Upgrade to sanitize 7.0

No specific motivation here, no awareness of security issues; this is just an important gem to be unusually on top of, to prevent XSS attacks. We were previously on 6.1.3, the previous release, and the only changes were Ruby compatibility and additionally supported CSS properties (which we don't use). But this just keeps us more easily plugged into potentially important fixes down the line.
2026-01-17 21:57:45 -08:00 · 2026-01-17 21:57:45 -08:00 · 359f368d80
commit 359f368d80
parent 8a34fe76a2
4 changed files with 4 additions and 4 deletions
--- a/2
+++ b/2
@ -40,7 +40,7 @@ gem 'nokogiri', '~> 1.15', '>= 1.15.3'
 # For safely rendering users' Markdown + HTML on item list pages.
 gem 'rdiscount', '~> 2.2', '>= 2.2.7.1'
-gem 'sanitize', '~> 6.0', '>= 6.0.2'
+gem 'sanitize', '~> 7.0'
 # For working with Neopets APIs.
 # unstable version of RocketAMF interprets info registry as a hash instead of an array
--- a/Gemfile.lock
+++ b/Gemfile.lock
@ -398,9 +398,9 @@ GEM
    samovar (2.4.1)
      console (~> 1.0)
      mapping (~> 1.0)
-    sanitize (6.1.3)
+    sanitize (7.0.0)
      crass (~> 1.0.2)
-      nokogiri (>= 1.12.0)
+      nokogiri (>= 1.16.8)
    sass-rails (6.0.0)
      sassc-rails (~> 2.1, >= 2.1.1)
    sassc (2.4.0)
@ -512,7 +512,7 @@ DEPENDENCIES
  rdiscount (~> 2.2, >= 2.2.7.1)
  rspec-rails (~> 7.0)
  ruby-vips (~> 2.2)
-  sanitize (~> 6.0, >= 6.0.2)
+  sanitize (~> 7.0)
  sass-rails (~> 6.0)
  sentry-rails (~> 5.12)
  sentry-ruby (~> 5.12)
--- a/vendor/cache/sanitize-6.1.3.gem
+++ b/vendor/cache/sanitize-6.1.3.gem
--- a/vendor/cache/sanitize-7.0.0.gem
+++ b/vendor/cache/sanitize-7.0.0.gem