fix(deps): update dependency sanitize-html to v2.17.4 [security] [ci skip] (#17402)

* fix(deps): update dependency sanitize-html to v2.17.4 [security] * fix minimumReleaseAgeExclude --------- Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: kakkokari-gtyih <67428053+kakkokari-gtyih@users.noreply.github.com>
2026-06-25 17:10:43 +00:00 · 2026-05-15 09:44:57 +09:00 · 2026-05-15 09:44:57 +09:00 · 08c6efb044
commit 08c6efb044
parent 62b323b58b
4 changed files with 19 additions and 9 deletions
--- a/packages/backend/package.json
+++ b/packages/backend/package.json
@ -138,7 +138,7 @@
 		"rename": "1.0.4",
 		"rss-parser": "3.13.0",
 		"rxjs": "7.8.2",
-		"sanitize-html": "2.17.3",
+		"sanitize-html": "2.17.4",
 		"secure-json-parse": "4.1.0",
 		"semver": "7.7.4",
 		"sharp": "0.33.5",
--- a/packages/frontend/package.json
+++ b/packages/frontend/package.json
@ -60,7 +60,7 @@
 		"punycode.js": "2.3.1",
 		"qr-code-styling": "1.9.2",
 		"qr-scanner": "1.4.2",
-		"sanitize-html": "2.17.3",
+		"sanitize-html": "2.17.4",
 		"shiki": "4.0.2",
 		"textarea-caret": "3.1.0",
 		"three": "0.184.0",
--- a/pnpm-lock.yaml
+++ b/pnpm-lock.yaml
@ -346,8 +346,8 @@ importers:
        specifier: 7.8.2
        version: 7.8.2
      sanitize-html:
-        specifier: 2.17.3
-        version: 2.17.3
+        specifier: 2.17.4
+        version: 2.17.4
      secure-json-parse:
        specifier: 4.1.0
        version: 4.1.0
@ -738,8 +738,8 @@ importers:
        specifier: 1.4.2
        version: 1.4.2
      sanitize-html:
-        specifier: 2.17.3
-        version: 2.17.3
+        specifier: 2.17.4
+        version: 2.17.4
      shiki:
        specifier: 4.0.2
        version: 4.0.2
@ -7207,6 +7207,9 @@ packages:
    resolution: {integrity: sha512-9zy9lkjac+TR1c2tG+mkNSVlyOpInnWdSMiue4F+kq8TwJSgv6o8jhLRg8Ho6SnZ9wOYUq/yozts9qQCfk7bIw==}
    engines: {node: '>=18'}

+  launder@1.7.1:
+    resolution: {integrity: sha512-mU6WRz5EusL9ZZuiZ5SO4Y6C0P9PAUR9iwdb6bzj4KDihm28DiHFw+/yk9DBH4f+Pv1wuzQ4e2jV3oQ7mkIqvw==}
+
  lazy-ass@1.6.0:
    resolution: {integrity: sha512-cc8oEVoctTvsFZ/Oje/kGnHbpWHYBe8IAJe4C0QNc3t8uM/0Y8+erSz/7Y1ALuXTEZTMvxXwO6YbX1ey3ujiZw==}
    engines: {node: '> 0.8'}
@ -8901,8 +8904,8 @@ packages:
  safer-buffer@2.1.2:
    resolution: {integrity: sha512-YZo3K82SD7Riyi0E1EQPojLz7kpepnSQI9IyPbHHg1XXXevb5dJI7tpyN2ADxGcQbHG7vcyRHk0cbwqcQriUtg==}

-  sanitize-html@2.17.3:
-    resolution: {integrity: sha512-Kn4srCAo2+wZyvCNKCSyB2g8RQ8IkX/gQs2uqoSRNu5t9I2qvUyAVvRDiFUVAiX3N3PNuwStY0eNr+ooBHVWEg==}
+  sanitize-html@2.17.4:
+    resolution: {integrity: sha512-2HW7v2ol/uAM7sX4hbD8Z59OGWmAPrvjL8E71UWlBcj6m+kcF6ilQBLny+cIgY214QJeJT5tQuxKKqX0SQqjGQ==}

  sass-embedded-all-unknown@1.99.0:
    resolution: {integrity: sha512-qPIRG8Uhjo6/OKyAKixTnwMliTz+t9K6Duk0mx5z+K7n0Ts38NSJz2sjDnc7cA/8V9Lb3q09H38dZ1CLwD+ssw==}
@ -17116,6 +17119,10 @@ snapshots:

  ky@1.14.3: {}

+  launder@1.7.1:
+    dependencies:
+      dayjs: 1.11.20
+
  lazy-ass@1.6.0: {}

  lazystream@1.0.1:
@ -19060,12 +19067,13 @@ snapshots:

  safer-buffer@2.1.2: {}

-  sanitize-html@2.17.3:
+  sanitize-html@2.17.4:
    dependencies:
      deepmerge: 4.3.1
      escape-string-regexp: 4.0.0
      htmlparser2: 10.1.0
      is-plain-object: 5.0.0
+      launder: 1.7.1
      parse-srcset: 1.0.2
      postcss: 8.5.14

--- a/pnpm-workspace.yaml
+++ b/pnpm-workspace.yaml
@ -56,6 +56,8 @@ minimumReleaseAgeExclude:
  - re2 # そのうち消す
  - nan # そのうち消す
  - systeminformation # 脆弱性対応。そのうち消す
+  - sanitize-html # 脆弱性対応。そのうち消す
+  - launder # 脆弱性対応。そのうち消す
 overrides:
  '@aiscript-dev/aiscript-languageserver': '-'
  chokidar: 5.0.0