(security) Merge pull request #372 from sleede/dependabot/bundler/rails-html-sanitizer-1.4.3

Bump rails-html-sanitizer from 1.4.2 to 1.4.3
2025-01-30 19:52:20 +01:00 · 2022-07-06 14:45:39 +02:00 · 2022-07-06 14:45:39 +02:00 · c3a12f619e
commit c3a12f619e
parent 23702a6048 52e7a473f9
2 changed files with 4 additions and 2 deletions
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@ -2,6 +2,8 @@

 ## next deploy

+- Fix a security issue: updated rails-html-sanitizer to 1.4.3 to fix [CVE-2022-32209](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32209)
+
 ## v5.4.11 2022 July 06

 - Fix a bug: social networks icons not shown in firefox
--- a/Gemfile.lock
+++ b/Gemfile.lock
@ -204,7 +204,7 @@ GEM
    listen (3.0.8)
      rb-fsevent (~> 0.9, >= 0.9.4)
      rb-inotify (~> 0.9, >= 0.9.7)
-    loofah (2.17.0)
+    loofah (2.18.0)
      crass (~> 1.0.2)
      nokogiri (>= 1.5.9)
    mail (2.7.1)
@ -328,7 +328,7 @@ GEM
    rails-dom-testing (2.0.3)
      activesupport (>= 4.2.0)
      nokogiri (>= 1.6)
-    rails-html-sanitizer (1.4.2)
+    rails-html-sanitizer (1.4.3)
      loofah (~> 2.3)
    rails-observers (0.1.5)
      activemodel (>= 4.0)