Update dependency sanitize-html to v2.17.4

[renovate]

This PR contains the following updates:

Package	Change	Age	Confidence
sanitize-html (source)	2.17.0 → 2.17.4

---

Release Notes

apostrophecms/apostrophe (sanitize-html)

v2.17.4

Changes

• sanitize-html and launder now share a single implementation of naughtyHref, based on that which previously existed in sanitize-html.

Security

• Security vulnerability: the xmp tag could be used to pass forbidden markup through sanitize-html, even when xmp itself is not explicitly allowed All users of sanitize-html should update immediately. Thanks to Vincenzo Turturro for reporting the vulnerability.

v2.17.3

Compare Source

Security

• Fix vulnerability introduced in version 2.17.2 that allowed XSS attacks if the developer chose to permit option tags. There was no vulnerability when not explicitly allowing option tags.

v2.17.2

Compare Source

Changes

• Upgrade htmlparser2 from 8.x to 10.1.0. This improves security by correctly decoding zero-padded numeric character references (e.g., &#​0000001) that previously bypassed javascript: URL detection. Also fixes double-encoding of entities inside raw text elements like textarea and option.

v2.17.1

Compare Source

Fixes

• Fix unclosed tags (e.g., <hello) returning empty string in escape and recursiveEscape modes. Fixes #​706.
  Thanks to Byeong Hyeon for the fix.

---

Configuration

📅 Schedule: (in timezone Etc/UTC)

• Branch creation
  • Only on Sunday and Saturday (* * * * 0,6)
  • Between 12:00 AM and 12:59 PM, only on Monday (* 0-12 * * 1)
  • Between 09:00 PM and 11:59 PM, Monday through Friday (* 21-23 * * 1-5)
  • Between 12:00 AM and 04:59 AM, Tuesday through Saturday (* 0-4 * * 2-6)
• Automerge
  • Only on Sunday and Saturday (* * * * 0,6)
  • Between 12:00 AM and 12:59 PM, only on Monday (* 0-12 * * 1)
  • Between 10:00 PM and 11:59 PM, Monday through Friday (* 22-23 * * 1-5)
  • Between 12:00 AM and 04:59 AM, Tuesday through Saturday (* 0-4 * * 2-6)

🚦 Automerge: Enabled.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 73.82%. Comparing base (faef017) to head (c764a35).

Additional details and impacted files

@@            Coverage Diff             @@
##             main   #28098      +/-   ##
==========================================
- Coverage   73.82%   73.82%   -0.01%     
==========================================
  Files        1528     1528              
  Lines      129417   129417              
  Branches    15514    15510       -4     
==========================================
- Hits        95540    95538       -2     
- Misses      32896    32923      +27     
+ Partials      981      956      -25     

Flag	Coverage Δ
admin-tests	54.03% <ø> (ø)
e2e-tests	73.82% <ø> (-0.01%)	⬇️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.