Subject: CVS commit: pkgsrc/www/ruby-loofah
From: Takahiro Kambe
Date: 2019-10-22 18:24:20
Message id: 20191022162421.0E54AFA75@cvs.NetBSD.org

Log Message:
www/ruby-loofah: update to 2.3.1

## 2.3.1 / 2019-10-22

### Security

Address CVE-2019-15587: Unsanitized JavaScript may occur in sanitized output \ 
when a crafted SVG element is republished.

This CVE's public notice is at https://github.com/flavorjones/loofah/issues/171

## 2.3.0 / unreleased

### Features

* Expand set of allowed protocols to include `tel:` and `line:`. [#104, #147]
* Expand set of allowed CSS functions. [related to #122]
* Allow greater precision in shorthand CSS values. [#149] (Thanks, @danfstucky!)
* Allow CSS property `list-style` [#162] (Thanks, @jaredbeck!)
* Allow CSS keywords `thick` and `thin` [#168] (Thanks, @georgeclaghorn!)
* Allow HTML property `contenteditable` [#167] (Thanks, @andreynering!)

### Bug fixes

* CSS hex values are no longer limited to lowercase hex. Previously uppercase \ 
hex were scrubbed. [#165] (Thanks, @asok!)

### Deprecations / Name Changes

The following method and constants are hereby deprecated, and will be completely \ 
removed in a future release:

* Deprecate `Loofah::Helpers::ActionView.white_list_sanitizer`, please use \ 
`Loofah::Helpers::ActionView.safe_list_sanitizer` instead.
* Deprecate `Loofah::Helpers::ActionView::WhiteListSanitizer`, please use \ 
`Loofah::Helpers::ActionView::SafeListSanitizer` instead.
* Deprecate `Loofah::HTML5::WhiteList`, please use `Loofah::HTML5::SafeList` instead.

Thanks to @JuanitoFatas for submitting these changes in #164 and for making the \ 
language used in Loofah more inclusive.

Files:
RevisionActionfile
1.6modifypkgsrc/www/ruby-loofah/Makefile
1.5modifypkgsrc/www/ruby-loofah/PLIST
1.6modifypkgsrc/www/ruby-loofah/distinfo