Bump the go_modules group across 1 directory with 3 updates

[dependabot]

Bumps the go_modules group with 1 update in the / directory: github.com/microcosm-cc/bluemonday.

Updates github.com/microcosm-cc/bluemonday from 1.0.3 to 1.0.26

Release notes

Sourced from github.com/microcosm-cc/bluemonday's releases.

Update golang.org/x/net to latest and force latest version

Bumping version and ensuring latest golang.org/x/net as the HTTP rapid reset is triggering primitive vuln scanners, we do not implement a HTTP2 server and are not vulnerable but a minor bump can still help reduce noise for those searching for what they need to upgrade and patch.

Nothing else is in this release aside from the dependency updates and some staticcheck messages being resolved that should not modify behaviour.

Added src rewriter to allow for proxying inline assets.

What's Changed

• Bump golang.org/x/net from 0.10.0 to 0.12.0 by @​dependabot in microcosm-cc/bluemonday#178
• Prefer explicit rules over regexp by @​KN4CK3R in microcosm-cc/bluemonday#182
• Added src rewriter by @​yyewolf in microcosm-cc/bluemonday#179

New Contributors

• @​yyewolf made their first contribution in microcosm-cc/bluemonday#179

Full Changelog: microcosm-cc/bluemonday@v1.0.24...v1.0.25

Added AllowURLSchemesMatching

This is a feature release, there are no security fixes in this release.

What's Changed

• Minor bug fix parsing style attribute with trailing spaces by @​sergeyfedotov in microcosm-cc/bluemonday#172
• Allow custom URL schemes by matching regex by @​yardenshoham in microcosm-cc/bluemonday#175
• Bump golang.org/x/net from 0.8.0 to 0.10.0 by @​dependabot in microcosm-cc/bluemonday#173

New Contributors

• @​sergeyfedotov made their first contribution in microcosm-cc/bluemonday#172
• @​yardenshoham made their first contribution in microcosm-cc/bluemonday#175

Full Changelog: microcosm-cc/bluemonday@v1.0.23...v1.0.24

Resolve golang.org/x/net CVE-2022-41723

What's Changed

• Upgrade golang.org/x/net to 0.8.0 by @​barshociaj in microcosm-cc/bluemonday#165 to address CVE-2022-41723 which requires updating the x/net dependency

New Contributors

• @​barshociaj made their first contribution in microcosm-cc/bluemonday#165

Full Changelog: microcosm-cc/bluemonday@v1.0.22...v1.0.23

Add picture to list of elements allowed without attributes

This is not a security update!

This is a usability update as some HTML elements are valid without attributes however the default behaviour is to strip these out of an abundance of caution. The picture element https://developer.mozilla.org/en-US/docs/Web/HTML/Element/picture is one such element where it merely changes the browser rendering such that one of the child elements will be rendered.

The picture element was not present in the allowlist when it should have been, and so this release fixes that as per #161 .

Very minor bug fix to remove empty elements without attributes

Thanks to @​Gusted for microcosm-cc/bluemonday#151 which fixes a bug that allowed a policy to be defined in a way that input could've allowed an empty and meaningless element to be left in the output when it should not have done so.

This is not a security issue, and the details can be seen in the PR comment.

... (truncated)

Commits

• 0eb99d2 Update go.mod to force golang.org/x/net to latest
• 162f8e5 Merge pull request #193 from microcosm-cc/buro9/update_deps
• a50ca5f Update deps and resolve staticcheck messages
• c9ef7b1 Hacktober warning
• c0ab8c9 Merge pull request #186 from microcosm-cc/dependabot/go_modules/golang.org/x/...
• fdaa434 Bump golang.org/x/net from 0.12.0 to 0.14.0
• dd1bb0c Retract everything <= 1.0.24
• a52260e go-staticcheck fixes
• 84e9ab4 Updated comment to help teach why proxying inline content is beneficial
• fcd58f3 Merge pull request #179 from yyewolf/src-rewrite
• Additional commits viewable in compare view

Updates golang.org/x/net from 0.0.0-20200324143707-d3edc9973b7e to 0.17.0

Commits

• See full diff in compare view

Updates golang.org/x/sys from 0.0.0-20200323222414-85ca7c5b95cd to 0.13.0

Commits

• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions
  You can disable automated security fix PRs for this repo from the Security Alerts page.