RUSTSEC-2021-0026: XSS in `comrak`

[github-actions[bot]]

XSS in comrak

Details
Package	comrak
Version	0.7.0
URL	https://github.com/kivikakk/comrak/releases/tag/0.9.1
Date	2021-02-21
Patched versions	>=0.9.1

The comrak we were matching unsafe URL prefixes, such as data: or javascript: , in a case-sensitive manner. This meant prefixes like Data: were untouched.

See advisory page for additional details.