Update netcarver/textile requirement from v4.1.1 to v4.1.3 in the composer group

[dependabot]

Updates the requirements on netcarver/textile to permit the latest version.
Updates netcarver/textile to 4.1.3

Release notes

Sourced from netcarver/textile's releases.

v4.1.3

• This is a security update, which fixes stored XSS vulnerability in image link handing.
• Fixed: In restricted mode, restrict image link protocol. Previously and an image link's href allowed all protocols in restricted mode. Now it goes through the same validation as text links.

Changelog

Sourced from netcarver/textile's changelog.

h1. Changelog

Here's a summary of changes in each release. The list doesn't include some small changes or updates to test cases.

h2. Version 4.1.4 - upcoming

h2. "Version 4.1.3 - 2025/01/07":https://github.com/textile/php-textile/releases/tag/v4.1.3

• This is a security update, which fixes stored XSS vulnerability in image link handing.
• Fixed: In restricted mode, restrict image link protocol. Previously and an image link's href allowed all protocols in restricted mode. Now it goes through the same validation as text links.

h2. "Version 4.1.2 - 2024/08/29":https://github.com/textile/php-textile/releases/tag/v4.1.2

• Fix PHP 8.4 compatibility issues (closes "#227":textile/php-textile#227).

h2. "Version 4.1.1 - 2024/06/07":https://github.com/textile/php-textile/releases/tag/v4.1.1

• Links are now rendered when block tags are disabled (closes "#225":textile/php-textile#225).

h2. "Version 4.1.0 - 2024/01/02":https://github.com/textile/php-textile/releases/tag/v4.1.0

• Support @:@ and @!@ characters in CSS class names (closes "#224":textile/php-textile#224).
• Support including textile escape sequences inside link title attribute (closes "#223":textile/php-textile#223).

h2. "Version 4.0.0 - 2022/12/03":https://github.com/textile/php-textile/releases/tag/v4.0.0

• HTML void tags render a self-closing slash based on the given document type. If @​Parser::setDocumentType()@ is given @​Parser::DOCTYPE_XHTML@, self-closing tags are used, otherwise not.

h2. "Version 3.8.0 - 2022/12/03":https://github.com/textile/php-textile/releases/tag/v3.8.0

• Added @​Parser::setAlignClasses()@ and @​Parser::isAlignClassesEnabled()@. This can be used to enable img alignment classes in XHTML output document mode, instead of the default align attribute.
• Added @​Parser::DOCTYPE_HTML5@ and @​Parser::DOCTYPE_XHTML@ constants. These can be used with @​Parser::setDocumentType()@ to specify the output document type.

h2. "Version 3.7.7 - 2022/05/01":https://github.com/textile/php-textile/releases/tag/v3.7.7

• Fix deprecation errors that appear on PHP >= 8.1 about preg_split limit argument's NULL value.

h2. "Version 3.7.6 - 2020/01/08":https://github.com/textile/php-textile/releases/tag/v3.7.6

• Support consecutive links without whitespace between using bracket syntax (closes "#202":textile/php-textile#202, "#205":textile/php-textile#205 and "#206":textile/php-textile#206).

h2. "Version 3.7.5 - 2019/12/16":https://github.com/textile/php-textile/releases/tag/v3.7.5

• Fix PHP 7.4 compatibility issues (closes "#199":textile/php-textile#199).

h2. "Version 3.7.4 - 2019/12/15":https://github.com/textile/php-textile/releases/tag/v3.7.4

• Fix issue where an inline tag preceding the last character, that is a glyph, is not rendered if the block tags are disabled with @​Parser::setBlockTags@ (closes "#198":textile/php-textile#198).

h2. "Version 3.7.3 - 2019/08/30":https://github.com/textile/php-textile/releases/tag/v3.7.3

... (truncated)

Commits

• a16ccd9 Version 4.1.3
• ab18ae9 In restricted mode, restrict image link protocol
• 5764751 By default test on PHP 8.4
• 7461852 Create SECURITY.md
• 498804e Bump dev version
• ddedb2b Marks v4.1.2
• fe5fe1e Update phony with shell
• d479524 Try resolving GitHub Actions issues
• 70137f3 Fix PHP 8.4 compatibility
• 2aa23a5 Update CI checkout action
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions
  You can disable automated security fix PRs for this repo from the Security Alerts page.