Update module github.com/microcosm-cc/bluemonday to v1.0.27

[red-hat-konflux-kflux-prd-rh03]

This PR contains the following updates:

Package	Change	Age	Confidence
github.com/microcosm-cc/bluemonday	v1.0.21 -> v1.0.27

---

Release Notes

microcosm-cc/bluemonday (github.com/microcosm-cc/bluemonday)

v1.0.27

Compare Source

v1.0.26: Update golang.org/x/net to latest and force latest version

Compare Source

Bumping version and ensuring latest golang.org/x/net as the HTTP rapid reset is triggering primitive vuln scanners, we do not implement a HTTP2 server and are not vulnerable but a minor bump can still help reduce noise for those searching for what they need to upgrade and patch.

Nothing else is in this release aside from the dependency updates and some staticcheck messages being resolved that should not modify behaviour.

v1.0.25: Added src rewriter to allow for proxying inline assets.

Compare Source

What's Changed

• Bump golang.org/x/net from 0.10.0 to 0.12.0 by @​dependabot in #​178
• Prefer explicit rules over regexp by @​KN4CK3R in #​182
• Added src rewriter by @​yyewolf in #​179

New Contributors

• @​yyewolf made their first contribution in #​179

Full Changelog: microcosm-cc/bluemonday@v1.0.24...v1.0.25

v1.0.24: Added AllowURLSchemesMatching

Compare Source

This is a feature release, there are no security fixes in this release.

What's Changed

• Minor bug fix parsing style attribute with trailing spaces by @​sergeyfedotov in #​172
• Allow custom URL schemes by matching regex by @​yardenshoham in #​175
• Bump golang.org/x/net from 0.8.0 to 0.10.0 by @​dependabot in #​173

New Contributors

• @​sergeyfedotov made their first contribution in #​172
• @​yardenshoham made their first contribution in #​175

Full Changelog: microcosm-cc/bluemonday@v1.0.23...v1.0.24

v1.0.23: Resolve golang.org/x/net CVE-2022-41723

Compare Source

What's Changed

• Upgrade golang.org/x/net to 0.8.0 by @​barshociaj in #​165 to address CVE-2022-41723 which requires updating the x/net dependency

New Contributors

• @​barshociaj made their first contribution in #​165

Full Changelog: microcosm-cc/bluemonday@v1.0.22...v1.0.23

v1.0.22: Add picture to list of elements allowed without attributes

Compare Source

This is not a security update!

This is a usability update as some HTML elements are valid without attributes however the default behaviour is to strip these out of an abundance of caution. The picture element https://developer.mozilla.org/en-US/docs/Web/HTML/Element/picture is one such element where it merely changes the browser rendering such that one of the child elements will be rendered.

The picture element was not present in the allowlist when it should have been, and so this release fixes that as per #​161 .

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

To execute skipped test pipelines write comment /ok-to-test.

---

Documentation

Find out how to configure dependency updates in MintMaker documentation or see all available configuration options in Renovate documentation.

[red-hat-konflux-kflux-prd-rh03]

ℹ Artifact update notice

File name: go.mod

In order to perform the update(s) described in the table above, Renovate ran the go get command, which resulted in the following additional change(s):

• 1 additional dependency was updated

Details:

Package	Change
github.com/gorilla/css	v1.0.0 -> v1.0.1

[openshift-ci]

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: red-hat-konflux-kflux-prd-rh03[bot]
Once this PR has been reviewed and has the lgtm label, please assign wanghaoran1988 for approval. For more information see the Code Review Process.

The full list of commands accepted by this bot can be found here.

Details

Needs approval from an approver in each of these files:

• OWNERS

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[openshift-ci]

Hi @red-hat-konflux-kflux-prd-rh03[bot]. Thanks for your PR.

I'm waiting for a openshift member to verify that this patch is reasonable to test. If it is, they should reply with /ok-to-test on its own line. Until that is done, I will not automatically test new commits in this PR, but the usual testing commands by org members will still work.

Regular contributors should join the org to skip this step.

Once the patch is verified, the new status will be reflected by the ok-to-test label.

I understand the commands that are listed here.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.