chore(deps): update dependency bleach to v6#201
Conversation
|
Kudos, SonarCloud Quality Gate passed!
|
renovate
Bot
force-pushed
the
renovate/bleach-6.x
branch
from
eee8c28 to
e67799e
Compare
|
Kudos, SonarCloud Quality Gate passed!
|
renovate
Bot
changed the title
renovate
Bot
force-pushed
the
renovate/bleach-6.x
branch
from
e67799e to
ce68d55
Compare
|
Kudos, SonarCloud Quality Gate passed!
|
renovate
Bot
force-pushed
the
renovate/bleach-6.x
branch
from
ce68d55 to
8ce6026
Compare
|
renovate
Bot
force-pushed
the
renovate/bleach-6.x
branch
from
8ce6026 to
cfaa934
Compare
|
renovate
Bot
force-pushed
the
renovate/bleach-6.x
branch
from
cfaa934 to
ad1ad1b
Compare
|
This PR contains the following updates:
==5.0.1→==6.4.0Release Notes
mozilla/bleach (bleach)
v6.4.0Compare Source
NOTE: 2026-06-05: Bleach is no longer maintained. There will be no future
releases including for security issues.
See issue:
<https://github.com/mozilla/bleach/issues/698>__Backwards incompatible changes
Security fixes
Fix bug
2023812/ GHSA-8rfp-98v4-mmr6.Fix XSS issue with sanitize_uri_value where disallowed schemes with
Unicode invisible characters wouldn't be rejected.
For example::
import bleach
payload1 = 'Click'
result1 = bleach.clean(payload1)
print(repr(result1))
outputs::
'Click'
See the advisory for details.
Fix GHSA-gj48-438w-jh9v.
Fix issue where URI sanitization wasn't happening in formaction attributes.
See the advisory for details.
Bug fixes
Add support for pypy 3.11. (#764)
Drop version max in tinycss2 pin. (#772)
This removes one of the things we had to keep checking and updating. Users
now own the responsibility for correctness with the version of tinycss2
they're using.
v6.3.0Compare Source
Backwards incompatible changes
Security fixes
None
Bug fixes
v6.2.0Compare Source
Backwards incompatible changes
Security fixes
None
Bug fixes
v6.1.0Compare Source
Backwards incompatible changes
Security fixes
None
Bug fixes
v6.0.0Compare Source
Backwards incompatible changes
bleach.clean,bleach.sanitizer.Cleaner,bleach.html5lib_shim.BleachHTMLParser: thetagsandprotocolsarguments were changed from lists to sets.
Old pre-6.0.0:
.. code-block:: python
bleach.clean(
"some text",
tags=["a", "p", "img"],
^ ^ list
^ ^ list
New 6.0.0 and later:
.. code-block:: python
^ ^ set
^ ^ set
bleach.linkify,bleach.linkifier.Linker: theskip_tagsandrecognized_tagsarguments were changed from lists to sets.Old pre-6.0.0:
.. code-block:: python
bleach.linkify(
"some text",
skip_tags=["pre"],
^ ^ list
^ ^ list
^ ^ ^ list
|
| list concatenation
New 6.0.0 and later:
.. code-block:: python
^ ^ set
^ ^ set
^ ^ ^ set
|
| union operator
bleach.sanitizer.BleachSanitizerFilter:strip_allowed_elementsis nowstrip_allowed_tags. We now use "tags" everywhere rather than a mishmashof "tags" in some places and "elements" in others.
Security fixes
None
Bug fixes
Add support for Python 3.11. (#675)
Fix API weirness in
BleachSanitizerFilter. (#649)We're using "tags" instead of "elements" everywhere--no more weird
overloading of "elements" anymore.
Also, it no longer calls the superclass constructor.
Add warning when
css_sanitizerisn't set, but thestyleattribute is allowed. (#676)
Fix linkify handling of character entities. (#501)
Rework dev dependencies to use
requirements-dev.txtandrequirements-flake8.txtinstead of extras.Fix project infrastructure to be tox-based so it's easier to have CI
run the same things we're running in development and with flake8
in an isolated environment.
Update action versions in CI.
Switch to f-strings where possible. Make tests parametrized to be
easier to read/maintain.
Configuration
📅 Schedule: (in timezone Asia/Tehran)
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR was generated by Mend Renovate. View the repository job log.