build(deps): bump github.com/grokify/brandkit from 0.2.0 to 0.4.0

[dependabot]

Bumps github.com/grokify/brandkit from 0.2.0 to 0.4.0.

Release notes

Sourced from github.com/grokify/brandkit's releases.

v0.4.0

Release Notes: v0.4.0

Full Changelog: grokify/brandkit@v0.3.0...v0.4.0

v0.3.0

Release Notes: v0.3.0

Full Changelog: grokify/brandkit@v0.2.0...v0.3.0

Changelog

Sourced from github.com/grokify/brandkit's changelog.

[v0.4.0] - 2026-02-26

Highlights

• SVG security scanning to detect XSS and session hijacking threats
• SVG sanitization to remove malicious elements while preserving valid content
• Security scanning integrated into processing pipelines with CI support

Security

• Detects script elements (<script>) and self-closing script tags (critical)
• Detects dangerous URI schemes: javascript:, vbscript:, data:text/html (critical)
• Detects event handler attributes (onclick, onload, onerror, onmouseover, etc.) (critical)
• Detects external references: href="http://...", xlink:href, foreignObject, url() in styles, external <use> refs (high)
• Detects XML entities: <!DOCTYPE>, <!ENTITY> declarations for XXE prevention (high)
• Detects animation elements: <animate>, <animateTransform>, <animateMotion>, <set> (medium)
• Detects <style> blocks that may contain malicious CSS (low)
• Detects <a> anchor/link elements unnecessary for static images (medium)

Added

• Public svg/security package for programmatic security scanning with 7 ThreatType values: ThreatScript, ThreatEventHandler, ThreatExternalRef, ThreatAnimation, ThreatStyleBlock, ThreatLink, ThreatXMLEntity
• Security scanning functions: security.SVG(), security.SVGWithLevel(), security.Directory(), security.DirectoryRecursive(), security.ScanContent(), security.ScanContentWithLevel()
• Scan levels: ScanLevelStrict (all threats) and ScanLevelStandard (critical/high only)
• Sanitization functions: security.Sanitize(), security.SanitizeContent() with configurable SanitizeOptions
• Team report generation: security.GenerateReport() outputs multi-agent-spec team-report JSON format
• CLI command brandkit security-scan with --report, --strict, --project, --version flags
• CLI command brandkit security-scan-all for recursive security scanning with JSON report output
• CLI command brandkit sanitize for removing threats from SVG files with selective removal options
• Makefile targets security-scan-all and sanitize-all for batch operations

Changed

• CLI commands brandkit white and brandkit color now perform security scanning by default
• Added --insecure flag to white and color commands to warn instead of fail on threats
• Library functions ProcessWhite() and ProcessColor() now include security scanning in pipeline
• ProcessResult struct extended with SecurityScanned and SecurityThreats fields

Tests

• 24 unit tests for security scanning covering all 7 threat types and scan levels
• Tests verify sanitized output remains valid SVG and passes security scan
• Tests cover ScanLevelStrict vs ScanLevelStandard behavior differences

Infrastructure

• GitHub Actions workflow verify.yaml updated to include security scanning step

[v0.3.0] - 2026-02-14

... (truncated)

Commits

• f36ec07 docs: regenerate CHANGELOG.md for v0.4.0
• 66cb4c3 docs: move release notes to docs/releases and add v0.4.0
• ad94af0 fix(security): add XML entity sanitization and use standard mode in CI
• a9480b4 chore: update changelog and gitignore for v0.4.0
• baadd8c docs: add MkDocs documentation site
• 2b7e181 feat(whatsapp): add WhatsApp brand icons
• 78737c0 ci: add security scanning step to verify workflow
• 125d5a6 feat(process): integrate security scanning into white/color pipelines
• e484a36 feat(cli): add security-scan and sanitize CLI commands
• 4abaf88 test(security): add security scanning unit tests
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)