Bump govuk_publishing_components from 9.0.1 to 9.2.1

[dependabot-preview]

Bumps govuk_publishing_components from 9.0.1 to 9.2.1.

Changelog

Sourced from govuk_publishing_components's changelog.

9.2.1

• Add no margin top option to translation nav (PR #368)

9.2.0

• Add organisation logo component from static (PR #365)
• Tweaks document list spacing for context text on smaller screens (PR #363)
• Makes heading component use h2 by default (PR #362)

9.1.1

• Add placeholders for pages that don't have an image (#359)
• It is no longer allowed to pass in unsafe HTML into the Govspeak component (#356).
  This will result in a warning for now, but in a future version this will become
  an error.

How to upgrade

Change instances like this:

<%= render 'govuk_publishing_components/components/govspeak', content:
"<p>Foo #{bar}</p>" %>

into the following safe version:

<%= render 'govuk_publishing_components/components/govspeak' do %>
  <p>Foo <%= bar %></p>
<% end %>

This will prevent XSS vulnerabilities where bar is user input.

9.1.0

• Extend the document list component (PR #355)
• Remove policies from the taxonomy navigation sidebar (PR #357)

Commits

• 9fcee42 Merge pull request #369 from alphagov/update-gem-9.2.1
• 071c1ee Merge pull request #368 from alphagov/modify-translation-nav-component
• 5296906 Version 9.2.1
• 788fb14 Update CHANGELOG
• f9576be Add no margin top option to translation nav
• c0b892f Merge pull request #366 from alphagov/update-gem-9.2.0
• b3e4d15 Version 9.2.0
• 3da77b3 Merge pull request #365 from alphagov/add-organisation-logo-component
• faeebd6 Update changelog
• 1255ca1 Add organisation logo component from static
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot ignore this [patch|minor|major] version will close this PR and stop Dependabot creating any more for this minor/major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
• @dependabot use (this|these) label[s] will set the current labels as the default for future PRs for this repo and language
• @dependabot use (this|these) reviewer[s] will set the current reviewers as the default for future PRs for this repo and language
• @dependabot use (this|these) assignee[s] will set the current assignees as the default for future PRs for this repo and language

Additionally, you can set the following in your Dependabot dashboard:

• Update frequency (including time of day and day of week)
• Automerge options (never/patch/minor, and dev/runtime dependencies)
• Pull request limits (per update run and/or open at any time)
• Out-of-range updates (receive only lockfile updates, if desired)
• Security updates (receive only security updates, if desired)

Finally, you can contact us by mentioning @dependabot.