Sourced from sanitize-html's changelog.

2.17.0 (2025年05月14日)

• Add preserveEscapedAttributes, allowing attributes on escaped disallowed tags to be retained. Thanks to Ben Elliot for this new option.

2.16.0 (2025年04月16日)

• Add onOpenTag and onCloseTag events to enable advanced filtering to hook into the parser. Thanks to Rimvydas Naktinis.

2.15.0 (2025年03月19日)

• Allow keeping tag content when discarding with exclusive filter by returning "excludeTag". Thanks to rChaoz.

2.14.0 (2024年12月18日)

• Fix adding text with transformTags in cases where it originally had no text child elements. Thanks to f0x.

2.13.1 (2024年10月03日)

• Fix to allow regex in allowedClasses wildcard whitelist. Thanks to anak-dev.

2.13.0 (2024年03月20日)

• Documentation update regarding minimum supported TypeScript version.

• Added disallowedTagsMode: completelyDiscard option to remove the content also in HTML. Thanks to Gauav Kumar for this addition.

2.12.1 (2024年02月22日)

• Do not parse sourcemaps in post-css. This fixes a vulnerability in which information about the existence or non-existence of files on a server could be disclosed via properly crafted HTML input when the style attribute is allowed by the configuration. Thanks to the Snyk Security team for the disclosure and to Dylan Armstrong for the fix.

2.12.0 (2024年02月21日)

• Introduced the allowedEmptyAttributes option, enabling explicit specification of empty string values for select attributes, with the default attribute set to alt. Thanks to Na for the contribution.

• Clarified the use of SVGs with a new test and changes to documentation. Thanks to Gauav Kumar for the contribution.

• Do not process source maps when processing style tags with PostCSS.

2.11.0 (2023年06月21日)

• Fix to allow false in allowedClasses attributes. Thanks to Kevin Jiang for this fix!
• Upgrade mocha version
• Apply small linter fixes in tests
• Add .idea temp files to .gitignore
• Thanks to Vitalii Shpital for the updates!
• Show parseStyleAttributes warning in browser only. Thanks to mog422 for this update!
• Remove empty non-boolean attributes via an exhaustive, configurable list of known non-boolean attributes. Thanks to Dylan Armstrong for this update!

2.10.0 (2023年02月17日)

... (truncated)

• See full diff in compare view

Sourced from gatsby-transformer-remark's releases.

gatsby-source-wordpress@7.13.5 and 6 more...

2024年08月26日

Updated packages

• gatsby-source-wordpress@7.13.5
• gatsby-remark-responsive-iframe@6.13.2
• gatsby-remark-prismjs@7.13.2
• gatsby-remark-images@7.13.2
• gatsby-remark-images@6.13.2
• gatsby-remark-graphviz@5.13.2
• gatsby-remark-copy-linked-files@6.13.2
• gatsby-plugin-offline@6.13.3

What's Changed

• fix: pin cheerio (#39066) by @​gatsbybot in gatsbyjs/gatsby#39069

See full release notes: gatsbyjs/gatsby#39070

gatsby@5.15.0

What's Changed

• fix: support node 22 by @​serhalp in gatsbyjs/gatsby#39349
• fix(gatsby): update socket.io to address vulnerable subdeps by @​serhalp in gatsbyjs/gatsby#39352

Node.js 22

This release formally introduces Node.js 22 support, which is officially tested and supported going forward.

If you wish to use Node.js 22 with Gatsby, we highly recommend using the latest 22.x release, as there are known issues with some older 22.x versions that Gatsby is unable to work around at this time.

⚠️ Known Issue: gatsby develop fails with Node.js 22.7.0, 22.8.0, and 22.9.0

There is a critical bug in Node.js (nodejs/node#55145?) affecting versions 22.7.0, 22.8.0, and 22.9.0 that causes gatsby develop to fail with the error reported in gatsbyjs/gatsby#39068.

👉🏼 To avoid this, use Node.js 22.10.0 or later. (You can also use 22.6.0 or earlier.)

⚠️ Known Issue: Page loads may hang in dev with experimental DEV_SSR enabled and Node.js ≥22.14.0 (or ≥20.19.0)

This will not affect most users.

A change landed in Node.js 20.19.0 and 22.14.0 results in requests to the gatsby develop dev server to occasionally hang for 15 seconds. This can only occur if you have opted in to the experimental DEV_SSR flag.

👉🏼 To avoid this, disable the experimental DEV_SSR flag. (You can also downgrade to Node.js 22.13.1 or earlier, 20.18.3 or earlier, or 18.x.)

New Contributors

Thank you!

• @​pajosieg made their first contribution in gatsbyjs/gatsby#39169
• @​johnmurphy01 made their first contribution in gatsbyjs/gatsby#39324

... (truncated)

Sourced from gatsby-transformer-remark's changelog.

6.15.0 (2025年08月27日)

🧾 Release notes

Note: Version bump only for package gatsby-transformer-remark

6.14.0 (2024年11月06日)

🧾 Release notes

Note: Version bump only for package gatsby-transformer-remark

6.13.1 (2024年01月23日)

Note: Version bump only for package gatsby-transformer-remark

6.13.0 (2023年12月18日)

🧾 Release notes

Note: Version bump only for package gatsby-transformer-remark

6.12.3 (2023年10月26日)

Note: Version bump only for package gatsby-transformer-remark

6.12.2 (2023年10月20日)

Note: Version bump only for package gatsby-transformer-remark

6.12.1 (2023年10月09日)

Note: Version bump only for package gatsby-transformer-remark

6.12.0 (2023年08月24日)

🧾 Release notes

Bug Fixes

• update dependency sanitize-html to ^2.11.0 for gatsby-transformer-remark #38315 (87a3412)

6.11.0 (2023年06月15日)

🧾 Release notes

Note: Version bump only for package gatsby-transformer-remark

6.10.0 (2023年05月16日)

... (truncated)

• e3d0717 chore(release): Publish
• 17baffb chore(release): Publish next pre-minor
• 5f44fcd chore(changelogs): update changelogs (#39156)
• 2c75bc5 chore(changelogs): update changelogs (#38821)
• 94b2482 chore(release): Publish next
• 196618a chore(release): Publish next
• 4f8c065 chore(changelogs): update changelogs (#38769)
• eed07f3 chore(release): Publish next pre-minor
• 26871b8 chore(release): Publish next
• 9a26700 chore(changelogs): update changelogs (#38667)
• Additional commits viewable in compare view

This version was pushed to npm by serhalp-netlify, a new releaser for gatsby-transformer-remark since your current version.

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  You can disable automated security fix PRs for this repo from the Security Alerts page.