Bump rails-html-sanitizer from 1.4.3 to 1.6.0

[dependabot[bot]]

Bumps rails-html-sanitizer from 1.4.3 to 1.6.0.

Release notes

Sourced from rails-html-sanitizer's releases.

1.6.0 / 2023-05-26

• Dependencies have been updated:

  • Loofah ~>2.21 and Nokogiri ~>1.14 for HTML5 parser support
  • As a result, required Ruby version is now >= 2.7.0

  Security updates will continue to be made on the 1.5.x release branch as long as Rails 6.1 (which supports Ruby 2.5) is still in security support.

  Mike Dalessio

• HTML5 standards-compliant sanitizers are now available on platforms supported by Nokogiri::HTML5. These are available as:

  • Rails::HTML5::FullSanitizer
  • Rails::HTML5::LinkSanitizer
  • Rails::HTML5::SafeListSanitizer

  And a new "vendor" is provided at Rails::HTML5::Sanitizer that can be used in a future version of Rails.

  Note that for symmetry Rails::HTML4::Sanitizer is also added, though its behavior is identical to the vendor class methods on Rails::HTML::Sanitizer.

  Users may call Rails::HTML::Sanitizer.best_supported_vendor to get back the HTML5 vendor if it's supported, else the legacy HTML4 vendor.

  Mike Dalessio

• Module namespaces have changed, but backwards compatibility is provided by aliases.

  The library defines three additional modules:

  • Rails::HTML for general functionality (replacing Rails::Html)
  • Rails::HTML4 containing sanitizers that parse content as HTML4
  • Rails::HTML5 containing sanitizers that parse content as HTML5

  The following aliases are maintained for backwards compatibility:

  • Rails::Html points to Rails::HTML
  • Rails::HTML::FullSanitizer points to Rails::HTML4::FullSanitizer
  • Rails::HTML::LinkSanitizer points to Rails::HTML4::LinkSanitizer
  • Rails::HTML::SafeListSanitizer points to Rails::HTML4::SafeListSanitizer

  Mike Dalessio

• LinkSanitizer always returns UTF-8 encoded strings. SafeListSanitizer and FullSanitizer already ensured this encoding.

... (truncated)

Changelog

Sourced from rails-html-sanitizer's changelog.

1.6.0 / 2023-05-26

• Dependencies have been updated:

  • Loofah ~>2.21 and Nokogiri ~>1.14 for HTML5 parser support
  • As a result, required Ruby version is now >= 2.7.0

  Security updates will continue to be made on the 1.5.x release branch as long as Rails 6.1 (which supports Ruby 2.5) is still in security support.

  Mike Dalessio

• HTML5 standards-compliant sanitizers are now available on platforms supported by Nokogiri::HTML5. These are available as:

  • Rails::HTML5::FullSanitizer
  • Rails::HTML5::LinkSanitizer
  • Rails::HTML5::SafeListSanitizer

  And a new "vendor" is provided at Rails::HTML5::Sanitizer that can be used in a future version of Rails.

  Note that for symmetry Rails::HTML4::Sanitizer is also added, though its behavior is identical to the vendor class methods on Rails::HTML::Sanitizer.

  Users may call Rails::HTML::Sanitizer.best_supported_vendor to get back the HTML5 vendor if it's supported, else the legacy HTML4 vendor.

  Mike Dalessio

• Module namespaces have changed, but backwards compatibility is provided by aliases.

  The library defines three additional modules:

  • Rails::HTML for general functionality (replacing Rails::Html)
  • Rails::HTML4 containing sanitizers that parse content as HTML4
  • Rails::HTML5 containing sanitizers that parse content as HTML5

  The following aliases are maintained for backwards compatibility:

  • Rails::Html points to Rails::HTML
  • Rails::HTML::FullSanitizer points to Rails::HTML4::FullSanitizer
  • Rails::HTML::LinkSanitizer points to Rails::HTML4::LinkSanitizer
  • Rails::HTML::SafeListSanitizer points to Rails::HTML4::SafeListSanitizer

  Mike Dalessio

• LinkSanitizer always returns UTF-8 encoded strings. SafeListSanitizer and FullSanitizer already ensured this encoding.

... (truncated)

Commits

• 19fd6cd version bump to v1.6.0
• a9b2f1e doc: update CHANGELOG and README with supported branch info
• ca29c20 doc: update README moving verbose notes after usage
• 3b31be5 version bump to v1.6.0.rc2
• b98af6c Merge pull request #167 from rails/flavorjones-best-supported-vendor-method
• e953444 feat: introduce Rails::HTML::Sanitizer.best_supported_vendor
• 5419017 version bump to v1.6.0.rc1
• 669dcd0 doc: update CONTRIBUTING with release process
• cd77210 Merge pull request #166 from rails/flavorjones-update-deps-for-html5-variation2
• 7cc07bb dep: update loofah and nokogiri to versions fully supporting HTML5
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)