Remove SPDX header from LICENSE to enable GitHub auto-detection

Update go.mod to force golang.org/x/net to latest

Bumping version and ensuring latest golang.org/x/net as the HTTP rapid reset is triggering primitive vuln scanners, we do not implement a HTTP2 server and are not vulnerable but a minor bump can still help reduce noise for those searching for what they need to upgrade and patch.

Retract everything <= 1.0.24

Due to improvements where the most secure version is also the
most recent version.

Merge pull request #173 from microcosm-cc/dependabot/go_modules/golan…

…g.org/x/net-0.10.0

Bump golang.org/x/net from 0.8.0 to 0.10.0

Retract v1.0.22 and prior due to old x/net dependency

Old dependency of x/net was vulnerable to CVE-2022-41723 and required an update, v1.0.23 of bluemonday has the update and we retract the old versions

Merge pull request #162 from microcosm-cc/buro9/161

Add picture to allowlist of elements that do not need attributes to resolve #161

go mod && go fmt: update dependencies and format code

Updated x/net/html to ensure latest version from the Go team, retract…

…ed v1.0.19 to ensure the latest version is used

Only test n-1 Go versions

Merge pull request #138 from kiwiz/main

Fix incorrect handling of iframe SandboxValues