 multer-1.4.5-lts.1.tgz
CVE-2019-1010266 lodash-2.4.2.tgz
CVE-2026-42338 ip-address-9.0.5.tgz
CVE-02026-20261 on-headers-1.0.2.tgz
CVE-2021-26539 sanitize-html-1.4.2.tgz
CVE-2026-33940 handlebars-4.7.7.tgz
CVE-2026-2359 multer-1.4.5-lts.1.tgz
CVE-2025-59436 ip-2.0.1.tgz
CVE-2025-15284 qs-6.5.3.tgz
CVE-2024-45590 body-parser-1.20.2.tgz
CVE-2020-28500 lodash-2.4.2.tgz
CVE-2025-56200 validator-13.12.0.tgz
CVE-2025-59343 tar-fs-2.1.1.tgz
CVE-2014-125128 sanitize-html-1.4.2.tgz
CVE-2026-2391 qs-6.5.3.tgz
CVE-2024-4067 micromatch-4.0.7.tgz
CVE-2026-2950 lodash-2.4.2.tgz
CVE-2017-18214 moment-2.0.0.tgz
CVE-2024-29415 ip-2.0.1.tgz
CVE-2021-32822 hbs-4.2.0.tgz
CVE-2024-43796 express-4.19.2.tgz
CVE-2017-16016 sanitize-html-1.4.2.tgz
CVE-2020-8203 lodash-2.4.2.tgz
CVE-2026-3304 multer-1.4.5-lts.1.tgz
CVE-2026-2950 lodash-4.17.21.tgz
CVE-2021-26540 sanitize-html-1.4.2.tgz
CVE-2025-5889 brace-expansion-2.0.1.tgz
CVE-2024-45296 path-to-regexp-0.1.7.tgz
CVE-2021-23337 lodash-2.4.2.tgz
CVE-607537-903744 ajv-6.12.6.tgz
CVE-2026-33937 handlebars-4.7.7.tgz
CVE-2022-25887 sanitize-html-1.4.2.tgz
CVE-2022-25881 http-cache-semantics-3.8.1.tgz
CVE-2018-3721 lodash-2.4.2.tgz
CVE-121740-819191 lodash-4.17.21.tgz
CVE-2026-33916 handlebars-4.7.7.tgz
CVE-2025-7339 on-headers-1.0.2.tgz
CVE-2026-44990 sanitize-html-1.4.2.tgz
CVE-2026-33750 brace-expansion-1.1.11.tgz
CVE-2026-4800 lodash-4.17.21.tgz
CVE-2024-52798 path-to-regexp-0.1.7.tgz
CVE-2019-10744 lodash-2.4.2.tgz
CVE-2024-43800 serve-static-1.15.0.tgz
CVE-2025-59437 ip-2.0.1.tgz

Base branch total remaining vulnerabilities: 145
Base branch commit: null


Total libraries scanned: 982

Scan token: 2772a419f6d0432c9091cf9ba4bbee53

View more details on Dev - Mend for GitHub.com