Update dependency sanitize-html to v2.17.2

[gardener-ci-robot]

This PR contains the following updates:

Package	Change	Age	Confidence
sanitize-html (source)	2.17.1 → 2.17.2

---

Release Notes

apostrophecms/apostrophe (sanitize-html)

v2.17.2

Compare Source

Changes

• Upgrade htmlparser2 from 8.x to 10.1.0. This improves security by correctly decoding zero-padded numeric character references (e.g., &#​0000001) that previously bypassed javascript: URL detection. Also fixes double-encoding of entities inside raw text elements like textarea and option.

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Enabled.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR has been generated by Renovate Bot.

[coderabbitai]

📝 Walkthrough

Walkthrough

Updated Yarn Plug'n'Play runtime metadata in .pnp.cjs: bumped sanitize-html from 2.17.1 → 2.17.2, htmlparser2 from 8.0.2 → 10.1.0, and transitively entities from 4.5.0 → 7.0.1; adjusted packageLocation paths, hashes, and internal dependency references accordingly.

Changes

Cohort / File(s)	Summary
PnP runtime manifest ./.pnp.cjs	Bumped sanitize-html to npm:2.17.2, htmlparser2 to npm:10.1.0, and entities to npm:7.0.1; updated cache packageLocation entries, package hashes, and dependency graph mappings within the PnP runtime state.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~12 minutes

Possibly related PRs

• Update dependency sanitize-html to v2.17.1 #2783: Prior bump of sanitize-html metadata in .pnp.cjs (related version upgrade chain).

Suggested reviewers

• holgerkoser
• klocke-io
• petersutter
• grolu

Poem

🐰✨
A hop through the lockfile, versions rise,
sanitize trims and parsers grow wise,
caches shift paths in quiet delight,
small bumps that keep packages right,
nibble the changelog, then onward we hop!

🚥 Pre-merge checks | ✅ 2 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Description check	⚠️ Warning	The PR description is generated by Renovate Bot and includes a dependency update table with release notes, but lacks all required template sections.	Add the required sections: 'What this PR does / why we need it', 'Which issue(s) this PR fixes', 'Special notes for your reviewer', and 'Release note' in the specified format.

✅ Passed checks (2 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title directly and specifically references the main dependency update from sanitize-html 2.17.1 to 2.17.2, which is the primary focus of the changeset.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

📝 Generate docstrings

• Create stacked PR
• Commit on current branch

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch renovate/sanitize-html-2.x-lockfile

📝 Coding Plan

• Generate coding plan for human review comments

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[petersutter]

/lgtm /approve

[gardener-prow]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: petersutter

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Details

Needs approval from an approver in each of these files:

• OWNERS [petersutter]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[gardener-prow]

LGTM label has been added.

Details

Git tree hash: 835de4297995aa303d6c5b9f06f8e308608ec009