Hello community, here is the log from the commit of package rubygem-loofah for openSUSE:Factory checked in at 2020-06-25 15:11:09 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/rubygem-loofah (Old) and /work/SRC/openSUSE:Factory/.rubygem-loofah.new.3060 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "rubygem-loofah" Thu Jun 25 15:11:09 2020 rev:13 rq:817020 version:2.6.0 Changes: -------- --- /work/SRC/openSUSE:Factory/rubygem-loofah/rubygem-loofah.changes 2020-04-27 23:42:44.228039649 +0200 +++ /work/SRC/openSUSE:Factory/.rubygem-loofah.new.3060/rubygem-loofah.changes 2020-06-25 15:11:39.650162191 +0200 @@ -1,0 +2,7 @@ +Thu Jun 25 10:01:00 UTC 2020 - Manuel Schnitzer <mschnit...@suse.com> + +- updated to version 2.6.0 + + * Allow CSS border-style keywords. [#188] (Thanks, @tarcisiozf!) + +------------------------------------------------------------------- Old: ---- loofah-2.5.0.gem New: ---- loofah-2.6.0.gem ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ rubygem-loofah.spec ++++++ --- /var/tmp/diff_new_pack.YojBQq/_old 2020-06-25 15:11:40.162163797 +0200 +++ /var/tmp/diff_new_pack.YojBQq/_new 2020-06-25 15:11:40.162163797 +0200 @@ -24,7 +24,7 @@ # Name: rubygem-loofah -Version: 2.5.0 +Version: 2.6.0 Release: 0 %define mod_name loofah %define mod_full_name %{mod_name}-%{version} ++++++ loofah-2.5.0.gem -> loofah-2.6.0.gem ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/CHANGELOG.md new/CHANGELOG.md --- old/CHANGELOG.md 2020-04-05 22:51:03.000000000 +0200 +++ new/CHANGELOG.md 2020-06-16 23:21:33.000000000 +0200 @@ -1,30 +1,37 @@ # Changelog +## 2.6.0 / 2020-06-16 + +### Features + +* Allow CSS `border-style` keywords. [[#188](https://github.com/flavorjones/loofah/issues/188)] (Thanks, [@tarcisiozf](https://github.com/tarcisiozf)!) + + ## 2.5.0 / 2020-04-05 ### Features -* Allow more CSS length units: "ch", "vw", "vh", "Q", "lh", "vmin", "vmax". [#178] (Thanks, @JuanitoFatas!) +* Allow more CSS length units: "ch", "vw", "vh", "Q", "lh", "vmin", "vmax". [[#178](https://github.com/flavorjones/loofah/issues/178)] (Thanks, [@JuanitoFatas](https://github.com/JuanitoFatas)!) ### Fixes -* Remove comments from `Loofah::HTML::Document`s that exist outside the `html` element. [#80] +* Remove comments from `Loofah::HTML::Document`s that exist outside the `html` element. [[#80](https://github.com/flavorjones/loofah/issues/80)] ### Other changes -* Gem metadata being set [#181] (Thanks, @JuanitoFatas!) -* Test files removed from gem file [#180,#166,#159] (Thanks, @JuanitoFatas and @greysteil!) +* Gem metadata being set [[#181](https://github.com/flavorjones/loofah/issues/181)] (Thanks, [@JuanitoFatas](https://github.com/JuanitoFatas)!) +* Test files removed from gem file [[#180](https://github.com/flavorjones/loofah/issues/180),[#166](https://github.com/flavorjones/loofah/issues/166),[#159](https://github.com/flavorjones/loofah/issues/159)] (Thanks, [@JuanitoFatas](https://github.com/JuanitoFatas) and [@greysteil](https://github.com/greysteil)!) ## 2.4.0 / 2019-11-25 ### Features -* Allow CSS property `max-width` [#175] (Thanks, @bchaney!) -* Allow CSS sizes expressed in `rem` [#176, #177] -* Add `frozen_string_literal: true` magic comment to all `lib` files. [#118] +* Allow CSS property `max-width` [[#175](https://github.com/flavorjones/loofah/issues/175)] (Thanks, [@bchaney](https://github.com/bchaney)!) +* Allow CSS sizes expressed in `rem` [[#176](https://github.com/flavorjones/loofah/issues/176), [#177](https://github.com/flavorjones/loofah/issues/177)] +* Add `frozen_string_literal: true` magic comment to all `lib` files. [[#118](https://github.com/flavorjones/loofah/issues/118)] ## 2.3.1 / 2019-10-22 @@ -33,24 +40,24 @@ Address CVE-2019-15587: Unsanitized JavaScript may occur in sanitized output when a crafted SVG element is republished. -This CVE's public notice is at https://github.com/flavorjones/loofah/issues/171 +This CVE's public notice is at [#171](https://github.com/flavorjones/loofah/issues/171) ## 2.3.0 / 2019-09-28 ### Features -* Expand set of allowed protocols to include `tel:` and `line:`. [#104, #147] -* Expand set of allowed CSS functions. [related to #122] -* Allow greater precision in shorthand CSS values. [#149] (Thanks, @danfstucky!) -* Allow CSS property `list-style` [#162] (Thanks, @jaredbeck!) -* Allow CSS keywords `thick` and `thin` [#168] (Thanks, @georgeclaghorn!) -* Allow HTML property `contenteditable` [#167] (Thanks, @andreynering!) +* Expand set of allowed protocols to include `tel:` and `line:`. [[#104](https://github.com/flavorjones/loofah/issues/104), [#147](https://github.com/flavorjones/loofah/issues/147)] +* Expand set of allowed CSS functions. [related to [#122](https://github.com/flavorjones/loofah/issues/122)] +* Allow greater precision in shorthand CSS values. [[#149](https://github.com/flavorjones/loofah/issues/149)] (Thanks, [@danfstucky](https://github.com/danfstucky)!) +* Allow CSS property `list-style` [[#162](https://github.com/flavorjones/loofah/issues/162)] (Thanks, [@jaredbeck](https://github.com/jaredbeck)!) +* Allow CSS keywords `thick` and `thin` [[#168](https://github.com/flavorjones/loofah/issues/168)] (Thanks, [@georgeclaghorn](https://github.com/georgeclaghorn)!) +* Allow HTML property `contenteditable` [[#167](https://github.com/flavorjones/loofah/issues/167)] (Thanks, [@andreynering](https://github.com/andreynering)!) ### Bug fixes -* CSS hex values are no longer limited to lowercase hex. Previously uppercase hex were scrubbed. [#165] (Thanks, @asok!) +* CSS hex values are no longer limited to lowercase hex. Previously uppercase hex were scrubbed. [[#165](https://github.com/flavorjones/loofah/issues/165)] (Thanks, [@asok](https://github.com/asok)!) ### Deprecations / Name Changes @@ -61,7 +68,7 @@ * Deprecate `Loofah::Helpers::ActionView::WhiteListSanitizer`, please use `Loofah::Helpers::ActionView::SafeListSanitizer` instead. * Deprecate `Loofah::HTML5::WhiteList`, please use `Loofah::HTML5::SafeList` instead. -Thanks to @JuanitoFatas for submitting these changes in #164 and for making the language used in Loofah more inclusive. +Thanks to [@JuanitoFatas](https://github.com/JuanitoFatas) for submitting these changes in [#164](https://github.com/flavorjones/loofah/issues/164) and for making the language used in Loofah more inclusive. ## 2.2.3 / 2018-10-30 @@ -70,7 +77,7 @@ Address CVE-2018-16468: Unsanitized JavaScript may occur in sanitized output when a crafted SVG element is republished. -This CVE's public notice is at https://github.com/flavorjones/loofah/issues/154 +This CVE's public notice is at [#154](https://github.com/flavorjones/loofah/issues/154) ## Meta / 2018-10-27 @@ -97,76 +104,76 @@ Addresses CVE-2018-8048. Loofah allowed non-whitelisted attributes to be present in sanitized output when input with specially-crafted HTML fragments. -This CVE's public notice is at https://github.com/flavorjones/loofah/issues/144 +This CVE's public notice is at [#144](https://github.com/flavorjones/loofah/issues/144) ## 2.2.0 / 2018-02-11 ### Features: -* Support HTML5 `<main>` tag. #133 (Thanks, @MothOnMars!) -* Recognize HTML5 block elements. #136 (Thanks, @MothOnMars!) -* Support SVG `<symbol>` tag. #131 (Thanks, @baopham!) -* Support for whitelisting CSS functions, initially just `calc` and `rgb`. #122/#123/#129 (Thanks, @NikoRoberts!) -* Whitelist CSS property `list-style-type`. #68/#137/#142 (Thanks, @andela-ysanni and @NikoRoberts!) +* Support HTML5 `<main>` tag. [#133](https://github.com/flavorjones/loofah/issues/133) (Thanks, [@MothOnMars](https://github.com/MothOnMars)!) +* Recognize HTML5 block elements. [#136](https://github.com/flavorjones/loofah/issues/136) (Thanks, [@MothOnMars](https://github.com/MothOnMars)!) +* Support SVG `<symbol>` tag. [#131](https://github.com/flavorjones/loofah/issues/131) (Thanks, [@baopham](https://github.com/baopham)!) +* Support for whitelisting CSS functions, initially just `calc` and `rgb`. [#122](https://github.com/flavorjones/loofah/issues/122)/[#123](https://github.com/flavorjones/loofah/issues/123)/[#129](https://github.com/flavorjones/loofah/issues/129) (Thanks, [@NikoRoberts](https://github.com/NikoRoberts)!) +* Whitelist CSS property `list-style-type`. [#68](https://github.com/flavorjones/loofah/issues/68)/[#137](https://github.com/flavorjones/loofah/issues/137)/[#142](https://github.com/flavorjones/loofah/issues/142) (Thanks, [@andela-ysanni](https://github.com/andela-ysanni) and [@NikoRoberts](https://github.com/NikoRoberts)!) ### Bugfixes: -* Properly handle nested `script` tags. #127. +* Properly handle nested `script` tags. [#127](https://github.com/flavorjones/loofah/issues/127). ## 2.1.1 / 2017-09-24 ### Bugfixes: -* Removed warning for unused variable. #124 (Thanks, @y-yagi!) +* Removed warning for unused variable. [#124](https://github.com/flavorjones/loofah/issues/124) (Thanks, [@y-yagi](https://github.com/y-yagi)!) ## 2.1.0 / 2017-09-24 ### Notes: -* Re-implemented CSS parsing and sanitization using the [crass](https://github.com/rgrove/crass) library. #91 +* Re-implemented CSS parsing and sanitization using the [crass](https://github.com/rgrove/crass) library. [#91](https://github.com/flavorjones/loofah/issues/91) ### Features: -* Added :noopener HTML scrubber (Thanks, @tastycode!) -* Support `data` URIs with the following media types: text/plain, text/css, image/png, image/gif, image/jpeg, image/svg+xml. #101, #120. (Thanks, @mrpasquini!) +* Added :noopener HTML scrubber (Thanks, [@tastycode](https://github.com/tastycode)!) +* Support `data` URIs with the following media types: text/plain, text/css, image/png, image/gif, image/jpeg, image/svg+xml. [#101](https://github.com/flavorjones/loofah/issues/101), [#120](https://github.com/flavorjones/loofah/issues/120). (Thanks, [@mrpasquini](https://github.com/mrpasquini)!) ### Bugfixes: -* The :unprintable scrubber now scrubs unprintable characters in CDATA nodes (like `<script>`). #124 -* Allow negative values in CSS properties. Restores functionality that was reverted in v2.0.3. #91 +* The :unprintable scrubber now scrubs unprintable characters in CDATA nodes (like `<script>`). [#124](https://github.com/flavorjones/loofah/issues/124) +* Allow negative values in CSS properties. Restores functionality that was reverted in v2.0.3. [#91](https://github.com/flavorjones/loofah/issues/91) ## 2.0.3 / 2015-08-17 ### Bug fixes: -* Revert support for negative values in CSS properties due to slow performance. #90 (Related to #85.) +* Revert support for negative values in CSS properties due to slow performance. [#90](https://github.com/flavorjones/loofah/issues/90) (Related to [#85](https://github.com/flavorjones/loofah/issues/85).) ## 2.0.2 / 2015-05-05 ### Bug fixes: -* Fix error with `#to_text` when Loofah::Helpers hadn't been required. #75 -* Allow multi-word data attributes. #84 (Thanks, @jstorimer!) -* Allow negative values in CSS properties. #85 (Thanks, @siddhartham!) +* Fix error with `#to_text` when Loofah::Helpers hadn't been required. [#75](https://github.com/flavorjones/loofah/issues/75) +* Allow multi-word data attributes. [#84](https://github.com/flavorjones/loofah/issues/84) (Thanks, [@jstorimer](https://github.com/jstorimer)!) +* Allow negative values in CSS properties. [#85](https://github.com/flavorjones/loofah/issues/85) (Thanks, [@siddhartham](https://github.com/siddhartham)!) ## 2.0.1 / 2014-08-21 ### Bug fixes: -* Load RR correctly when running test files directly. (Thanks, @ktdreyer!) +* Load RR correctly when running test files directly. (Thanks, [@ktdreyer](https://github.com/ktdreyer)!) ### Notes: -* Extracted HTML5::Scrub#scrub_css_attribute to accommodate the Rails integration work. (Thanks, @kaspth!) +* Extracted HTML5::Scrub#scrub_css_attribute to accommodate the Rails integration work. (Thanks, [@kaspth](https://github.com/kaspth)!) ## 2.0.0 / 2014-05-09 @@ -182,19 +189,19 @@ * tags: `article`, `aside`, `bdi`, `bdo`, `canvas`, `command`, `datalist`, `details`, `figcaption`, `figure`, `footer`, `header`, `mark`, `meter`, `nav`, `output`, `section`, `summary`, `time` * attributes: `data-*` (Thanks, Rafael Franca!) * URI attributes: `poster` and `preload` -* Addition of the `:unprintable` scrubber to remove unprintable characters from text nodes. #65 (Thanks, Matt Swanson!) -* `Loofah.fragment` accepts an optional encoding argument, compatible with `Nokogiri::HTML::DocumentFragment.parse`. #62 (Thanks, Ben Atkins!) +* Addition of the `:unprintable` scrubber to remove unprintable characters from text nodes. [#65](https://github.com/flavorjones/loofah/issues/65) (Thanks, Matt Swanson!) +* `Loofah.fragment` accepts an optional encoding argument, compatible with `Nokogiri::HTML::DocumentFragment.parse`. [#62](https://github.com/flavorjones/loofah/issues/62) (Thanks, Ben Atkins!) * HTML5 sanitizers now remove attributes without values. (Thanks, Kasper Timm Hansen!) ### Bug fixes: * HTML5 sanitizers' CSS keyword check now actually works (broken in v2.0). Additional regression tests added. (Thanks, Kasper Timm Hansen!) -* HTML5 sanitizers now allow negative arguments to CSS. #64 (Thanks, Jon Calhoun!) +* HTML5 sanitizers now allow negative arguments to CSS. [#64](https://github.com/flavorjones/loofah/issues/64) (Thanks, Jon Calhoun!) ## 1.2.1 (2012-04-14) -* Declaring encoding in html5/scrub.rb. Without this, use of the ruby -KU option would cause havoc. (#32) +* Declaring encoding in html5/scrub.rb. Without this, use of the ruby -KU option would cause havoc. ([#32](https://github.com/flavorjones/loofah/issues/32)) ## 1.2.0 (2011-08-08) @@ -212,7 +219,7 @@ * Additional HTML5lib whitelist elements (from html5lib 1524:80b5efe26230). Up to date with HTML5lib ruby code as of 1723:7ee6a0331856. * Whitelists (which are not part of the public API) are now Sets (were previously Arrays). -* Don't explode when encountering UTF-8 URIs. (#25, #29) +* Don't explode when encountering UTF-8 URIs. ([#25](https://github.com/flavorjones/loofah/issues/25), [#29](https://github.com/flavorjones/loofah/issues/29)) ## 1.0.0 (2010-10-26) @@ -230,7 +237,7 @@ * New methods Loofah::HTML::Document#to_text and Loofah::HTML::DocumentFragment#to_text do the right thing with whitespace. Note that these methods are significantly slower than - #text. GH #12 + #text. GH [#12](https://github.com/flavorjones/loofah/issues/12) * Loofah::Elements::BLOCK_LEVEL contains a canonical list of HTML4 block-level4 elements. * Loofah::HTML::Document#text and Loofah::HTML::DocumentFragment#text will return unescaped HTML entities by passing :encode_special_chars => false. @@ -244,7 +251,7 @@ ### Bug fixes: -* Loofah::XssFoliate was not properly escaping HTML entities when implicitly scrubbing a string attribute. GH #17 +* Loofah::XssFoliate was not properly escaping HTML entities when implicitly scrubbing a string attribute. GH [#17](https://github.com/flavorjones/loofah/issues/17) ## 0.4.3 (2010-01-29) @@ -272,7 +279,7 @@ ### Bug fixes: -* Supporting Rails apps that aren't loading ActiveRecord. GH #10 +* Supporting Rails apps that aren't loading ActiveRecord. GH [#10](https://github.com/flavorjones/loofah/issues/10) ### Miscellaneous: @@ -333,13 +340,13 @@ ### Enhancements: * when loaded in a Rails app, automatically extend ActiveRecord::Base - with html_fragment and html_document. GH #6 (Thanks Josh Nichols!) + with html_fragment and html_document. GH [#6](https://github.com/flavorjones/loofah/issues/6) (Thanks Josh Nichols!) ### Bugfixes: * ActiveRecord scrubbing should generate strings instead of Document or - DocumentFragment objects. GH #5 -* init.rb fixed to support installation as a Rails plugin. GH #6 + DocumentFragment objects. GH [#5](https://github.com/flavorjones/loofah/issues/5) +* init.rb fixed to support installation as a Rails plugin. GH [#6](https://github.com/flavorjones/loofah/issues/6) (Thanks Josh Nichols!) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Gemfile new/Gemfile --- old/Gemfile 2020-04-05 22:51:03.000000000 +0200 +++ new/Gemfile 2020-06-16 23:21:33.000000000 +0200 @@ -15,9 +15,10 @@ gem "hoe-debugging", "~>2.0", :group => [:development, :test] gem "hoe-bundler", "~>1.5", :group => [:development, :test] gem "hoe-git", "~>1.6", :group => [:development, :test] +gem "hoe-markdown", "~>1.2", :group => [:development, :test] gem "concourse", ">=0.26.0", :group => [:development, :test] gem "rubocop", ">=0.76.0", :group => [:development, :test] gem "rdoc", ">=4.0", "<7", :group => [:development, :test] -gem "hoe", "~>3.20", :group => [:development, :test] +gem "hoe", "~>3.22", :group => [:development, :test] # vim: syntax=ruby diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/Rakefile new/Rakefile --- old/Rakefile 2020-04-05 22:51:03.000000000 +0200 +++ new/Rakefile 2020-06-16 23:21:33.000000000 +0200 @@ -6,19 +6,18 @@ Hoe.plugin :gemspec Hoe.plugin :bundler Hoe.plugin :debugging +Hoe.plugin :markdown Hoe.spec "loofah" do developer "Mike Dalessio", "mike.dales...@gmail.com" developer "Bryan Helmkamp", "br...@brynary.com" - self.history_file = "CHANGELOG.md" - self.readme_file = "README.md" self.license "MIT" self.urls = { "home" => "https://github.com/flavorjones/loofah", "bugs" => "https://github.com/flavorjones/loofah/issues", "doco" => "https://www.rubydoc.info/gems/loofah/", - "clog" => "https://github.com/flavorjones/loofah/master/CHANGELOG.md", + "clog" => "https://github.com/flavorjones/loofah/blob/master/CHANGELOG.md", "code" => "https://github.com/flavorjones/loofah", } @@ -33,6 +32,7 @@ extra_dev_deps << ["hoe-debugging", "~> 2.0"] extra_dev_deps << ["hoe-bundler", "~> 1.5"] extra_dev_deps << ["hoe-git", "~> 1.6"] + extra_dev_deps << ["hoe-markdown", "~> 1.2"] extra_dev_deps << ["concourse", ">=0.26.0"] extra_dev_deps << ["rubocop", ">=0.76.0"] end Binary files old/checksums.yaml.gz and new/checksums.yaml.gz differ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/lib/loofah/html5/safelist.rb new/lib/loofah/html5/safelist.rb --- old/lib/loofah/html5/safelist.rb 2020-04-05 22:51:03.000000000 +0200 +++ new/lib/loofah/html5/safelist.rb 2020-06-16 23:21:33.000000000 +0200 @@ -614,9 +614,13 @@ "collapse", "dashed", "dotted", + "double", "fuchsia", "gray", "green", + "groove", + "hidden", + "inset", "italic", "left", "lime", @@ -627,9 +631,11 @@ "normal", "nowrap", "olive", + "outset", "pointer", "purple", "red", + "ridge", "right", "silver", "solid", diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/lib/loofah.rb new/lib/loofah.rb --- old/lib/loofah.rb 2020-04-05 22:51:03.000000000 +0200 +++ new/lib/loofah.rb 2020-06-16 23:21:33.000000000 +0200 @@ -29,7 +29,7 @@ # module Loofah # The version of Loofah you are using - VERSION = "2.5.0" + VERSION = "2.6.0" class << self # Shortcut for Loofah::HTML::Document.parse diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/metadata new/metadata --- old/metadata 2020-04-05 22:51:03.000000000 +0200 +++ new/metadata 2020-06-16 23:21:33.000000000 +0200 @@ -1,7 +1,7 @@ --- !ruby/object:Gem::Specification name: loofah version: !ruby/object:Gem::Version - version: 2.5.0 + version: 2.6.0 platform: ruby authors: - Mike Dalessio @@ -9,7 +9,7 @@ autorequire: bindir: bin cert_chain: [] -date: 2020-04-05 00:00:00.000000000 Z +date: 2020-06-16 00:00:00.000000000 Z dependencies: - !ruby/object:Gem::Dependency name: nokogiri @@ -152,6 +152,20 @@ - !ruby/object:Gem::Version version: '1.6' - !ruby/object:Gem::Dependency + name: hoe-markdown + requirement: !ruby/object:Gem::Requirement + requirements: + - - "~>" + - !ruby/object:Gem::Version + version: '1.2' + type: :development + prerelease: false + version_requirements: !ruby/object:Gem::Requirement + requirements: + - - "~>" + - !ruby/object:Gem::Version + version: '1.2' +- !ruby/object:Gem::Dependency name: concourse requirement: !ruby/object:Gem::Requirement requirements: @@ -263,7 +277,7 @@ homepage_uri: https://github.com/flavorjones/loofah bug_tracker_uri: https://github.com/flavorjones/loofah/issues documentation_uri: https://www.rubydoc.info/gems/loofah/ - changelog_uri: https://github.com/flavorjones/loofah/master/CHANGELOG.md + changelog_uri: https://github.com/flavorjones/loofah/blob/master/CHANGELOG.md source_code_uri: https://github.com/flavorjones/loofah post_install_message: rdoc_options: