romainbutteaud / Kaffeine

Keeping free Heroku apps awake.
kaffeine.herokuapp.com
1.05k stars 112 forks source link

Bump loofah from 2.2.3 to 2.10.0 #51

Closed dependabot[bot] closed 1 year ago

dependabot[bot] commented 3 years ago

Bumps loofah from 2.2.3 to 2.10.0.

Release notes

Sourced from loofah's releases.

2.10.0 / 2021-06-06

Features

2.9.1 / 2021-04-07

Bug fixes

  • Fix a regression in v2.9.0 which inappropriately removed CSS properties with quoted string values. [#202]

2.9.0 / 2021-01-14

  • Handle CSS functions in a CSS shorthand property (like background). [#199, #200]

2.8.0 / 2020-11-25

  • Allow CSS properties order, flex-direction, flex-grow, flex-wrap, flex-shrink, flex-flow, flex-basis, flex, justify-content, align-self, align-items, and align-content. [#197] (Thanks, @​miguelperez!)

2.7.0 / 2020-08-26

Features

  • Allow CSS properties page-break-before, page-break-inside, and page-break-after. [#190] (Thanks, @​ahorek!)

Fixes

  • Don't drop the !important rule from some CSS properties. [#191] (Thanks, @​b7kich!)

2.6.0 / 2020-06-16

Features

2.5.0 / 2020-04-05

Features

  • Allow more CSS length units: "ch", "vw", "vh", "Q", "lh", "vmin", "vmax". [#178] (Thanks, @​JuanitoFatas!)

Fixes

  • Remove comments from Loofah::HTML::Documents that exist outside the html element. [#80]

... (truncated)

Changelog

Sourced from loofah's changelog.

2.10.0 / 2021-06-06

Features

2.9.1 / 2021-04-07

Bug fixes

  • Fix a regression in v2.9.0 which inappropriately removed CSS properties with quoted string values. [#202]

2.9.0 / 2021-01-14

Features

  • Handle CSS functions in a CSS shorthand property (like background). [#199, #200]

2.8.0 / 2020-11-25

Features

  • Allow CSS properties order, flex-direction, flex-grow, flex-wrap, flex-shrink, flex-flow, flex-basis, flex, justify-content, align-self, align-items, and align-content. [#197] (Thanks, @​miguelperez!)

2.7.0 / 2020-08-26

Features

  • Allow CSS properties page-break-before, page-break-inside, and page-break-after. [#190] (Thanks, @​ahorek!)

Fixes

  • Don't drop the !important rule from some CSS properties. [#191] (Thanks, @​b7kich!)

2.6.0 / 2020-06-16

Features

2.5.0 / 2020-04-05

Features

... (truncated)

Commits
  • 6820f9f version bump to v2.10.0, and update CHANGELOG
  • c5fd06e Merge pull request #206 from sampokuokkanen/patch-1
  • f285e64 Update safelist.rb to include overflow-x and y
  • b079e2b Merge pull request #208 from flavorjones/flavorjones-move-to-github-actions
  • 0523e2d ci: create github actions pipeline
  • b14c20e Merge pull request #207 from flavorjones/flavorjones-update-tests-to-pass-wit...
  • fb152b1 test: libxml 2.9.11 handles namespaces in HTML docs differently
  • 3db4cc7 test: unicode every character in the unicode test, for completeness
  • db365d0 Merge pull request #205 from flavorjones/flavorjones-test-unicode-encoded-exp...
  • 895b5f4 test: actually test against a working unicode-encoded exploit
  • Additional commits viewable in compare view


Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) - `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language - `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language - `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language - `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/romainbutteaud/Kaffeine/network/alerts).
dependabot[bot] commented 1 year ago

Superseded by #64.