From 48ae90acfce9cacbd7cec9963498f6a7b5bc3d5c Mon Sep 17 00:00:00 2001
From: Mike Dalessio <mike.dalessio@gmail.com>
Date: Mon, 12 Dec 2022 17:29:01 -0500
Subject: [PATCH] dep: bump dependency on loofah

v2.19.1 has the new methods we're using:

- Loofah::HTML5::Scrub.cdata_needs_escaping?
- Loofah::HTML5::Scrub.cdata_escape
- Loofah::HTML5::Scrub.scrub_uri_attribute
- Loofah::HTML5::Scrub.scrub_attribute_that_allows_local_ref

avoiding code duplication in this gem.
---
 rails-html-sanitizer.gemspec | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/rails-html-sanitizer.gemspec b/rails-html-sanitizer.gemspec
index c9637b7..653084c 100644
--- a/rails-html-sanitizer.gemspec
+++ b/rails-html-sanitizer.gemspec
@@ -26,7 +26,7 @@ Gem::Specification.new do |spec|
 
   # NOTE: There's no need to update this dependency for Loofah CVEs
   # in minor releases when users can simply run `bundle update loofah`.
-  spec.add_dependency "loofah", "~> 2.3"
+  spec.add_dependency "loofah", "~> 2.19", ">= 2.19.1"
 
   spec.add_development_dependency "bundler", ">= 1.3"
   spec.add_development_dependency "rake"