fix(deps): update dependency sanitize-html to v2.17.4 #271

renovate-bot · 2026-05-13T21:10:00Z

renovate-bot commented

2026-05-13 21:10:00 +00:00

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence
sanitize-html (source)	`2.17.3` → `2.17.4`

Release Notes

apostrophecms/apostrophe (sanitize-html)

`v2.17.4`

Changes

sanitize-html and launder now share a single implementation of naughtyHref, based on that which previously existed in sanitize-html.

Security

Security vulnerability: the xmp tag could be used to pass forbidden markup through sanitize-html, even when xmp itself is not explicitly allowed All users of sanitize-html should update immediately. Thanks to Vincenzo Turturro for reporting the vulnerability.

Configuration

📅 Schedule: (in timezone America/Chicago)

Branch creation
- At any time (no schedule defined)
Automerge
- At any time (no schedule defined)

🚦 Automerge: Enabled.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

If you want to rebase/retry this PR, check this box

This PR has been generated by Mend Renovate.

This PR contains the following updates: | Package | Change | [Age](https://docs.renovatebot.com/merge-confidence/) | [Adoption](https://docs.renovatebot.com/merge-confidence/) | [Passing](https://docs.renovatebot.com/merge-confidence/) | [Confidence](https://docs.renovatebot.com/merge-confidence/) | |---|---|---|---|---|---| | [sanitize-html](https://github.com/apostrophecms/apostrophe/tree/main/packages/sanitize-html#readme) ([source](https://github.com/apostrophecms/apostrophe/tree/HEAD/packages/sanitize-html)) | [`2.17.3` → `2.17.4`](https://renovatebot.com/diffs/npm/sanitize-html/2.17.3/2.17.4) | ![age](https://developer.mend.io/api/mc/badges/age/npm/sanitize-html/2.17.4?slim=true) | ![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/sanitize-html/2.17.4?slim=true) | ![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/sanitize-html/2.17.3/2.17.4?slim=true) | ![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/sanitize-html/2.17.3/2.17.4?slim=true) | --- ### Release Notes <details> <summary>apostrophecms/apostrophe (sanitize-html)</summary> ### [`v2.17.4`](https://github.com/apostrophecms/apostrophe/blob/HEAD/packages/sanitize-html/CHANGELOG.md#2174) ##### Changes - `sanitize-html` and `launder` now share a single implementation of `naughtyHref`, based on that which previously existed in `sanitize-html`. ##### Security - Security vulnerability: the xmp tag could be used to pass forbidden markup through sanitize-html, even when xmp itself is not explicitly allowed All users of sanitize-html should update immediately. Thanks to [Vincenzo Turturro](https://github.com/sushi-gif) for reporting the vulnerability. </details> --- ### Configuration 📅 **Schedule**: (in timezone America/Chicago) - Branch creation - At any time (no schedule defined) - Automerge - At any time (no schedule defined) 🚦 **Automerge**: Enabled. ♻ **Rebasing**: Whenever PR is behind base branch, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] If you want to rebase/retry this PR, check this box --- This PR has been generated by [Mend Renovate](https://github.com/renovatebot/renovate).

renovate-bot added 1 commit 2026-05-13 21:10:01 +00:00

fix(deps): update dependency sanitize-html to v2.17.4

renovate/stability-days Updates have not met minimum release age requirement

Details

test-build / guarddog (pull_request) Successful in 1m13s

Details

test-build / build (pull_request) Successful in 1m50s

Details

6c72bab2cf

renovate-bot scheduled this pull request to auto merge when all checks succeed 2026-05-13 21:10:04 +00:00

alexlebens merged commit 0302fea1a1 into main

2026-05-13 21:16:58 +00:00