Upgrade Sanitize to 4.6.4 to fix CVE-2018-3740

See rgrove/sanitize#176

Fixes gollum#295

gemspec.rb

@@ -32,7 +32,7 @@ def specification(version, default_adapter, platform = nil)
       s.add_dependency 'nokogiri', '>= 1.6.1', '< 2.0'
     end
     s.add_dependency 'stringex', '~> 2.6'
-    s.add_dependency 'sanitize', '~> 2.1'
+    s.add_dependency 'sanitize', '~> 4.6.4'
     s.add_dependency 'github-markup', '~> 1.6'
     s.add_dependency 'gemojione', '~> 3.2'
 

lib/gollum-lib/filter/sanitize.rb

@@ -8,7 +8,7 @@ def extract(data)
   def process(data)
     if @markup.sanitize
       doc = Nokogiri::HTML::DocumentFragment.parse(data)
-      doc = @markup.sanitize.clean_node!(doc)
+      doc = @markup.sanitize.node!(doc)
 
       doc.to_xml(@markup.to_xml_opts)
     else

lib/gollum-lib/page.rb

@@ -121,7 +121,7 @@ def name
     #
     # Returns the fully sanitized String title.
     def title
-      Sanitize.clean(name).strip
+      Sanitize.fragment(name).strip
     end
 
     # Public: Determines if this is a sub-page

lib/gollum-lib/sanitization.rb

@@ -150,7 +150,7 @@ def history_sanitization
       end
     end
 
-    # Builds a Hash of options suitable for Sanitize.clean.
+    # Builds a Hash of options suitable for Sanitize.fragment.
     #
     # Returns a Hash.
     def to_hash

test/test_markup.rb

@@ -16,7 +16,7 @@
     assert @wiki.pages[0].formatted_data
   end
 
-  # This test is to assume that Sanitize.clean doesn't raise Encoding::CompatibilityError on ruby 1.9
+  # This test is to assume that Sanitize.fragment doesn't raise Encoding::CompatibilityError on ruby 1.9
   test "formats non ASCII-7 character page from Wiki#pages" do
     wiki = Gollum::Wiki.new(testpath("examples/yubiwa.git"))
     assert_nothing_raised(defined?(Encoding) && Encoding::CompatibilityError) do