Update dependency sanitize-html to v2.17.4

[gardener-ci-robot]

This PR contains the following updates:

Package	Change	Age	Confidence
sanitize-html (source)	2.17.3 → 2.17.4

---

Release Notes

apostrophecms/apostrophe (sanitize-html)

v2.17.4

Changes

• sanitize-html and launder now share a single implementation of naughtyHref, based on that which previously existed in sanitize-html.

Security

• Security vulnerability: the xmp tag could be used to pass forbidden markup through sanitize-html, even when xmp itself is not explicitly allowed All users of sanitize-html should update immediately. Thanks to Vincenzo Turturro for reporting the vulnerability.

---

Configuration

📅 Schedule: (UTC)

• Branch creation
  • At any time (no schedule defined)
• Automerge
  • At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR has been generated by Mend Renovate.

[gardener-prow]

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by:
Once this PR has been reviewed and has the lgtm label, please assign grolu for approval. For more information see the Code Review Process.

The full list of commands accepted by this bot can be found here.

Details

Needs approval from an approver in each of these files:

• OWNERS

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: b4f13b75-5958-4689-9a90-845d0a3e0e0d

📥 Commits

Reviewing files that changed from the base of the PR and between 8fcef0c and 924d74a.

⛔ Files ignored due to path filters (3)

• .yarn/cache/launder-npm-1.7.1-8f3056904f-c4884c08cc.zip is excluded by !**/.yarn/**, !**/*.zip
• .yarn/cache/sanitize-html-npm-2.17.4-f9f9eb85a7-5c352376a4.zip is excluded by !**/.yarn/**, !**/*.zip
• yarn.lock is excluded by !**/yarn.lock, !**/*.lock

📒 Files selected for processing (1)

• .pnp.cjs

---

📝 Walkthrough

Walkthrough

The PR updates the Yarn Plug'n'Play dependency cache to reflect sanitize-html 2.17.4 (bumped from 2.17.3) and introduces launder 1.7.1 as a new transitive dependency of sanitize-html in the generated .pnp.cjs file.

Changes

Dependency Update

Layer / File(s)	Summary
Dependency version bump and cascading cache updates .pnp.cjs	sanitize-html version reference bumped to 2.17.4, new launder 1.7.1 package entry added to the PnP graph, and sanitize-html package block updated with new cache location and revised packageDependencies list including launder.

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~3 minutes

Possibly related PRs

• gardener/dashboard#2882: Both PRs edit the same generated .pnp.cjs entries for the sanitize-html dependency version/resolution/cache path (main: 2.17.3→2.17.4; retrieved: 2.17.2→2.17.3).
• gardener/dashboard#2894: Both PRs directly modify .pnp.cjs to bump the same sanitize-html pinned dependency version and its cached packageLocation in the generated Yarn dependency graph.
• gardener/dashboard#2934: Both PRs modify the Yarn Plug'n'Play .pnp.cjs dependency resolution for sanitize-html, with the main PR bumping it from npm:2.17.3 to npm:2.17.4 (and adding launder).

Suggested labels

size/S

Suggested reviewers

• grolu
• holgerkoser
• klocke-io

Poem

🐰 A rabbit's delight, so small and sweet,
Launder joins sanitize in harmony complete,
From 2.17.3 to the version new,
The cache updates fresh—dependencies true!
With whiskers twitched and paws all set,
This little bump's the safest bet. ✨

🚥 Pre-merge checks | ✅ 4 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Description check	⚠️ Warning	The PR description is incomplete. It lacks required sections from the template including categorization (/area and /kind), explanation of what the PR does/why, special notes, and proper release note formatting.	Fill in the template sections: add /area and /kind categorization, explain why the update is needed (security fix), provide special notes if applicable, and ensure release note follows the specified format.

✅ Passed checks (4 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title clearly and accurately summarizes the main change: updating the sanitize-html dependency from v2.17.3 to v2.17.4.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

📝 Generate docstrings

• Create stacked PR
• Commit on current branch

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch renovate/sanitize-html-2.x-lockfile

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}