Update sanitize to v6.0.0

This requires Nokogiri v1.12 and eliminates Nokogumbo as Nokogiri includes both.

Update sanitize to v6.0.0
This requires Nokogiri v1.12 and eliminates Nokogumbo as Nokogiri includes both.
4f15096c · Stan Hu · e3c195f6 · 4f15096c · 4f15096c · 4f15096c
Commit 4f15096c authored Jan 05, 2022 by Stan Hu
4 changed files
--- a/Gemfile
+++ b/Gemfile
@@ -264,7 +264,7 @@ gem 'ruby-fogbugz', '~> 0.2.1'
 gem 'kubeclient', '~> 4.9.2'
 # Sanitize user input
-gem 'sanitize', '~> 5.2.1'
+gem 'sanitize', '~> 6.0'
 gem 'babosa', '~> 1.0.4'
 # Sanitizes SVG input

--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -795,8 +795,6 @@ GEM
    nokogiri (1.12.5)
      mini_portile2 (~> 2.6.1)
      racc (~> 1.4)
-    nokogumbo (2.0.2)
-      nokogiri (~> 1.8, >= 1.8.4)
    notiffany (0.1.3)
      nenv (~> 0.1)
      shellany (~> 0.0)
@@ -1144,10 +1142,9 @@ GEM
    safe_yaml (1.0.4)
    safety_net_attestation (0.4.0)
      jwt (~> 2.0)
-    sanitize (5.2.1)
+    sanitize (6.0.0)
      crass (~> 1.0.2)
-      nokogiri (>= 1.8.0)
+      nokogiri (>= 1.12.0)
-      nokogumbo (~> 2.0)
    sass (3.5.5)
      sass-listen (~> 4.0.0)
    sass-listen (4.0.0)
@@ -1624,7 +1621,7 @@ DEPENDENCIES
  ruby_parser (~> 3.15)
  rubyzip (~> 2.0.0)
  rugged (~> 1.2)
-  sanitize (~> 5.2.1)
+  sanitize (~> 6.0)
  sassc-rails (~> 2.1.0)
  sd_notify (~> 0.1.0)
  seed-fu (~> 2.3.7)

--- a/lib/banzai/filter/base_sanitization_filter.rb
+++ b/lib/banzai/filter/base_sanitization_filter.rb
@@ -42,7 +42,7 @@ module Banzai
          # Allow any protocol in `a` elements
          # and then remove links with unsafe protocols
          allowlist[:protocols].delete('a')
-          allowlist[:transformers].push(self.class.method(:remove_unsafe_links))
+          allowlist[:transformers].push(self.class.method(:sanitize_unsafe_links))
          # Remove `rel` attribute from `a` elements
          allowlist[:transformers].push(self.class.remove_rel)

--- a/lib/gitlab/utils/sanitize_node_link.rb
+++ b/lib/gitlab/utils/sanitize_node_link.rb
@@ -8,6 +8,12 @@ module Gitlab
      UNSAFE_PROTOCOLS  = %w(data javascript vbscript).freeze
      ATTRS_TO_SANITIZE = %w(href src data-src data-canonical-src).freeze
+      # sanitize 6.0 requires only a context argument. Do not add any default
+      # arguments to this method.
+      def sanitize_unsafe_links(env)
+        remove_unsafe_links(env)
+      end
      def remove_unsafe_links(env, remove_invalid_links: true)
        node = env[:node]