[Security] Bump loofah from 2.2.2 to 2.2.3

[greysteil]

Bumps loofah from 2.2.2 to 2.2.3. This update includes security fixes.

Vulnerabilities fixed

*Sourced from The Ruby Advisory Database.* > **Loofah XSS Vulnerability** > In the Loofah gem, through v2.2.2, unsanitized JavaScript may occur in sanitized output when a crafted SVG element is republished. > > Patched versions: >= 2.2.3 > Unaffected versions: none

Release notes

*Sourced from [loofah's releases](https://github.com/flavorjones/loofah/releases).* > ## v2.2.3 > Notably, this release addresses [CVE-2018-16468](https://github-redirect.dependabot.com/flavorjones/loofah/issues/154).

Changelog

*Sourced from [loofah's changelog](https://github.com/flavorjones/loofah/blob/master/CHANGELOG.md).* > ## 2.2.3 / 2018-10-30 > > ### Security > > Address CVE-2018-16468: Unsanitized JavaScript may occur in sanitized output when a crafted SVG element is republished. > > This CVE's public notice is at https://github-redirect.dependabot.com/flavorjones/loofah/issues/154 > > > ## Meta / 2018-10-27 > > The mailing list is now on Google Groups [#146](https://github-redirect.dependabot.com/flavorjones/loofah/issues/146): > > * Mail: loofah-talk@googlegroups.com > * Archive: https://groups.google.com/forum/#!forum/loofah-talk > > This change was made because librelist no longer appears to be maintained.

Commits

- [`cb3dbfa`](https://github.com/flavorjones/loofah/commit/cb3dbfa604195b99b3a811e040584daec7663504) version bump to v2.2.3 and update CHANGELOG - [`71e4b54`](https://github.com/flavorjones/loofah/commit/71e4b5434fbcb2ad87643f0c9fecfc3a847943c4) remove the svg animate attribute `from` from the allowlist - [`3556e2b`](https://github.com/flavorjones/loofah/commit/3556e2b44f7401aaccbb10e2abac4e044391267a) add formatting to CHANGELOG - [`ac7c50d`](https://github.com/flavorjones/loofah/commit/ac7c50de12398c90ffba907bf132af66bcc242be) updated mailing list to a new Google Group - [`de6b0f3`](https://github.com/flavorjones/loofah/commit/de6b0f33cde92b6028c1ef973e5fc24478890fc9) extract msword html data into an asset file - See full diff in [compare view](https://github.com/flavorjones/loofah/compare/v2.2.2...v2.2.3)

Would still love you to use Dependabot on this repo - it's free and will make your life better, I promise! You'd also be helping us help the community, because it would let us feed back any bugs your test suite surfaces to maintainers.

[coveralls]

Coverage remained the same at 90.538% when pulling 3e3be26bed632b4d205dcbb18695a3204e62a61a on greysteil:dependabot/bundler/loofah-2.2.3 into 72f5f306650f3bfd4ccc5e120a1daa931ce9ee02 on ivaldi:master.

[coveralls]

Coverage remained the same at 90.538% when pulling 3e3be26bed632b4d205dcbb18695a3204e62a61a on greysteil:dependabot/bundler/loofah-2.2.3 into 72f5f306650f3bfd4ccc5e120a1daa931ce9ee02 on ivaldi:master.

[coveralls]

Coverage remained the same at 90.538% when pulling 3e3be26bed632b4d205dcbb18695a3204e62a61a on greysteil:dependabot/bundler/loofah-2.2.3 into 72f5f306650f3bfd4ccc5e120a1daa931ce9ee02 on ivaldi:master.

[coveralls]

Coverage remained the same at 90.538% when pulling 3e3be26bed632b4d205dcbb18695a3204e62a61a on greysteil:dependabot/bundler/loofah-2.2.3 into 72f5f306650f3bfd4ccc5e120a1daa931ce9ee02 on ivaldi:master.

[coveralls]

Coverage remained the same at 90.538% when pulling 3e3be26bed632b4d205dcbb18695a3204e62a61a on greysteil:dependabot/bundler/loofah-2.2.3 into 72f5f306650f3bfd4ccc5e120a1daa931ce9ee02 on ivaldi:master.