dep: bump dependency on loofah

flavorjones · flavorjones · commit 48ae90acfce9 · 2022-12-12T17:29:01.000-05:00
v2.19.1 has the new methods we're using:

- Loofah::HTML5::Scrub.cdata_needs_escaping?
- Loofah::HTML5::Scrub.cdata_escape
- Loofah::HTML5::Scrub.scrub_uri_attribute
- Loofah::HTML5::Scrub.scrub_attribute_that_allows_local_ref

avoiding code duplication in this gem.
diff --git a/rails-html-sanitizer.gemspec b/rails-html-sanitizer.gemspec
@@ -26,7 +26,7 @@ Gem::Specification.new do |spec|
 
   # NOTE: There's no need to update this dependency for Loofah CVEs
   # in minor releases when users can simply run `bundle update loofah`.
-  spec.add_dependency "loofah", "~> 2.3"
+  spec.add_dependency "loofah", "~> 2.19", ">= 2.19.1"
 
   spec.add_development_dependency "bundler", ">= 1.3"
   spec.add_development_dependency "rake"
