Bump @joeattardi/emoji-button from 4.6.0 to 4.6.1 (!1639) · Merge requests · Yoginth / Taskord

Yogi Bot requested to merge dependabot-npm_and_yarn-joeattardi-emoji-button-4.6.1 into main Nov 24, 2021

Bumps @joeattardi/emoji-button from 4.6.0 to 4.6.1.

Release notes

Sourced from @joeattardi/emoji-button's releases.

v4.6.1

Changelog

Fixed XSS vulnerability with custom emojis. Custom emoji URLs could be crafted in such a way to trigger an XSS attack. All places where custom emoji URLs are used are now sanitized.

Commits

dc14b8d 4.6.1
05970c0 Fix XSS vulnerability with custom emojis
d859569 Fix imports in code examples
See full diff in compare view

Bump @joeattardi/emoji-button from 4.6.0 to 4.6.1

v4.6.1

Changelog

Merge request reports