Bump loofah from 2.2.3 to 2.6.0

[dependabot[bot]]

Bumps loofah from 2.2.3 to 2.6.0.

Release notes

Sourced from loofah's releases.

2.6.0 / 2020-06-16

Features

• Allow CSS border-style keywords. [#188] (Thanks, @tarcisiozf!)

2.5.0 / 2020-04-05

Features

• Allow more CSS length units: "ch", "vw", "vh", "Q", "lh", "vmin", "vmax". [#178] (Thanks, @JuanitoFatas!)

Fixes

• Remove comments from Loofah::HTML::Documents that exist outside the html element. [#80]

Other changes

• Gem metadata being set [#181] (Thanks, @JuanitoFatas!)
• Test files removed from gem file [#180,#166,#159] (Thanks, @JuanitoFatas and @greysteil!)

2.4.0 / 2019-11-25

Features

• Allow CSS property max-width #175 (Thanks, @bchaney!)
• Allow CSS sizes expressed in rem [#176, #177]
• Add frozen_string_literal: true magic comment to all lib files. #118

2.3.1 / 2019-10-22

Security

Address CVE-2019-15587: Unsanitized JavaScript may occur in sanitized output when a crafted SVG element is republished.

This CVE's public notice is at flavorjones/loofah#171

2.3.0 / 2019-09-28

Features

• Expand set of allowed protocols to include tel: and line:. [#104, #147]
• Expand set of allowed CSS functions. [related to #122]
• Allow greater precision in shorthand CSS values. #149 (Thanks, @danfstucky!)
• Allow CSS property list-style #162 (Thanks, @jaredbeck!)
• Allow CSS keywords thick and thin #168 (Thanks, @georgeclaghorn!)
• Allow HTML property contenteditable #167 (Thanks, @andreynering!)

Changelog

Sourced from loofah's changelog.

2.6.0 / 2020-06-16

Features

• Allow CSS border-style keywords. [#188] (Thanks, @tarcisiozf!)

2.5.0 / 2020-04-05

Features

• Allow more CSS length units: "ch", "vw", "vh", "Q", "lh", "vmin", "vmax". [#178] (Thanks, @JuanitoFatas!)

Fixes

• Remove comments from Loofah::HTML::Documents that exist outside the html element. [#80]

Other changes

• Gem metadata being set [#181] (Thanks, @JuanitoFatas!)
• Test files removed from gem file [#180,#166,#159] (Thanks, @JuanitoFatas and @greysteil!)

2.4.0 / 2019-11-25

Features

• Allow CSS property max-width [#175] (Thanks, @bchaney!)
• Allow CSS sizes expressed in rem [#176, #177]
• Add frozen_string_literal: true magic comment to all lib files. [#118]

2.3.1 / 2019-10-22

Security

Address CVE-2019-15587: Unsanitized JavaScript may occur in sanitized output when a crafted SVG element is republished.

This CVE's public notice is at #171

2.3.0 / 2019-09-28

Features

• Expand set of allowed protocols to include tel: and line:. [#104, #147]
• Expand set of allowed CSS functions. [related to #122]
• Allow greater precision in shorthand CSS values. [#149] (Thanks, @danfstucky!)

Commits

• e48f298 version bump to v2.6.0
• 4e8a64c ci: update pipeline icon to "cog"
• c3d8a6d update CHANGELOG
• 93289f2 dep: update to hoe-markdown ~> v1.2
• 9ac6450 ci: remove serial group on PR pipeline
• e14b903 Merge pull request #188 from pipefy/add-css-keywords
• b519a4a order alphabeticaly
• 6c329e8 ci: update github icons
• deb3fa3 maintenance: use hoe-markdown to manage markdown files
• 296da9b packaging: update gemspec changelog URL
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) - `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language - `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language - `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language - `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/fractaledmind/activeset/network/alerts).

[codecov[bot]]

Codecov Report

Merging #53 into master will not change coverage. The diff coverage is n/a.

@@           Coverage Diff           @@
##           master      #53   +/-   ##
=======================================
  Coverage   99.76%   99.76%           
=======================================
  Files          17       17           
  Lines         421      421           
=======================================
  Hits          420      420           
  Misses          1        1           

---

Continue to review full report at Codecov.

Legend - Click here to learn more Δ = absolute <relative> (impact), ø = not affected, ? = missing data Powered by Codecov. Last update e21c170...aa76f4d. Read the comment docs.