Bump loofah from 2.19.0 to 2.19.1

[dependabot]

Bumps loofah from 2.19.0 to 2.19.1.

Release notes

Sourced from loofah's releases.

2.19.1 / 2022-12-13

Security

• Address CVE-2022-23514, inefficient regular expression complexity. See GHSA-486f-hjj9-9vhh for more information.
• Address CVE-2022-23515, improper neutralization of data URIs. See GHSA-228g-948r-83gx for more information.
• Address CVE-2022-23516, uncontrolled recursion. See GHSA-3x8r-x6xp-q4vm for more information.

Changelog

Sourced from loofah's changelog.

2.19.1 / 2022-12-13

Security

• Address CVE-2022-23514, inefficient regular expression complexity. See GHSA-486f-hjj9-9vhh for more information.
• Address CVE-2022-23515, improper neutralization of data URIs. See GHSA-228g-948r-83gx for more information.
• Address CVE-2022-23516, uncontrolled recursion. See GHSA-3x8r-x6xp-q4vm for more information.

Commits

• 3f88063 version bump to v2.19.1
• 9a8dadb docs: preserve the context and decision record
• 86f7f63 fix: replace recursive approach to cdata with escaping solution
• 415677f fix: do not allow "image/svg+xml" in data URIs
• 84ca20c refactor: extract scrub_uri_attribute for downstream use
• 47a835a ci: pin psych to v4 until v5 builds properly on CI
• a6e0a1a fix: replace slow regex attribute check with crass parser
• ea853aa Merge pull request #247 from flavorjones/flavorjones-downstream-test-rhs
• e1f2a4b ci: test downstream rails-html-sanitizer
• 79d65a0 Merge pull request #245 from flavorjones/flavorjones-fix-ruby-2.5-ci
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
• @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
• @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
• @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
• @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

[0crat]

There is an unrecoverable failure on my side. Please, submit it here:

PID: 4@142d7046-8fa5-4260-867c-744acc2693c8, thread: PQ-CT4L4490E
com.jcabi.xml.StrictXML[124] java.lang.IllegalArgumentException: 2 error(s) in XML document: -1:-1: cvc-pattern-valid: Value 'dependabot[bot]' is not facet-valid with respect to pattern '[a-z0-9\-]{3,}' for type 'login'.;-1:-1: cvc-type.3.1.3: The value 'dependabot[bot]' of element 'login' is not valid.

1.0-SNAPSHOT: CID: 7a156bac-1ec0-4ed5-b85a-19629ac02871, Type: "Job was added to WBS"

[0crat]

@yegor256/z everybody who has role REV is banned at #184; I won't be able to assign anyone automatically; consider assigning someone manually (as in §19), or invite more people (as in §51), or remove the job from the scope (as in §14)

[yegor256]

@rultor please, try to merge

[rultor]

@rultor please, try to merge

@yegor256 OK, I'll try to merge now. You can check the progress of the merge here

[rultor]

@rultor please, try to merge

@dependabot[bot] @yegor256 Oops, I failed. You can see the full log here (spent 6min)

D: INSERT INTO review (project, author, text, hash) VALUES ($1, $2, $3, $4) RETURNING id: 1ms / 8100
D: DELETE FROM seen WHERE project=$1 AND author=$2: 0ms / 8160
D: SELECT login FROM author WHERE id=$1: 0ms / 8140
D: SELECT login FROM author WHERE id=$1: 0ms / 8120
D: SELECT login FROM author WHERE id=$1: 0ms / 8100
D: SELECT deleter FROM review WHERE id=$1: 0ms / 8160
D: SELECT deleter FROM project WHERE id=$1: 0ms / 8140
D: INSERT INTO vote (review, author, positive) VALUES ($1, $2, $3) ON CONFLICT (review, author) DO UPDATE SET positive=$3 RETURNING id: 1ms / 8120
D: SELECT login FROM author WHERE id=$1: 0ms / 8100
D: SELECT login FROM author WHERE id=$1: 0ms / 8160
D: SELECT deleter FROM review WHERE id=$1: 0ms / 8140
D: SELECT deleter FROM project WHERE id=$1: 0ms / 8120
D: INSERT INTO vote (review, author, positive) VALUES ($1, $2, $3) ON CONFLICT (review, author) DO UPDATE SET positive=$3 RETURNING id: 1ms / 8100
  test_votes_review                                              \u001b[32m PASS\u001b[0m (0.01s)
D: INSERT INTO author (login) VALUES ($1) ON CONFLICT DO NOTHING: 1ms / 8160
D: SELECT id FROM author WHERE login=$1: 0ms / 8140
D: SELECT login FROM author WHERE id=$1: 0ms / 8120
D: SELECT login FROM author WHERE id=$1: 0ms / 8100
D: SELECT id FROM project WHERE platform=$1 AND coordinates=$2: 0ms / 8160
D: INSERT INTO project (platform, coordinates, author) VALUES ($1, $2, $3) RETURNING id: 1ms / 8140
D: SELECT login FROM author WHERE id=$1: 0ms / 8120
D: SELECT COUNT(*) FROM badge WHERE project=$1 AND text=$2: 0ms / 8100
D: SELECT login FROM author WHERE id=$1: 0ms / 8160
D: SELECT * FROM badge WHERE project=$1: 0ms / 8140
D: DELETE FROM badge WHERE project=$1 AND text SIMILAR TO '(newbie|L[123])': 0ms / 8120
D: INSERT INTO badge (project, author, text) VALUES ($1, $2, $3) ON CONFLICT (project, text) DO UPDATE SET text = $2 RETURNING id: 1ms / 8120
D: DELETE FROM seen WHERE project=$1 AND author=$2: 0ms / 8100
D: SELECT login FROM author WHERE id=$1: 0ms / 8160
D: INSERT INTO author (login) VALUES ($1) ON CONFLICT DO NOTHING: 1ms / 8140
D: SELECT id FROM author WHERE login=$1: 0ms / 8120
D: SELECT login FROM author WHERE id=$1: 0ms / 8100
D: SELECT login FROM author WHERE id=$1: 0ms / 8160
D: SELECT deleter FROM project WHERE id=$1: 0ms / 8140
D: SELECT COUNT(*) FROM review WHERE project=$1 AND hash=$2: 0ms / 8120
D: INSERT INTO review (project, author, text, hash) VALUES ($1, $2, $3, $4) RETURNING id: 1ms / 8100
D: DELETE FROM seen WHERE project=$1 AND author=$2: 1ms / 8160
D: SELECT login FROM author WHERE id=$1: 0ms / 8140
D: SELECT author FROM review WHERE id=$1: 0ms / 8120
D: SELECT login FROM author WHERE id=$1: 0ms / 8100
D: UPDATE review SET deleter=$1 WHERE id=$2: 1ms / 8160
D: DELETE FROM seen WHERE project=$1 AND author=$2: 0ms / 8140
D: SELECT r.*, author.login AS author_login, author.id AS author_id, deleter.id AS deleter_id, deleter.login AS deleter_login, (SELECT COUNT(*) FROM vote AS v WHERE v.review=r.id AND positive=true) AS up, (SELECT COUNT(*) FROM vote AS v WHERE v.review=r.id AND positive=false) AS down FROM review AS r JOIN author ON author.id=r.author LEFT JOIN author AS deleter ON deleter.id=r.deleter WHERE project=$1  AND r.deleter IS NULL ORDER BY r.created DESC LIMIT $2 OFFSET $3: 1ms / 8120
  test_deletes_someones_review                                   \u001b[32m PASS\u001b[0m (0.01s)

Finished in 2.08561s
44 tests, 176 assertions, \u001b[31m1 failures, 3 errors, \u001b[0m\u001b[33m0 skips\u001b[0m
Coverage report generated for Unit Tests to /home/r/repo/coverage. 704 / 773 LOC (91.07%) covered.
rake aborted!
Command failed with status (1): [ruby -I"lib:lib:test" -I"/usr/local/rvm/gems/ruby-2.7.0/gems/rake-12.3.3/lib" "/usr/local/rvm/gems/ruby-2.7.0/gems/rake-12.3.3/lib/rake/rake_test_loader.rb" "test/test__helper.rb" "test/test_author.rb" "test/test_authors.rb" "test/test_badges.rb" "test/test_bots.rb" "test/test_codexia.rb" "test/test_karma.rb" "test/test_meta.rb" "test/test_project.rb" "test/test_projects.rb" "test/test_rank.rb" "test/test_review.rb" "test/test_reviews.rb" "test/test_sieve.rb" "test/test_withdrawals.rb" ]
/usr/local/rvm/gems/ruby-2.7.0/gems/rake-12.3.3/exe/rake:27:in `<top (required)>'
/usr/local/rvm/gems/ruby-2.7.0/bin/ruby_executable_hooks:24:in `eval'
/usr/local/rvm/gems/ruby-2.7.0/bin/ruby_executable_hooks:24:in `<main>'
Tasks: TOP => default => test
(See full trace by running task with --trace)
2022-12-14 11:27:02.244 UTC [10734] LOG:  received smart shutdown request
PostgreSQL killed in PID 10734
2022-12-14 11:27:02.251 UTC [10734] LOG:  background worker "logical replication launcher" (PID 10741) exited with exit code 1
2022-12-14 11:27:02.251 UTC [10736] LOG:  shutting down
container 1988c455a8fb1d72b963134e584acf5ac98d1d1d0e2d5a7c573bcaebd194012c is dead
Wed 14 Dec 2022 12:29:39 PM CET

[0crat]

@yegor256/z everybody who has role REV is banned at #184; I won't be able to assign anyone automatically; consider assigning someone manually (as in §19), or invite more people (as in §51), or remove the job from the scope (as in §14)

[0crat]

@yegor256/z everybody who has role REV is banned at #184; I won't be able to assign anyone automatically; consider assigning someone manually (as in §19), or invite more people (as in §51), or remove the job from the scope (as in §14)

[0crat]

@yegor256/z everybody who has role REV is banned at #184; I won't be able to assign anyone automatically; consider assigning someone manually (as in §19), or invite more people (as in §51), or remove the job from the scope (as in §14)

[0crat]

@yegor256/z everybody who has role REV is banned at #184; I won't be able to assign anyone automatically; consider assigning someone manually (as in §19), or invite more people (as in §51), or remove the job from the scope (as in §14)

[0crat]

@yegor256/z everybody who has role REV is banned at #184; I won't be able to assign anyone automatically; consider assigning someone manually (as in §19), or invite more people (as in §51), or remove the job from the scope (as in §14)

[0crat]

@yegor256/z everybody who has role REV is banned at #184; I won't be able to assign anyone automatically; consider assigning someone manually (as in §19), or invite more people (as in §51), or remove the job from the scope (as in §14)