chore(deps): bump github.com/msutara/config-manager-core from 0.4.3 to 0.4.8

[dependabot]

Bumps github.com/msutara/config-manager-core from 0.4.3 to 0.4.8.

Release notes

Sourced from github.com/msutara/config-manager-core's releases.

config-manager-core v0.4.6

Config Manager v0.4.6

Umbrella binary for headless Debian/ARM device management. Embeds all plugins (update, network) and exposes a REST API consumed by the TUI and web frontends.

What's New

Security hardening release completing the BiDi/control character sanitization audit across both the raw HTML and template rendering paths in the web UI. Also picks up TUI CI maintenance.

Component Versions

Component	Version	Changes
config-manager-core	v0.4.6	go.mod bump to latest UI versions
config-manager-web	v0.4.6	BiDi sanitization (raw HTML + templates)
config-manager-tui	v0.4.4	CI maintenance (markdownlint action v19→v22)
cm-plugin-network	v0.4.5	—
cm-plugin-update	v0.4.5	—

🔐 Security (via web v0.4.5 + v0.4.6)

Raw HTML path (v0.4.5, PR #46):

• sanitizeForDisplay() strips C0, C1, DEL, and all 12 BiDi control characters
• safeHTML() = sanitize + HTML-escape applied to all 10 html.EscapeString call sites
• ZWJ preserved for emoji sequences

Template path (v0.4.6, PR #48):

• sanitizeBody() preserves \n/\t for <pre> log blocks while stripping control/BiDi chars
• sanitize and sanitizeBody registered in template.FuncMap
• 12 template expressions across 6 files now use | sanitize or | sanitizeBody pipes
• 7 route handlers pre-sanitize error data via sanitizeErr() (defense-in-depth)
• Login error from URL query parameter sanitized

🧪 Tests

• TestSanitizeForDisplay — 22 cases (C0/C1/DEL, all 12 BiDi codepoints, ZWJ, invalid UTF-8)
• TestSafeHTML — 5 cases
• TestSanitizeBody — 30 cases (newline/tab preservation, ANSI stripping, BiDi parity with TUI)
• TestSanitizeErr — 4 cases (nil safety, control chars, BiDi)
• TestTemplateFuncMapRegistration + TestTemplateSanitizeConditional — 5 cases

🔧 Maintenance (via tui v0.4.4)

• Bump markdownlint-cli2-action v19 → v22
• Add go.work to .gitignore

Downloads

Architecture	Package

... (truncated)

Commits

• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)