Update dependency sanitize-html to v1.27.5

[renovate]

This PR contains the following updates:

Package	Change	Age	Confidence
sanitize-html (source)	1.22.0 → 1.27.5

---

Release Notes

apostrophecms/apostrophe (sanitize-html)

v1.27.5

Compare Source

• Updates README to include ES modules syntax.

v1.27.4

Compare Source

• Fixes an IE11 regression from using Array.prototype.includes, replacing it with Array.prototype.indexOf.

v1.27.3

Compare Source

• Fixes a bug when using transformTags with out textFilter. Thanks to Andrzej Porebski for the help with a failing test.

v1.27.2

Compare Source

• Fixes CHANGELOG links. Thanks to Alex Mayer for the contribution.
• Replaces srcset with parse-srcset. Thanks to Massimiliano Mirra for the contribution.

v1.27.1

Compare Source

• Removes the unused chalk dependency.
• Adds configuration for a Github stale bot.
• Replace xtend package with native Object.assign.

v1.27.0

Compare Source

• Adds the allowedIframeDomains option. This works similar to allowedIframeHostnames, where you would set it to an array of web domains. It would then permit any hostname on those domains to be used in iframe src attributes. Thanks to Stanislav Kravchenko for the contribution.

v1.26.0

Compare Source

• Adds the option element to the default nonTextTagsArray of tags with contents that aren't meant to be displayed visually as text. This can be overridden with the nonTextTags option.

v1.25.0

Compare Source

• Adds enforceHtmlBoundary option to process code bounded by the html tag, discarding any code outside of those tags.
• Migrates to the main lodash package from the per method packages since they are deprecated and cause code duplication. Thanks to Merceyz for the contribution.
• Adds a warning when style and script tags are allowed, as they are inherently vulnerable to being used in XSS attacks. That warning can be disabled by including the option allowVulnerableTags: true so this choice is knowing and explicit.

v1.24.0

Compare Source

• Fixes a bug where self-closing tags resulted in deletion with disallowedTagsMode: 'escape' set. Thanks to Thiago Negri for the contribution.
• Adds abbr to the default allowedTags for better accessibility support. Thanks to Will Farrell for the contribution.
• Adds a mediaChildren property to the frame object in custom filters. This allows you to check for links or other parent tags that contain self-contained media to prevent collapse, regardless of whether there is also text inside. Thanks to axdg for the initial implementation and Marco Arduini for a failing test contribution.

v1.23.0

Compare Source

• Adds eslint configuration and adds eslint to test script.
• Sets sideEffects: false on package.json to allow module bundlers like webpack tree-shake this module and all the dependencies from client build. Thanks to Egor Voronov for the contribution.
• Adds the tagName (HTML element name) as a second parameter passed to textFilter. Thanks to Slava for the contribution.

v1.22.1

Compare Source

ncreases the patch version of lodash.mergewith to enforce an audit fix.

---

Configuration

📅 Schedule: (UTC)

• Branch creation
  • At any time (no schedule defined)
• Automerge
  • At any time (no schedule defined)

🚦 Automerge: Enabled.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[renovate]

Autoclosing Skipped

This PR has been flagged for autoclosing. However, it is being skipped due to the branch being already modified. Please close/delete it manually or report a bug if you think this is in error.