feat(deps): Bump sanitize-html to 2.17.4

[jfox-box]

Bumps sanitize-html to 2.17.4 to fix an XSS vulnerability.

Summary by CodeRabbit

• Chores
  • Updated sanitize-html dependency to v2.17.4.

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: b29c2c61-6282-46f6-9e5c-9471ced13244

📥 Commits

Reviewing files that changed from the base of the PR and between 4bcf08a and 40adfa7.

⛔ Files ignored due to path filters (1)

• yarn.lock is excluded by !**/yarn.lock, !**/*.lock

📒 Files selected for processing (1)

• package.json

---

Walkthrough

The PR bumps the sanitize-html dependency version from ^2.14.0 to ^2.17.4 in both the devDependencies and peerDependencies sections of package.json.

Changes

Dependency Update

Layer / File(s)	Summary
sanitize-html version bump package.json	sanitize-html dependency version is updated from ^2.14.0 to ^2.17.4 in both devDependencies and peerDependencies.

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~2 minutes

Suggested labels

ready-to-merge

Suggested reviewers

• tjuanitas
• jpan-box
• tjiang-box

Poem

🐰 A hop, a skip, through version streams,
sanitize-html reaches new dreams,
From 2.14 to 2.17, clean and bright,
Dependencies dancing in morning light,
Box UI Elements, refined and tight! ✨

🚥 Pre-merge checks | ✅ 4 | ❌ 1

❌ Failed checks (1 inconclusive)

Check name	Status	Explanation	Resolution
Description check	❓ Inconclusive	The description provides the essential context (fixing an XSS vulnerability) but lacks detailed information about the vulnerability, impact, testing, and migration considerations.	Expand the description with details about the XSS vulnerability being fixed, any breaking changes between versions, testing performed, and any migration steps required for this update.

✅ Passed checks (4 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title accurately summarizes the main change: bumping the sanitize-html dependency to version 2.17.4, which matches the package.json updates shown in the changeset.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch bump-sanitize-html-2.17.4

Tip

💬 Introducing Slack Agent: The best way for teams to turn conversations into code.

Slack Agent is built on CodeRabbit's deep understanding of your code, so your team can collaborate across the entire SDLC without losing context.

• Generate code and open pull requests
• Plan features and break down work
• Investigate incidents and troubleshoot customer tickets together
• Automate recurring tasks and respond to alerts with triggers
• Summarize progress and report instantly

Built for teams:

• Shared memory across your entire org—no repeating context
• Per-thread sandboxes to safely plan and execute work
• Governance built-in—scoped access, auditability, and budget controls

One agent for your entire SDLC. Right inside Slack.

👉 Get started

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[socket-security]

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff	Package	Supply Chain Security	Vulnerability	Quality	Maintenance	License
	npm/​sanitize-html@​2.14.0 ⏵ 2.17.4	+1	+75	+1	+3

View full report