RubyGems - acfs - Versions diffs - 1.7.0 → 2.0.0 - Mend

acfs 1.7.0 → 2.0.0

Files changed (237) hide show

data/vendor/bundle/ruby/3.4.0/gems/rails-dom-testing-2.2.0/README.md ADDED Viewed

@@ -0,0 +1,91 @@
+# Rails::Dom::Testing
+This gem is responsible for comparing HTML doms and asserting that DOM elements are present in Rails applications.
+Doms are compared via `assert_dom_equal` and `assert_dom_not_equal`.
+Elements are asserted via `assert_dom`, `assert_dom_encoded`, `assert_dom_email` and a subset of the dom can be selected with `css_select`.
+The gem is developed for Rails 4.2 and above, and will not work on previous versions.
+## Usage
+### Dom Assertions
+```ruby
+assert_dom_equal '<h1>Lingua França</h1>', '<h1>Lingua França</h1>'
+assert_dom_not_equal '<h1>Portuguese</h1>', '<h1>Danish</h1>'
+```
+### Selector Assertions
+```ruby
+# implicitly selects from the document_root_element
+css_select '.hello' # => Nokogiri::XML::NodeSet of elements with hello class
+# select from a supplied node. assert_dom asserts elements exist.
+assert_dom document_root_element.at('.hello'), '.goodbye'
+# elements in CDATA encoded sections can also be selected
+assert_dom_encoded '#out-of-your-element'
+# assert elements within an html email exists
+assert_dom_email '#you-got-mail'
+```
+The documentation in [selector_assertions.rb](https://github.com/rails/rails-dom-testing/blob/master/lib/rails/dom/testing/assertions/selector_assertions.rb) goes into a lot more detail of how selector assertions can be used.
+### HTML versions
+By default, assertions will use Nokogiri's HTML4 parser.
+If `Rails::Dom::Testing.default_html_version` is set to `:html5`, then the assertions will use
+Nokogiri's HTML5 parser. (If the HTML5 parser is not available on your platform, then a
+`NotImplementedError` will be raised.)
+When testing in a Rails application, the parser default can also be set by setting
+`Rails.application.config.dom_testing_default_html_version`.
+Some assertions support an `html_version:` keyword argument which can override the default for that
+assertion. For example:
+``` ruby
+# compare DOMs built with the HTML5 parser
+assert_dom_equal(expected, actual, html_version: :html5)
+# compare DOMs built with the HTML4 parser
+assert_dom_not_equal(expected, actual, html_version: :html4)
+```
+Please see documentation for individual assertions for more details.
+## Installation
+Add this line to your application's Gemfile:
+    gem 'rails-dom-testing'
+And then execute:
+    $ bundle
+Or install it yourself as:
+    $ gem install rails-dom-testing
+## Read more
+Under the hood the doms are parsed with Nokogiri, and you'll generally be working with these two classes:
+- [`Nokogiri::XML::Node`](http://www.rubydoc.info/github/sparklemotion/nokogiri/Nokogiri/XML/Node)
+- [`Nokogiri::XML::NodeSet`](http://www.rubydoc.info/github/sparklemotion/nokogiri/Nokogiri/XML/NodeSet)
+Read more about Nokogiri:
+- [Nokogiri](http://nokogiri.org)
+## Contributing to Rails::Dom::Testing
+Rails::Dom::Testing is work of many contributors. You're encouraged to submit pull requests, propose
+features and discuss issues.
+See [CONTRIBUTING](CONTRIBUTING.md).
+## License
+Rails::Dom::Testing is released under the [MIT License](MIT-LICENSE).

data/vendor/bundle/ruby/3.4.0/gems/rails-html-sanitizer-1.6.2/CHANGELOG.md ADDED Viewed

@@ -0,0 +1,255 @@
+## v1.6.2 / 2024-12-12
+* `PermitScrubber` fully supports frozen "allowed tags".
+  v1.6.1 introduced safety checks that may remove unsafe tags from the allowed list, which
+  introduced a regression for applications passing a frozen array of allowed tags. Tags and
+  attributes are now properly copied when they are passed to the scrubber.
+  Fixes #195.
+  *Mike Dalessio*
+## 1.6.1 / 2024-12-02
+This is a performance and security release which addresses several possible XSS vulnerabilities.
+* The dependency on Nokogiri is updated to v1.15.7 or >=1.16.8.
+  This change addresses CVE-2024-53985 (GHSA-w8gc-x259-rc7x).
+  *Mike Dalessio*
+* Disallowed tags will be pruned when they appear in foreign content (i.e. SVG or MathML content),
+  regardless of the `prune:` option value. Previously, disallowed tags were "stripped" unless the
+  gem was configured with the `prune: true` option.
+  The CVEs addressed by this change are:
+  - CVE-2024-53986 (GHSA-638j-pmjw-jq48)
+  - CVE-2024-53987 (GHSA-2x5m-9ch4-qgrr)
+  *Mike Dalessio*
+* The tags "noscript", "mglyph", and "malignmark" will not be allowed, even if explicitly added to
+  the allowlist. If applications try to allow any of these tags, a warning is emitted and the tags
+  are removed from the allow-list.
+  The CVEs addressed by this change are:
+  - CVE-2024-53988 (GHSA-cfjx-w229-hgx5)
+  - CVE-2024-53989 (GHSA-rxv5-gxqc-xx8g)
+  Please note that we _may_ restore support for allowing "noscript" in a future release. We do not
+  expect to ever allow "mglyph" or "malignmark", though, especially since browser support is minimal
+  for these tags.
+  *Mike Dalessio*
+* Improve performance by eliminating needless operations on attributes that are being removed. #188
+  *Mike Dalessio*
+## 1.6.0 / 2023-05-26
+* Dependencies have been updated:
+  - Loofah `~>2.21` and Nokogiri `~>1.14` for HTML5 parser support
+  - As a result, required Ruby version is now `>= 2.7.0`
+  Security updates will continue to be made on the `1.5.x` release branch as long as Rails 6.1
+  (which supports Ruby 2.5) is still in security support.
+  *Mike Dalessio*
+* HTML5 standards-compliant sanitizers are now available on platforms supported by
+  Nokogiri::HTML5. These are available as:
+  - `Rails::HTML5::FullSanitizer`
+  - `Rails::HTML5::LinkSanitizer`
+  - `Rails::HTML5::SafeListSanitizer`
+  And a new "vendor" is provided at `Rails::HTML5::Sanitizer` that can be used in a future version
+  of Rails.
+  Note that for symmetry `Rails::HTML4::Sanitizer` is also added, though its behavior is identical
+  to the vendor class methods on `Rails::HTML::Sanitizer`.
+  Users may call `Rails::HTML::Sanitizer.best_supported_vendor` to get back the HTML5 vendor if it's
+  supported, else the legacy HTML4 vendor.
+  *Mike Dalessio*
+* Module namespaces have changed, but backwards compatibility is provided by aliases.
+  The library defines three additional modules:
+  - `Rails::HTML` for general functionality (replacing `Rails::Html`)
+  - `Rails::HTML4` containing sanitizers that parse content as HTML4
+  - `Rails::HTML5` containing sanitizers that parse content as HTML5
+  The following aliases are maintained for backwards compatibility:
+  - `Rails::Html` points to `Rails::HTML`
+  - `Rails::HTML::FullSanitizer` points to `Rails::HTML4::FullSanitizer`
+  - `Rails::HTML::LinkSanitizer` points to `Rails::HTML4::LinkSanitizer`
+  - `Rails::HTML::SafeListSanitizer` points to `Rails::HTML4::SafeListSanitizer`
+  *Mike Dalessio*
+* `LinkSanitizer` always returns UTF-8 encoded strings. `SafeListSanitizer` and `FullSanitizer`
+  already ensured this encoding.
+  *Mike Dalessio*
+* `SafeListSanitizer` allows `time` tag and `lang` attribute by default.
+  *Mike Dalessio*
+* The constant `Rails::Html::XPATHS_TO_REMOVE` has been removed. It's not necessary with the
+  existing sanitizers, and should have been a private constant all along anyway.
+  *Mike Dalessio*
+## 1.5.0 / 2023-01-20
+* `SafeListSanitizer`, `PermitScrubber`, and `TargetScrubber` now all support pruning of unsafe tags.
+  By default, unsafe tags are still stripped, but this behavior can be changed to prune the element
+  and its children from the document by passing `prune: true` to any of these classes' constructors.
+  *seyerian*
+## 1.4.4 / 2022-12-13
+* Address inefficient regular expression complexity with certain configurations of Rails::Html::Sanitizer.
+  Fixes CVE-2022-23517. See
+  [GHSA-5x79-w82f-gw8w](https://github.com/rails/rails-html-sanitizer/security/advisories/GHSA-5x79-w82f-gw8w)
+  for more information.
+  *Mike Dalessio*
+* Address improper sanitization of data URIs.
+  Fixes CVE-2022-23518 and #135. See
+  [GHSA-mcvf-2q2m-x72m](https://github.com/rails/rails-html-sanitizer/security/advisories/GHSA-mcvf-2q2m-x72m)
+  for more information.
+  *Mike Dalessio*
+* Address possible XSS vulnerability with certain configurations of Rails::Html::Sanitizer.
+  Fixes CVE-2022-23520. See
+  [GHSA-rrfc-7g8p-99q8](https://github.com/rails/rails-html-sanitizer/security/advisories/GHSA-rrfc-7g8p-99q8)
+  for more information.
+  *Mike Dalessio*
+* Address possible XSS vulnerability with certain configurations of Rails::Html::Sanitizer.
+  Fixes CVE-2022-23519. See
+  [GHSA-9h9g-93gc-623h](https://github.com/rails/rails-html-sanitizer/security/advisories/GHSA-9h9g-93gc-623h)
+  for more information.
+  *Mike Dalessio*
+## 1.4.3 / 2022-06-09
+* Address a possible XSS vulnerability with certain configurations of Rails::Html::Sanitizer.
+  Prevent the combination of `select` and `style` as allowed tags in SafeListSanitizer.
+  Fixes CVE-2022-32209
+  *Mike Dalessio*
+## 1.4.2 / 2021-08-23
+* Slightly improve performance.
+  Assuming elements are more common than comments, make one less method call per node.
+  *Mike Dalessio*
+## 1.4.1 / 2021-08-18
+* Fix regression in v1.4.0 that did not pass comment nodes to the scrubber.
+  Some scrubbers will want to override the default behavior and allow comments, but v1.4.0 only
+  passed through elements to the scrubber's `keep_node?` method.
+  This change once again allows the scrubber to make the decision on comment nodes, but still skips
+  other non-elements like processing instructions (see #115).
+  *Mike Dalessio*
+## 1.4.0 / 2021-08-18
+* Processing Instructions are no longer allowed by Rails::Html::PermitScrubber
+  Previously, a PI with a name (or "target") matching an allowed tag name was not scrubbed. There
+  are no known security issues associated with these PIs, but similar to comments it's preferred to
+  omit these nodes when possible from sanitized output.
+  Fixes #115.
+  *Mike Dalessio*
+## 1.3.0
+* Address deprecations in Loofah 2.3.0.
+  *Josh Goodall*
+## 1.2.0
+* Remove needless `white_list_sanitizer` deprecation.
+  By deprecating this, we were forcing Rails 5.2 to be updated or spew
+  deprecations that users could do nothing about.
+  That's pointless and I'm sorry for adding that!
+  Now there's no deprecation warning and Rails 5.2 works out of the box, while
+  Rails 6 can use the updated naming.
+  *Kasper Timm Hansen*
+## 1.1.0
+* Add `safe_list_sanitizer` and deprecate `white_list_sanitizer` to be removed
+  in 1.2.0. https://github.com/rails/rails-html-sanitizer/pull/87
+  *Juanito Fatas*
+* Remove `href` from LinkScrubber's `tags` as it's not an element.
+  https://github.com/rails/rails-html-sanitizer/pull/92
+  *Juanito Fatas*
+* Explain that we don't need to bump Loofah here if there's CVEs.
+  https://github.com/rails/rails-html-sanitizer/commit/d4d823c617fdd0064956047f7fbf23fff305a69b
+  *Kasper Timm Hansen*
+## 1.0.1
+* Added support for Rails 4.2.0.beta2 and above
+## 1.0.0
+* First release.

data/vendor/bundle/ruby/3.4.0/gems/rails-html-sanitizer-1.6.2/MIT-LICENSE ADDED Viewed

@@ -0,0 +1,23 @@
+Copyright (c) 2013-2023 Rafael Mendonça França, Kasper Timm Hansen, Mike Dalessio
+MIT License
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+"Software"), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

data/vendor/bundle/ruby/3.4.0/gems/rails-html-sanitizer-1.6.2/README.md ADDED Viewed

@@ -0,0 +1,267 @@
+# Rails HTML Sanitizers
+This gem is responsible for sanitizing HTML fragments in Rails applications. Specifically, this is the set of sanitizers used to implement the Action View `SanitizerHelper` methods `sanitize`, `sanitize_css`, `strip_tags` and `strip_links`.
+Rails HTML Sanitizer is only intended to be used with Rails applications. If you need similar functionality but aren't using Rails, consider using the underlying sanitization library [Loofah](https://github.com/flavorjones/loofah) directly.
+## Usage
+### Sanitizers
+All sanitizers respond to `sanitize`, and are available in variants that use either HTML4 or HTML5 parsing, under the `Rails::HTML4` and `Rails::HTML5` namespaces, respectively.
+NOTE: The HTML5 sanitizers are not supported on JRuby. Users may programmatically check for support by calling `Rails::HTML::Sanitizer.html5_support?`.
+#### FullSanitizer
+```ruby
+full_sanitizer = Rails::HTML5::FullSanitizer.new
+full_sanitizer.sanitize("<b>Bold</b> no more!  <a href='more.html'>See more here</a>...")
+# => Bold no more!  See more here...
+```
+or, if you insist on parsing the content as HTML4:
+```ruby
+full_sanitizer = Rails::HTML4::FullSanitizer.new
+full_sanitizer.sanitize("<b>Bold</b> no more!  <a href='more.html'>See more here</a>...")
+# => Bold no more!  See more here...
+```
+#### LinkSanitizer
+```ruby
+link_sanitizer = Rails::HTML5::LinkSanitizer.new
+link_sanitizer.sanitize('<a href="example.com">Only the link text will be kept.</a>')
+# => Only the link text will be kept.
+```
+or, if you insist on parsing the content as HTML4:
+```ruby
+link_sanitizer = Rails::HTML4::LinkSanitizer.new
+link_sanitizer.sanitize('<a href="example.com">Only the link text will be kept.</a>')
+# => Only the link text will be kept.
+```
+#### SafeListSanitizer
+This sanitizer is also available as an HTML4 variant, but for simplicity we'll document only the HTML5 variant below.
+```ruby
+safe_list_sanitizer = Rails::HTML5::SafeListSanitizer.new
+# sanitize via an extensive safe list of allowed elements
+safe_list_sanitizer.sanitize(@article.body)
+# sanitize only the supplied tags and attributes
+safe_list_sanitizer.sanitize(@article.body, tags: %w(table tr td), attributes: %w(id class style))
+# sanitize via a custom scrubber
+safe_list_sanitizer.sanitize(@article.body, scrubber: ArticleScrubber.new)
+# prune nodes from the tree instead of stripping tags and leaving inner content
+safe_list_sanitizer = Rails::HTML5::SafeListSanitizer.new(prune: true)
+# the sanitizer can also sanitize css
+safe_list_sanitizer.sanitize_css('background-color: #000;')
+```
+### Scrubbers
+Scrubbers are objects responsible for removing nodes or attributes you don't want in your HTML document.
+This gem includes two scrubbers `Rails::HTML::PermitScrubber` and `Rails::HTML::TargetScrubber`.
+#### `Rails::HTML::PermitScrubber`
+This scrubber allows you to permit only the tags and attributes you want.
+```ruby
+scrubber = Rails::HTML::PermitScrubber.new
+scrubber.tags = ['a']
+html_fragment = Loofah.fragment('<a><img/ ></a>')
+html_fragment.scrub!(scrubber)
+html_fragment.to_s # => "<a></a>"
+```
+By default, inner content is left, but it can be removed as well.
+```ruby
+scrubber = Rails::HTML::PermitScrubber.new
+scrubber.tags = ['a']
+html_fragment = Loofah.fragment('<a><span>text</span></a>')
+html_fragment.scrub!(scrubber)
+html_fragment.to_s # => "<a>text</a>"
+scrubber = Rails::HTML::PermitScrubber.new(prune: true)
+scrubber.tags = ['a']
+html_fragment = Loofah.fragment('<a><span>text</span></a>')
+html_fragment.scrub!(scrubber)
+html_fragment.to_s # => "<a></a>"
+```
+#### `Rails::HTML::TargetScrubber`
+Where `PermitScrubber` picks out tags and attributes to permit in sanitization,
+`Rails::HTML::TargetScrubber` targets them for removal. See https://github.com/flavorjones/loofah/blob/main/lib/loofah/html5/safelist.rb for the tag list.
+**Note:** by default, it will scrub anything that is not part of the permitted tags from
+loofah `HTML5::Scrub.allowed_element?`.
+```ruby
+scrubber = Rails::HTML::TargetScrubber.new
+scrubber.tags = ['img']
+html_fragment = Loofah.fragment('<a><img/ ></a>')
+html_fragment.scrub!(scrubber)
+html_fragment.to_s # => "<a></a>"
+```
+Similarly to `PermitScrubber`, nodes can be fully pruned.
+```ruby
+scrubber = Rails::HTML::TargetScrubber.new
+scrubber.tags = ['span']
+html_fragment = Loofah.fragment('<a><span>text</span></a>')
+html_fragment.scrub!(scrubber)
+html_fragment.to_s # => "<a>text</a>"
+scrubber = Rails::HTML::TargetScrubber.new(prune: true)
+scrubber.tags = ['span']
+html_fragment = Loofah.fragment('<a><span>text</span></a>')
+html_fragment.scrub!(scrubber)
+html_fragment.to_s # => "<a></a>"
+```
+#### Custom Scrubbers
+You can also create custom scrubbers in your application if you want to.
+```ruby
+class CommentScrubber < Rails::HTML::PermitScrubber
+  def initialize
+    super
+    self.tags = %w( form script comment blockquote )
+    self.attributes = %w( style )
+  end
+  def skip_node?(node)
+    node.text?
+  end
+end
+```
+See `Rails::HTML::PermitScrubber` documentation to learn more about which methods can be overridden.
+#### Custom Scrubber in a Rails app
+Using the `CommentScrubber` from above, you can use this in a Rails view like so:
+```ruby
+<%= sanitize @comment, scrubber: CommentScrubber.new %>
+```
+### A note on HTML entities
+__Rails HTML sanitizers are intended to be used by the view layer, at page-render time. They are *not* intended to sanitize persisted strings that will be sanitized *again* at page-render time.__
+Proper HTML sanitization will replace some characters with HTML entities. For example, text containing a `<` character will be updated to contain `&lt;` to ensure that the markup is well-formed.
+This is important to keep in mind because __HTML entities will render improperly if they are sanitized twice.__
+#### A concrete example showing the problem that can arise
+Imagine the user is asked to enter their employer's name, which will appear on their public profile page. Then imagine they enter `JPMorgan Chase & Co.`.
+If you sanitize this before persisting it in the database, the stored string will be `JPMorgan Chase &amp; Co.`
+When the page is rendered, if this string is sanitized a second time by the view layer, the HTML will contain `JPMorgan Chase &amp;amp; Co.` which will render as "JPMorgan Chase &amp;amp; Co.".
+Another problem that can arise is rendering the sanitized string in a non-HTML context (for example, if it ends up being part of an SMS message). In this case, it may contain inappropriate HTML entities.
+#### Suggested alternatives
+You might simply choose to persist the untrusted string as-is (the raw input), and then ensure that the string will be properly sanitized by the view layer.
+That raw string, if rendered in an non-HTML context (like SMS), must also be sanitized by a method appropriate for that context. You may wish to look into using [Loofah](https://github.com/flavorjones/loofah) or [Sanitize](https://github.com/rgrove/sanitize) to customize how this sanitization works, including omitting HTML entities in the final string.
+If you really want to sanitize the string that's stored in your database, you may wish to look into  [Loofah::ActiveRecord](https://github.com/flavorjones/loofah-activerecord) rather than use the Rails HTML sanitizers.
+### A note on module names
+In versions < 1.6, the only module defined by this library was `Rails::Html`. Starting in 1.6, we define three additional modules:
+- `Rails::HTML` for general functionality (replacing `Rails::Html`)
+- `Rails::HTML4` containing sanitizers that parse content as HTML4
+- `Rails::HTML5` containing sanitizers that parse content as HTML5 (if supported)
+The following aliases are maintained for backwards compatibility:
+- `Rails::Html` points to `Rails::HTML`
+- `Rails::HTML::FullSanitizer` points to `Rails::HTML4::FullSanitizer`
+- `Rails::HTML::LinkSanitizer` points to `Rails::HTML4::LinkSanitizer`
+- `Rails::HTML::SafeListSanitizer` points to `Rails::HTML4::SafeListSanitizer`
+## Installation
+Add this line to your application's Gemfile:
+    gem 'rails-html-sanitizer'
+And then execute:
+    $ bundle
+Or install it yourself as:
+    $ gem install rails-html-sanitizer
+## Support matrix
+| branch | ruby support | actively maintained | security support                       |
+|--------|--------------|---------------------|----------------------------------------|
+| 1.6.x  | >= 2.7       | yes                 | yes                                    |
+| 1.5.x  | >= 2.5       | no                  | while Rails 6.1 is in security support |
+| 1.4.x  | >= 1.8.7     | no                  | no                                     |
+## Read more
+Loofah is what underlies the sanitizers and scrubbers of rails-html-sanitizer.
+- [Loofah and Loofah Scrubbers](https://github.com/flavorjones/loofah)
+The `node` argument passed to some methods in a custom scrubber is an instance of `Nokogiri::XML::Node`.
+- [`Nokogiri::XML::Node`](https://nokogiri.org/rdoc/Nokogiri/XML/Node.html)
+- [Nokogiri](http://nokogiri.org)
+## Contributing to Rails HTML Sanitizers
+Rails HTML Sanitizers is work of many contributors. You're encouraged to submit pull requests, propose features and discuss issues.
+See [CONTRIBUTING](CONTRIBUTING.md).
+### Security reports
+Trying to report a possible security vulnerability in this project? Please check out the [Rails project's security policy](https://rubyonrails.org/security) for instructions.
+## License
+Rails HTML Sanitizers is released under the [MIT License](MIT-LICENSE).

data/vendor/bundle/ruby/3.4.0/gems/rake-13.2.1/MIT-LICENSE ADDED Viewed

@@ -0,0 +1,21 @@
+Copyright (c) Jim Weirich
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+"Software"), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.