This release includes 2 security fixes for security teams reviewing exposed deployments.
Topics
Affected surfaces
Summary
AI summarySecurity fixes applied by bumping sanitize-html and socket.io dependencies.
Changes in this release
| Type | Severity | Summary | CVE |
|---|---|---|---|
| Security | High |
sanitize-html updated to v2.17.4 to address a vulnerability sanitize-html updated to v2.17.4 to address a vulnerability Source: granite4.1:30b@2026-05-19-audit Confidence: low |
— |
| Security | High |
socket.io updated to v4.8.3 to address a vulnerability socket.io updated to v4.8.3 to address a vulnerability Source: granite4.1:30b@2026-05-19-audit Confidence: low |
— |
| Security | Medium |
sanitize-html bumped to v2.17.4 for vulnerability fix sanitize-html bumped to v2.17.4 for vulnerability fix Source: granite4.1:8b-q6_K@2026-05-19 Confidence: low |
— |
| Security | Medium |
socket.io bumped to v4.8.3 for vulnerability fix socket.io bumped to v4.8.3 for vulnerability fix Source: granite4.1:8b-q6_K@2026-05-19 Confidence: low |
— |
Changelog
- Bump sanitize-html to v2.17.4 for vuln fix
- Bump socket.io to v4.8.3 for vuln fix
Security Fixes
- dep: Vulnerability fixed in sanitize-html by bumping to v2.17.4
- dep: Vulnerability fixed in socket.io by bumping to v4.8.3
Weekly OSS security release digest.
The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.
No spam, unsubscribe anytime.
Share this release
Beta — feedback welcome: [email protected]