v1.22.0-pre2

See CHANGELOG for changes.

v1.21.3: Minfilia Warde - Echo 3

Fixes GHSA-jhjj-2g64-px7c

This could allow an attacker to craft an Anubis pass-challenge URL that forces
a redirect to nonstandard URLs, such as the `javascript:` scheme which executes
arbitrary JavaScript code in a browser context when the user clicks the "Try
again" button.

This has been fixed by disallowing any URLs without the scheme `http` or
`https`.

Additionally, the "Try again" button has been fixed to completely ignore the
user-supplied redirect location. It now redirects to the home page (`/`).