Bumps loofah from 2.2.2 to 2.2.3. This update includes security fixes.
Vulnerabilities fixed
*Sourced from [The Ruby Advisory Database](https://github.com/rubysec/ruby-advisory-db/blob/master/gems/loofah/CVE-2018-16468.yaml).*
> **Loofah XSS Vulnerability**
> In the Loofah gem, through v2.2.2, unsanitized JavaScript may occur in
> sanitized output when a crafted SVG element is republished.
>
> Patched versions: >= 2.2.3
> Unaffected versions: none
Release notes
*Sourced from [loofah's releases](https://github.com/flavorjones/loofah/releases).*
> ## v2.2.3
> Notably, this release addresses [CVE-2018-16468](https://github-redirect.dependabot.com/flavorjones/loofah/issues/154).
Changelog
*Sourced from [loofah's changelog](https://github.com/flavorjones/loofah/blob/master/CHANGELOG.md).*
> ## 2.2.3 / 2018-10-30
>
> ### Security
>
> Address CVE-2018-16468: Unsanitized JavaScript may occur in sanitized output when a crafted SVG element is republished.
>
> This CVE's public notice is at https://github-redirect.dependabot.com/flavorjones/loofah/issues/154
>
>
> ## Meta / 2018-10-27
>
> The mailing list is now on Google Groups [#146](https://github-redirect.dependabot.com/flavorjones/loofah/issues/146):
>
> * Mail: loofah-talk@googlegroups.com
> * Archive: https://groups.google.com/forum/#!forum/loofah-talk
>
> This change was made because librelist no longer appears to be maintained.
Commits
- [`cb3dbfa`](https://github.com/flavorjones/loofah/commit/cb3dbfa604195b99b3a811e040584daec7663504) version bump to v2.2.3 and update CHANGELOG
- [`71e4b54`](https://github.com/flavorjones/loofah/commit/71e4b5434fbcb2ad87643f0c9fecfc3a847943c4) remove the svg animate attribute `from` from the allowlist
- [`3556e2b`](https://github.com/flavorjones/loofah/commit/3556e2b44f7401aaccbb10e2abac4e044391267a) add formatting to CHANGELOG
- [`ac7c50d`](https://github.com/flavorjones/loofah/commit/ac7c50de12398c90ffba907bf132af66bcc242be) updated mailing list to a new Google Group
- [`de6b0f3`](https://github.com/flavorjones/loofah/commit/de6b0f33cde92b6028c1ef973e5fc24478890fc9) extract msword html data into an asset file
- See full diff in [compare view](https://github.com/flavorjones/loofah/compare/v2.2.2...v2.2.3)
Bumps loofah from 2.2.2 to 2.2.3. This update includes security fixes.
Vulnerabilities fixed
*Sourced from [The Ruby Advisory Database](https://github.com/rubysec/ruby-advisory-db/blob/master/gems/loofah/CVE-2018-16468.yaml).* > **Loofah XSS Vulnerability** > In the Loofah gem, through v2.2.2, unsanitized JavaScript may occur in > sanitized output when a crafted SVG element is republished. > > Patched versions: >= 2.2.3 > Unaffected versions: noneRelease notes
*Sourced from [loofah's releases](https://github.com/flavorjones/loofah/releases).* > ## v2.2.3 > Notably, this release addresses [CVE-2018-16468](https://github-redirect.dependabot.com/flavorjones/loofah/issues/154).Changelog
*Sourced from [loofah's changelog](https://github.com/flavorjones/loofah/blob/master/CHANGELOG.md).* > ## 2.2.3 / 2018-10-30 > > ### Security > > Address CVE-2018-16468: Unsanitized JavaScript may occur in sanitized output when a crafted SVG element is republished. > > This CVE's public notice is at https://github-redirect.dependabot.com/flavorjones/loofah/issues/154 > > > ## Meta / 2018-10-27 > > The mailing list is now on Google Groups [#146](https://github-redirect.dependabot.com/flavorjones/loofah/issues/146): > > * Mail: loofah-talk@googlegroups.com > * Archive: https://groups.google.com/forum/#!forum/loofah-talk > > This change was made because librelist no longer appears to be maintained.Commits
- [`cb3dbfa`](https://github.com/flavorjones/loofah/commit/cb3dbfa604195b99b3a811e040584daec7663504) version bump to v2.2.3 and update CHANGELOG - [`71e4b54`](https://github.com/flavorjones/loofah/commit/71e4b5434fbcb2ad87643f0c9fecfc3a847943c4) remove the svg animate attribute `from` from the allowlist - [`3556e2b`](https://github.com/flavorjones/loofah/commit/3556e2b44f7401aaccbb10e2abac4e044391267a) add formatting to CHANGELOG - [`ac7c50d`](https://github.com/flavorjones/loofah/commit/ac7c50de12398c90ffba907bf132af66bcc242be) updated mailing list to a new Google Group - [`de6b0f3`](https://github.com/flavorjones/loofah/commit/de6b0f33cde92b6028c1ef973e5fc24478890fc9) extract msword html data into an asset file - See full diff in [compare view](https://github.com/flavorjones/loofah/compare/v2.2.2...v2.2.3)