Bump github.com/vapor/leaf-kit from 1.14.0 to 1.14.2 in /examples/agentkey

[dependabot]

Bumps github.com/vapor/leaf-kit from 1.14.0 to 1.14.2.

Release notes

Sourced from github.com/vapor/leaf-kit's releases.

1.14.2 - Properly HTML-escape collection values (GHSA-6jj5-j4j8-8473)

⚠️ SECURITY UPDATE ⚠️

This release addresses a security issue where HTML escaping was not being applied to Leaf variable substitutions which addressed array or dictionary data. This allowed for XSS attacks if the content of such data was at least partially under user control.

For more details, see the security advisory: GHSA-6jj5-j4j8-8473.

Thanks to @​iCMDdev for reporting this!

Full Changelog: vapor/leaf-kit@1.14.1...1.14.2

1.14.1

⚠️ Security Update ⚠️

This release fixes a security issue where HTML escaping could be bypassed using unicode extended grapheme clusters. For example, the combination "́, (U+0022 + U+0301), forms a single extended grapheme cluster that Swift would treat as different from the standalone " character, causing the escaping function to skip it. HTML on the other hand would treat them as separate code points (" + ´) and interpret the quotation mark as a single character. This would therefore allow XSS injections attacks. The escaping function now operates on a Unicode level to properly escape all HTML special characters.

For more details see GHSA-4hfh-fch3-5q7p. Thanks to @​bawolff for reporting this!

Full Changelog: vapor/leaf-kit@1.14.0...1.14.1

Commits

• 6044b84 Merge commit from fork
• 8ff0683 Add Swift to Dependabot
• 90431d0 Add permissions to api-docs.yml
• 03ea4af Add permissions to test.yml
• e84a3d1 Fix comma for 6.0
• 8919e39 Merge commit from fork
• 0d3ba21 Bump actions/checkout from 5 to 6 in the dependencies group (#144)
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  You can disable automated security fix PRs for this repo from the Security Alerts page.