[chore]: Bump github.com/microcosm-cc/bluemonday from 1.0.25 to 1.0.26 (#2266)

go.mod

@@ -34,7 +34,7 @@ require (
 	github.com/h2non/filetype v1.1.3
 	github.com/jackc/pgconn v1.14.1
 	github.com/jackc/pgx/v5 v5.4.3
-	github.com/microcosm-cc/bluemonday v1.0.25
+	github.com/microcosm-cc/bluemonday v1.0.26
 	github.com/miekg/dns v1.1.56
 	github.com/minio/minio-go/v7 v7.0.63
 	github.com/mitchellh/mapstructure v1.5.0

go.sum

@@ -429,8 +429,8 @@ github.com/mattn/go-isatty v0.0.14/go.mod h1:7GGIvUiUoEMVVmxf/4nioHXj79iQHKdU27k
 github.com/mattn/go-isatty v0.0.19 h1:JITubQf0MOLdlGRuRq+jtsDlekdYPia9ZFsB8h/APPA=
 github.com/mattn/go-isatty v0.0.19/go.mod h1:W+V8PltTTMOvKvAeJH7IuucS94S2C6jfK/D7dTCTo3Y=
 github.com/mattn/go-sqlite3 v2.0.3+incompatible h1:gXHsfypPkaMZrKbD5209QV9jbUTJKjyR5WD3HYQSd+U=
-github.com/microcosm-cc/bluemonday v1.0.25 h1:4NEwSfiJ+Wva0VxN5B8OwMicaJvD8r9tlJWm9rtloEg=
-github.com/microcosm-cc/bluemonday v1.0.25/go.mod h1:ZIOjCQp1OrzBBPIJmfX4qDYFuhU02nx4bn030ixfHLE=
+github.com/microcosm-cc/bluemonday v1.0.26 h1:xbqSvqzQMeEHCqMi64VAs4d8uy6Mequs3rQ0k/Khz58=
+github.com/microcosm-cc/bluemonday v1.0.26/go.mod h1:JyzOCs9gkyQyjs+6h10UEVSe02CGwkhd72Xdqh78TWs=
 github.com/miekg/dns v1.1.56 h1:5imZaSeoRNvpM9SzWNhEcP9QliKiz20/dA2QabIGVnE=
 github.com/miekg/dns v1.1.56/go.mod h1:cRm6Oo2C8TY9ZS/TqsSrseAcncm74lfK5G+ikN2SWWY=
 github.com/minio/md5-simd v1.1.2 h1:Gdi1DZK69+ZVMoNHRXJyNcxrMA4dSxoYHZSQbirFg34=

vendor/github.com/microcosm-cc/bluemonday/CONTRIBUTING.md

@@ -10,6 +10,7 @@ Third-party patches are essential for keeping bluemonday secure and offering the
 
 1. Do not vendor dependencies. As a security package, were we to vendor dependencies the projects that then vendor bluemonday may not receive the latest security updates to the dependencies. By not vendoring dependencies the project that implements bluemonday will vendor the latest version of any dependent packages. Vendoring is a project problem, not a package problem. bluemonday will be tested against the latest version of dependencies periodically and during any PR/merge.
 2. I do not care about spelling mistakes or whitespace and I do not believe that you should either. PRs therefore must be functional in their nature or be substantial and impactful if documentation or examples.
+3. This module does not participate in hacktober, please make your contributions meaningful.
 
 ## Submitting an Issue
 
@@ -45,8 +46,6 @@ We haven't gone for the formal "Sign a Contributor Licence Agreement" thing that
 
 But we do need to know that we can accept and merge your contributions, so for now the act of contributing a pull request should be considered equivalent to agreeing to a contributor licence agreement, specifically:
 
-You accept that the act of submitting code to the bluemonday project is to grant a copyright licence to the project that is perpetual, worldwide, non-exclusive, no-charge, royalty free and irrevocable.
-
-You accept that all who comply with the licence of the project (BSD 3-clause) are permitted to use your contributions to the project.
-
-You accept, and by submitting code do declare, that you have the legal right to grant such a licence to the project and that each of the contributions is your own original creation.
+* You accept that the act of submitting code to the bluemonday project is to grant a copyright licence to the project that is perpetual, worldwide, non-exclusive, no-charge, royalty free and irrevocable.
+* You accept that all who comply with the licence of the project (BSD 3-clause) are permitted to use your contributions to the project.
+* You accept, and by submitting code do declare, that you have the legal right to grant such a licence to the project and that each of the contributions is your own original creation.

vendor/github.com/microcosm-cc/bluemonday/Makefile

@@ -6,7 +6,7 @@
 #   fmt-check:    Check if the source files are formated
 #   build:        Builds the code locally
 #   vet:          Vets the code
-#   lint:         Runs lint over the code (you do not need to fix everything)
+#   staticcheck:  Runs staticcheck over the code
 #   test:         Runs the tests
 #   cover:        Gives you the URL to a nice test coverage report
 #
@@ -33,8 +33,8 @@ build:
 vet:
 	@go vet
 
-lint:
-	@golint *.go
+staticcheck:
+	@staticcheck ./...
 
 test:
 	@go test -v ./...
@@ -42,7 +42,7 @@ test:
 cover: COVERAGE_FILE := coverage.out
 cover:
 	@go test -coverprofile=$(COVERAGE_FILE) && \
-	cover -html=$(COVERAGE_FILE) && rm $(COVERAGE_FILE)
+	go tool cover -html=$(COVERAGE_FILE) && rm $(COVERAGE_FILE)
 
 install:
 	@go install ./...

vendor/github.com/microcosm-cc/bluemonday/css/handlers.go

@@ -366,10 +366,11 @@ func in(value []string, arr []string) bool {
 
 func splitValues(value string) []string {
 	values := strings.Split(value, ",")
+	newValues := []string{}
 	for _, strippedValue := range values {
-		strippedValue = strings.ToLower(strings.TrimSpace(strippedValue))
+		newValues = append(newValues, strings.ToLower(strings.TrimSpace(strippedValue)))
 	}
-	return values
+	return newValues
 }
 
 func GetDefaultHandler(attr string) func(string) bool {

vendor/github.com/microcosm-cc/bluemonday/sanitize.go

@@ -998,7 +998,7 @@ func linkable(elementName string) bool {
 // stringInSlice returns true if needle exists in haystack
 func stringInSlice(needle string, haystack []string) bool {
 	for _, straw := range haystack {
-		if strings.ToLower(straw) == strings.ToLower(needle) {
+		if strings.EqualFold(straw, needle) {
 			return true
 		}
 	}

vendor/modules.txt

@@ -380,8 +380,8 @@ github.com/magiconair/properties
 # github.com/mattn/go-isatty v0.0.19
 ## explicit; go 1.15
 github.com/mattn/go-isatty
-# github.com/microcosm-cc/bluemonday v1.0.25
-## explicit; go 1.19
+# github.com/microcosm-cc/bluemonday v1.0.26
+## explicit; go 1.21
 github.com/microcosm-cc/bluemonday
 github.com/microcosm-cc/bluemonday/css
 # github.com/miekg/dns v1.1.56