[chore]: Bump github.com/microcosm-cc/bluemonday from 1.0.25 to 1.0.26 (#2266)

This commit is contained in:
dependabot[bot] 2023-10-16 09:02:31 +00:00 committed by GitHub
parent 39e22a9703
commit 48725f7228
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
7 changed files with 17 additions and 17 deletions

2
go.mod
View file

@ -34,7 +34,7 @@ require (
github.com/h2non/filetype v1.1.3
github.com/jackc/pgconn v1.14.1
github.com/jackc/pgx/v5 v5.4.3
github.com/microcosm-cc/bluemonday v1.0.25
github.com/microcosm-cc/bluemonday v1.0.26
github.com/miekg/dns v1.1.56
github.com/minio/minio-go/v7 v7.0.63
github.com/mitchellh/mapstructure v1.5.0

4
go.sum
View file

@ -429,8 +429,8 @@ github.com/mattn/go-isatty v0.0.14/go.mod h1:7GGIvUiUoEMVVmxf/4nioHXj79iQHKdU27k
github.com/mattn/go-isatty v0.0.19 h1:JITubQf0MOLdlGRuRq+jtsDlekdYPia9ZFsB8h/APPA=
github.com/mattn/go-isatty v0.0.19/go.mod h1:W+V8PltTTMOvKvAeJH7IuucS94S2C6jfK/D7dTCTo3Y=
github.com/mattn/go-sqlite3 v2.0.3+incompatible h1:gXHsfypPkaMZrKbD5209QV9jbUTJKjyR5WD3HYQSd+U=
github.com/microcosm-cc/bluemonday v1.0.25 h1:4NEwSfiJ+Wva0VxN5B8OwMicaJvD8r9tlJWm9rtloEg=
github.com/microcosm-cc/bluemonday v1.0.25/go.mod h1:ZIOjCQp1OrzBBPIJmfX4qDYFuhU02nx4bn030ixfHLE=
github.com/microcosm-cc/bluemonday v1.0.26 h1:xbqSvqzQMeEHCqMi64VAs4d8uy6Mequs3rQ0k/Khz58=
github.com/microcosm-cc/bluemonday v1.0.26/go.mod h1:JyzOCs9gkyQyjs+6h10UEVSe02CGwkhd72Xdqh78TWs=
github.com/miekg/dns v1.1.56 h1:5imZaSeoRNvpM9SzWNhEcP9QliKiz20/dA2QabIGVnE=
github.com/miekg/dns v1.1.56/go.mod h1:cRm6Oo2C8TY9ZS/TqsSrseAcncm74lfK5G+ikN2SWWY=
github.com/minio/md5-simd v1.1.2 h1:Gdi1DZK69+ZVMoNHRXJyNcxrMA4dSxoYHZSQbirFg34=

View file

@ -10,6 +10,7 @@ Third-party patches are essential for keeping bluemonday secure and offering the
1. Do not vendor dependencies. As a security package, were we to vendor dependencies the projects that then vendor bluemonday may not receive the latest security updates to the dependencies. By not vendoring dependencies the project that implements bluemonday will vendor the latest version of any dependent packages. Vendoring is a project problem, not a package problem. bluemonday will be tested against the latest version of dependencies periodically and during any PR/merge.
2. I do not care about spelling mistakes or whitespace and I do not believe that you should either. PRs therefore must be functional in their nature or be substantial and impactful if documentation or examples.
3. This module does not participate in hacktober, please make your contributions meaningful.
## Submitting an Issue
@ -45,8 +46,6 @@ We haven't gone for the formal "Sign a Contributor Licence Agreement" thing that
But we do need to know that we can accept and merge your contributions, so for now the act of contributing a pull request should be considered equivalent to agreeing to a contributor licence agreement, specifically:
You accept that the act of submitting code to the bluemonday project is to grant a copyright licence to the project that is perpetual, worldwide, non-exclusive, no-charge, royalty free and irrevocable.
You accept that all who comply with the licence of the project (BSD 3-clause) are permitted to use your contributions to the project.
You accept, and by submitting code do declare, that you have the legal right to grant such a licence to the project and that each of the contributions is your own original creation.
* You accept that the act of submitting code to the bluemonday project is to grant a copyright licence to the project that is perpetual, worldwide, non-exclusive, no-charge, royalty free and irrevocable.
* You accept that all who comply with the licence of the project (BSD 3-clause) are permitted to use your contributions to the project.
* You accept, and by submitting code do declare, that you have the legal right to grant such a licence to the project and that each of the contributions is your own original creation.

View file

@ -6,7 +6,7 @@
# fmt-check: Check if the source files are formated
# build: Builds the code locally
# vet: Vets the code
# lint: Runs lint over the code (you do not need to fix everything)
# staticcheck: Runs staticcheck over the code
# test: Runs the tests
# cover: Gives you the URL to a nice test coverage report
#
@ -33,8 +33,8 @@ build:
vet:
@go vet
lint:
@golint *.go
staticcheck:
@staticcheck ./...
test:
@go test -v ./...
@ -42,7 +42,7 @@ test:
cover: COVERAGE_FILE := coverage.out
cover:
@go test -coverprofile=$(COVERAGE_FILE) && \
cover -html=$(COVERAGE_FILE) && rm $(COVERAGE_FILE)
go tool cover -html=$(COVERAGE_FILE) && rm $(COVERAGE_FILE)
install:
@go install ./...

View file

@ -366,10 +366,11 @@ func in(value []string, arr []string) bool {
func splitValues(value string) []string {
values := strings.Split(value, ",")
newValues := []string{}
for _, strippedValue := range values {
strippedValue = strings.ToLower(strings.TrimSpace(strippedValue))
newValues = append(newValues, strings.ToLower(strings.TrimSpace(strippedValue)))
}
return values
return newValues
}
func GetDefaultHandler(attr string) func(string) bool {

View file

@ -998,7 +998,7 @@ func linkable(elementName string) bool {
// stringInSlice returns true if needle exists in haystack
func stringInSlice(needle string, haystack []string) bool {
for _, straw := range haystack {
if strings.ToLower(straw) == strings.ToLower(needle) {
if strings.EqualFold(straw, needle) {
return true
}
}

4
vendor/modules.txt vendored
View file

@ -380,8 +380,8 @@ github.com/magiconair/properties
# github.com/mattn/go-isatty v0.0.19
## explicit; go 1.15
github.com/mattn/go-isatty
# github.com/microcosm-cc/bluemonday v1.0.25
## explicit; go 1.19
# github.com/microcosm-cc/bluemonday v1.0.26
## explicit; go 1.21
github.com/microcosm-cc/bluemonday
github.com/microcosm-cc/bluemonday/css
# github.com/miekg/dns v1.1.56