chore(deps): update dependency sanitize-html to v2.17.4

[renovate]

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence
sanitize-html (source)	2.17.1 → 2.17.4
@types/sanitize-html (source)	2.16.0 → 2.16.1

---

Release Notes

apostrophecms/apostrophe (sanitize-html)

v2.17.4

Changes

• sanitize-html and launder now share a single implementation of naughtyHref, based on that which previously existed in sanitize-html.

Security

• Security vulnerability: the xmp tag could be used to pass forbidden markup through sanitize-html, even when xmp itself is not explicitly allowed All users of sanitize-html should update immediately. Thanks to Vincenzo Turturro for reporting the vulnerability.

v2.17.3

Compare Source

Security

• Fix vulnerability introduced in version 2.17.2 that allowed XSS attacks if the developer chose to permit option tags. There was no vulnerability when not explicitly allowing option tags.

v2.17.2

Compare Source

Changes

• Upgrade htmlparser2 from 8.x to 10.1.0. This improves security by correctly decoding zero-padded numeric character references (e.g., &#​0000001) that previously bypassed javascript: URL detection. Also fixes double-encoding of entities inside raw text elements like textarea and option.

---

Configuration

📅 Schedule: (UTC)

• Branch creation
  • At any time (no schedule defined)
• Automerge
  • At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about these updates again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[cloudflare-workers-and-pages]

Deploying charlotte with    Cloudflare Pages

Latest commit:	7e5e602
Status:	✅  Deploy successful!
Preview URL:	https://fc16591e.charlotte-e3z.pages.dev
Branch Preview URL:	https://renovate-sanitize-html-2-x-l.charlotte-e3z.pages.dev

View logs

[cubic-dev-ai]

No issues found across 1 file

Confidence score: 5/5

• Automated review surfaced no issues in the provided summaries.
• No files require special attention.

Architecture diagram

sequenceDiagram
    participant User as Client/User
    participant API as API Controller
    participant Lib as sanitize-html (Library)
    participant DB as Database

    Note over User,DB: Sanitization Flow for Untrusted HTML Input

    User->>API: POST /resource (content: "raw_html")
    
    API->>Lib: CHANGED: sanitize(content, options)
    Note right of Lib: PR updates @types/sanitize-html v2.16.1<br/>Ensures compile-time safety for<br/>sanitization configuration.

    Lib-->>API: Sanitized Safe HTML
    
    API->>DB: Save sanitized content
    DB-->>API: Success
    
    API-->>User: 201 Created / 200 OK

Loading

[netlify]

✅ Deploy Preview for chuwublog ready!

Name	Link
🔨 Latest commit	7e5e602
🔍 Latest deploy log	https://app.netlify.com/projects/chuwublog/deploys/6a04bd3d2e520200088b2c5e
😎 Deploy Preview	https://deploy-preview-336--chuwublog.netlify.app
📱 Preview on mobile	Toggle QR Code... Use your smartphone camera to open QR code link.
Lighthouse	1 paths audited Performance: 78 Accessibility: 97 Best Practices: 100 SEO: 99 PWA: - View the detailed breakdown and full score reports

---

To edit notification comments on pull requests, go to your Netlify project configuration.