Create advisory to raise awareness of previously fixed sanitisation bypasses

[the-cartographer]

Hey team, hope you're well!

Back in #19, @crookedneighbor helped patch some bypasses in the sanitisation logic for inject-stylesheet

Although this was quite some time ago, looking at https://www.npmjs.com/package/inject-stylesheet?activeTab=versions it seems there have still been ~36,000 downloads of the old vulnerable v4.0.0 of the library over the last 7 days.

To give developers the best chance of realising they might be running an old unpatched version (via Dependabot, Snyk, npm-audit, etc), can we raise a security advisory for the sanitisation bypasses that have been fixed previously?

https://docs.github.com/en/code-security/security-advisories/working-with-repository-security-advisories/creating-a-repository-security-advisory

[the-cartographer]

Hi @jplukarski and @oscarleonnogales 👋

Just tagging you for visibility of the above comment as the two most recent contributors - is this project still being actively maintained?

Thanks!