dep: bump dependency on loofah

v2.19.1 has the new methods we're using: - Loofah::HTML5::Scrub.cdata_needs_escaping? - Loofah::HTML5::Scrub.cdata_escape - Loofah::HTML5::Scrub.scrub_uri_attribute - Loofah::HTML5::Scrub.scrub_attribute_that_allows_local_ref avoiding code duplication in this gem.
rails · Dec 13, 2022 · e8cbe25 · e8cbe25
1 parent 373fc62
commit e8cbe25
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/rails-html-sanitizer.gemspec b/rails-html-sanitizer.gemspec
@@ -26,7 +26,7 @@ Gem::Specification.new do |spec|
 
   # NOTE: There's no need to update this dependency for Loofah CVEs
   # in minor releases when users can simply run `bundle update loofah`.
-  spec.add_dependency "loofah", "~> 2.3"
+  spec.add_dependency "loofah", "~> 2.19", ">= 2.19.1"
 
   spec.add_development_dependency "bundler", ">= 1.3"
   spec.add_development_dependency "rake"