Bump vnu-jar from 20.2.28 to 20.3.16

[dependabot-preview]

Bumps vnu-jar from 20.2.28 to 20.3.16.

Release notes

Sourced from vnu-jar's releases.

16 March 2020

First release in more than one year. This release provides a number of improvements in ARIA role checking and in CSS checking, as well as support for checking a number of HTML features that weren’t supported previously. It’s the first release to provide binary runtime images, as an alternative to the jar/war distributions. It's also the last release for which the Web-based checker will be configured to listen on all interfaces; after this release, the checker will bind by default to 127.0.0.1 — so to make the checker listen on a different address, you’ll need to specify an exact address.

More: https://github.com/validator/validator/blob/master/CHANGELOG.md#20316

The files in this release provide a portable standalone version of the Nu Html Checker in a number different forms: as a Java jar file, as a Java war file, and as binary runtime images that can be used even on a system that doesn’t have Java installed.

Use the binary images and jar file either for batch checking of documents from the command line and other scripts/apps, as documented at https://validator.github.io/validator/, or as a self-contained service for browser-based checking of HTML documents over the Web—similar to https://validator.w3.org/nu/.

Use the war file to deploy the Nu Html Checker through a servlet container such as Tomcat, as documented at https://validator.github.io/validator/#servlet.

Changelog

Sourced from vnu-jar's changelog.

20.3.16

16 March 2020

• Disallow accept-charset values other than UTF-8
• Disallow object[typemustmatch]
• Allow SVG feDropShadow element (from Filter Effects spec)
• Allow loading attribute for the img element (lazy loading)
• Allow rel=modulepreload for the link element
• Allow integrity attribute on link[rel=preload|modulepreload]
• Allow integrity attribute on script[type=module]
• Allow autofocus as a global attribute
• Allow inputmode as a global attribute
• Allow nonce as a global attribute
• Allow allow-downloads in iframe[sandbox]
• Allow heading content within legend element
• Allow negated media features in media and sizes attributes
• Align autocomplete checking with current spec
• CSS: Improve support for color values
• ARIA: Allow implicit roles to satisfy owned-by requirements
• ARIA: Add proper ARIA checking for the math element
• ARIA: Align all role checking with current HTML-ARIA spec
• Add option to specify additional script for Web-based checker
• CLI: Make --errors-only option take precedence over --Werror
• CLI: Enable checking standard input as SVG or CSS
• Include binary runtime images in release (alternative to jar/war)
• Dockerfile: Switch to using binary runtime image rather than jar
• Add checker.py script to repo (for building/testing/running checker)
• Add option to bind to specific IP address (rather than all interfaces)

18.11.5

05 November 2018

• Fix bugs that can cause the command-line checker to emit broken JSON output
• Allow dppx and x and units in media queries

18.8.29

29 August 2018

• CSS: Allow unit-less values for stroke-width and other from-SVG props
• CSS: Bring checking up to date w/ CSS Align3; support font-display

18.7.23

23 July 2018

• Disable logging in the language detector

18.7.22

22 July 2018

• Allow the decoding attribute for the img element
• Allow the allow attribute for the iframe element (initial support)
• Align ARIA checking further with ARIA in HTML spec requirements
• Restore the language-detection feature to vnu.jar command-line checker
• Ensure vnu.jar is always runnable under Java8, even if built under Java9

... (truncated)

Commits

• 48490ce Prepare the 20.3.16 release.
• 2d28cc5 Allow 'allow-downloads' in iframe[sandbox]
• 4430974 Travis: (Re)add release uploads for OSX binaries
• 7296bdb Update htmlparser
• 98480d7 Refine autocomplete checking further to match spec
• 99edc79 Restrict aria-dropeffect to specified values
• ad3e5c8 Update css-validator
• 522d3a4 Add workaround to allow newlines in CSP policies
• 34f2044 Travis: Don’t specify JDK version for OSX build
• 10bebfd Travis: Ensure JAVA_HOME gets set for OSX build
• Additional commits viewable in compare view

You can trigger a rebase of this PR by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
• @dependabot badge me will comment on this PR with code to add a "Dependabot enabled" badge to your readme

Additionally, you can set the following in the .dependabot/config.yml file in this repo:

• Update frequency
• Out-of-range updates (receive only lockfile updates, if desired)
• Security updates (receive only security updates, if desired)