YaleSTC / reservations

Manage equipment loans & reservations. Who can borrow what, for how long?
yalestc.github.io/reservations
MIT License
139 stars 57 forks source link

Bump loofah from 2.3.0 to 2.3.1 #1788

Closed dependabot[bot] closed 5 years ago

dependabot[bot] commented 5 years ago

Bumps loofah from 2.3.0 to 2.3.1.

Release notes *Sourced from [loofah's releases](https://github.com/flavorjones/loofah/releases).* > ## 2.3.1 / 2019-10-22 > > ### Security > > Address CVE-2019-15587: Unsanitized JavaScript may occur in sanitized output when a crafted SVG element is republished. > > This CVE's public notice is at [flavorjones/loofah#171](https://github-redirect.dependabot.com/flavorjones/loofah/issues/171)
Changelog *Sourced from [loofah's changelog](https://github.com/flavorjones/loofah/blob/master/CHANGELOG.md).* > ## 2.3.1 / 2019-10-22 > > ### Security > > Address CVE-2019-15587: Unsanitized JavaScript may occur in sanitized output when a crafted SVG element is republished. > > This CVE's public notice is at [flavorjones/loofah#171](https://github-redirect.dependabot.com/flavorjones/loofah/issues/171)
Commits - [`83df303`](https://github.com/flavorjones/loofah/commit/83df303aa14d58f76349b59e6917ae61ce011a83) version bump to v2.3.1 - [`e323a77`](https://github.com/flavorjones/loofah/commit/e323a776dd2755a837a67895eaa3cdae44495254) Merge pull request [#172](https://github-redirect.dependabot.com/flavorjones/loofah/issues/172) from flavorjones/171-xss-vulnerability - [`1d81f91`](https://github.com/flavorjones/loofah/commit/1d81f919bd29458a3b80966f9b6870b74b839dc9) update CHANGELOG - [`0c6617a`](https://github.com/flavorjones/loofah/commit/0c6617af440879ce97440f6eb6c58636456dc8ec) mitigate XSS vulnerability in SVG animate attributes - [`a5bd819`](https://github.com/flavorjones/loofah/commit/a5bd819f3ef13d5d4595106557c26169df2ef3a0) rufo formatting - [`1bdf276`](https://github.com/flavorjones/loofah/commit/1bdf27600cf2433eb71fa542cce210663d8abef8) formatting in README - [`1908dc2`](https://github.com/flavorjones/loofah/commit/1908dc2defba6049bc17519c8b128d7030915204) update CHANGELOG with release date - [`bcbd7b3`](https://github.com/flavorjones/loofah/commit/bcbd7b373176db3b4b2b249caaf196b625779c1b) update dev gemspec - See full diff in [compare view](https://github.com/flavorjones/loofah/compare/v2.3.0...v2.3.1)


Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot ignore this [patch|minor|major] version` will close this PR and stop Dependabot creating any more for this minor/major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) - `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language - `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language - `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language - `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/YaleSTC/reservations/network/alerts).
dependabot[bot] commented 5 years ago

Looks like loofah is up-to-date now, so this is no longer needed.