From 48725f722883d303dbdc9e077c598c07e8565f41 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 16 Oct 2023 09:02:31 +0000
Subject: [PATCH] [chore]: Bump github.com/microcosm-cc/bluemonday from 1.0.25
 to 1.0.26 (#2266)

---
 go.mod                                                   | 2 +-
 go.sum                                                   | 4 ++--
 .../github.com/microcosm-cc/bluemonday/CONTRIBUTING.md   | 9 ++++-----
 vendor/github.com/microcosm-cc/bluemonday/Makefile       | 8 ++++----
 .../github.com/microcosm-cc/bluemonday/css/handlers.go   | 5 +++--
 vendor/github.com/microcosm-cc/bluemonday/sanitize.go    | 2 +-
 vendor/modules.txt                                       | 4 ++--
 7 files changed, 17 insertions(+), 17 deletions(-)

diff --git a/go.mod b/go.mod
index 8ffe8244f..b98fdd5b8 100644
--- a/go.mod
+++ b/go.mod
@@ -34,7 +34,7 @@ require (
 	github.com/h2non/filetype v1.1.3
 	github.com/jackc/pgconn v1.14.1
 	github.com/jackc/pgx/v5 v5.4.3
-	github.com/microcosm-cc/bluemonday v1.0.25
+	github.com/microcosm-cc/bluemonday v1.0.26
 	github.com/miekg/dns v1.1.56
 	github.com/minio/minio-go/v7 v7.0.63
 	github.com/mitchellh/mapstructure v1.5.0
diff --git a/go.sum b/go.sum
index 91836f3ef..a0c8cc67b 100644
--- a/go.sum
+++ b/go.sum
@@ -429,8 +429,8 @@ github.com/mattn/go-isatty v0.0.14/go.mod h1:7GGIvUiUoEMVVmxf/4nioHXj79iQHKdU27k
 github.com/mattn/go-isatty v0.0.19 h1:JITubQf0MOLdlGRuRq+jtsDlekdYPia9ZFsB8h/APPA=
 github.com/mattn/go-isatty v0.0.19/go.mod h1:W+V8PltTTMOvKvAeJH7IuucS94S2C6jfK/D7dTCTo3Y=
 github.com/mattn/go-sqlite3 v2.0.3+incompatible h1:gXHsfypPkaMZrKbD5209QV9jbUTJKjyR5WD3HYQSd+U=
-github.com/microcosm-cc/bluemonday v1.0.25 h1:4NEwSfiJ+Wva0VxN5B8OwMicaJvD8r9tlJWm9rtloEg=
-github.com/microcosm-cc/bluemonday v1.0.25/go.mod h1:ZIOjCQp1OrzBBPIJmfX4qDYFuhU02nx4bn030ixfHLE=
+github.com/microcosm-cc/bluemonday v1.0.26 h1:xbqSvqzQMeEHCqMi64VAs4d8uy6Mequs3rQ0k/Khz58=
+github.com/microcosm-cc/bluemonday v1.0.26/go.mod h1:JyzOCs9gkyQyjs+6h10UEVSe02CGwkhd72Xdqh78TWs=
 github.com/miekg/dns v1.1.56 h1:5imZaSeoRNvpM9SzWNhEcP9QliKiz20/dA2QabIGVnE=
 github.com/miekg/dns v1.1.56/go.mod h1:cRm6Oo2C8TY9ZS/TqsSrseAcncm74lfK5G+ikN2SWWY=
 github.com/minio/md5-simd v1.1.2 h1:Gdi1DZK69+ZVMoNHRXJyNcxrMA4dSxoYHZSQbirFg34=
diff --git a/vendor/github.com/microcosm-cc/bluemonday/CONTRIBUTING.md b/vendor/github.com/microcosm-cc/bluemonday/CONTRIBUTING.md
index 1d4b24434..61b8cd352 100644
--- a/vendor/github.com/microcosm-cc/bluemonday/CONTRIBUTING.md
+++ b/vendor/github.com/microcosm-cc/bluemonday/CONTRIBUTING.md
@@ -10,6 +10,7 @@ Third-party patches are essential for keeping bluemonday secure and offering the
 
 1. Do not vendor dependencies. As a security package, were we to vendor dependencies the projects that then vendor bluemonday may not receive the latest security updates to the dependencies. By not vendoring dependencies the project that implements bluemonday will vendor the latest version of any dependent packages. Vendoring is a project problem, not a package problem. bluemonday will be tested against the latest version of dependencies periodically and during any PR/merge.
 2. I do not care about spelling mistakes or whitespace and I do not believe that you should either. PRs therefore must be functional in their nature or be substantial and impactful if documentation or examples.
+3. This module does not participate in hacktober, please make your contributions meaningful.
 
 ## Submitting an Issue
 
@@ -45,8 +46,6 @@ We haven't gone for the formal "Sign a Contributor Licence Agreement" thing that
 
 But we do need to know that we can accept and merge your contributions, so for now the act of contributing a pull request should be considered equivalent to agreeing to a contributor licence agreement, specifically:
 
-You accept that the act of submitting code to the bluemonday project is to grant a copyright licence to the project that is perpetual, worldwide, non-exclusive, no-charge, royalty free and irrevocable.
-
-You accept that all who comply with the licence of the project (BSD 3-clause) are permitted to use your contributions to the project.
-
-You accept, and by submitting code do declare, that you have the legal right to grant such a licence to the project and that each of the contributions is your own original creation.
+* You accept that the act of submitting code to the bluemonday project is to grant a copyright licence to the project that is perpetual, worldwide, non-exclusive, no-charge, royalty free and irrevocable.
+* You accept that all who comply with the licence of the project (BSD 3-clause) are permitted to use your contributions to the project.
+* You accept, and by submitting code do declare, that you have the legal right to grant such a licence to the project and that each of the contributions is your own original creation.
diff --git a/vendor/github.com/microcosm-cc/bluemonday/Makefile b/vendor/github.com/microcosm-cc/bluemonday/Makefile
index dcd042a71..97e9541d6 100644
--- a/vendor/github.com/microcosm-cc/bluemonday/Makefile
+++ b/vendor/github.com/microcosm-cc/bluemonday/Makefile
@@ -6,7 +6,7 @@
 #   fmt-check:    Check if the source files are formated
 #   build:        Builds the code locally
 #   vet:          Vets the code
-#   lint:         Runs lint over the code (you do not need to fix everything)
+#   staticcheck:  Runs staticcheck over the code
 #   test:         Runs the tests
 #   cover:        Gives you the URL to a nice test coverage report
 #
@@ -33,8 +33,8 @@ build:
 vet:
 	@go vet
 
-lint:
-	@golint *.go
+staticcheck:
+	@staticcheck ./...
 
 test:
 	@go test -v ./...
@@ -42,7 +42,7 @@ test:
 cover: COVERAGE_FILE := coverage.out
 cover:
 	@go test -coverprofile=$(COVERAGE_FILE) && \
-	cover -html=$(COVERAGE_FILE) && rm $(COVERAGE_FILE)
+	go tool cover -html=$(COVERAGE_FILE) && rm $(COVERAGE_FILE)
 
 install:
 	@go install ./...
diff --git a/vendor/github.com/microcosm-cc/bluemonday/css/handlers.go b/vendor/github.com/microcosm-cc/bluemonday/css/handlers.go
index e0429cf25..f8b8b61af 100644
--- a/vendor/github.com/microcosm-cc/bluemonday/css/handlers.go
+++ b/vendor/github.com/microcosm-cc/bluemonday/css/handlers.go
@@ -366,10 +366,11 @@ func in(value []string, arr []string) bool {
 
 func splitValues(value string) []string {
 	values := strings.Split(value, ",")
+	newValues := []string{}
 	for _, strippedValue := range values {
-		strippedValue = strings.ToLower(strings.TrimSpace(strippedValue))
+		newValues = append(newValues, strings.ToLower(strings.TrimSpace(strippedValue)))
 	}
-	return values
+	return newValues
 }
 
 func GetDefaultHandler(attr string) func(string) bool {
diff --git a/vendor/github.com/microcosm-cc/bluemonday/sanitize.go b/vendor/github.com/microcosm-cc/bluemonday/sanitize.go
index 2792fb33b..1f8d85526 100644
--- a/vendor/github.com/microcosm-cc/bluemonday/sanitize.go
+++ b/vendor/github.com/microcosm-cc/bluemonday/sanitize.go
@@ -998,7 +998,7 @@ func linkable(elementName string) bool {
 // stringInSlice returns true if needle exists in haystack
 func stringInSlice(needle string, haystack []string) bool {
 	for _, straw := range haystack {
-		if strings.ToLower(straw) == strings.ToLower(needle) {
+		if strings.EqualFold(straw, needle) {
 			return true
 		}
 	}
diff --git a/vendor/modules.txt b/vendor/modules.txt
index f32252fe6..4c01bd545 100644
--- a/vendor/modules.txt
+++ b/vendor/modules.txt
@@ -380,8 +380,8 @@ github.com/magiconair/properties
 # github.com/mattn/go-isatty v0.0.19
 ## explicit; go 1.15
 github.com/mattn/go-isatty
-# github.com/microcosm-cc/bluemonday v1.0.25
-## explicit; go 1.19
+# github.com/microcosm-cc/bluemonday v1.0.26
+## explicit; go 1.21
 github.com/microcosm-cc/bluemonday
 github.com/microcosm-cc/bluemonday/css
 # github.com/miekg/dns v1.1.56