Skip to content

Bump justhtml from 2.2.0 to 3.0.0#7642

Closed
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/uv/justhtml-3.0.0
Closed

Bump justhtml from 2.2.0 to 3.0.0#7642
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/uv/justhtml-3.0.0

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jun 22, 2026

Copy link
Copy Markdown
Contributor

Bumps justhtml from 2.2.0 to 3.0.0.

Release notes

Sourced from justhtml's releases.

Release v3.0.0

JustHTML 3.0.0 ships a new parser core. The old tokenizer and tree-builder are now one integrated system, which makes the parser much faster while keeping browser-style HTML5 recovery and default-safe behavior intact. In practice, this release is mainly about getting materially better performance without asking most users to change how they use the library.

The breaking part is narrow: if you do not depend on doc.errors or on the exact diagnostic details raised by strict=True, this release should behave like a faster, more robust JustHTML. If you do depend on parser diagnostics, expect different error codes, counts, locations, and ordering from the old implementation.

Changed

  • Replace the legacy tokenizer/tree-builder split with one plan-driven parser engine shared across sanitized, unsanitized, fragment, streaming, diagnostic, and source-location modes. This is a new parser architecture, not just an optimization pass: scanning, tree construction, and default-safe decisions now run as one coordinated system.
  • BREAKING: Rework parser diagnostics around a smaller, higher-value built-in error set. collect_errors=True and strict=True still surface parser problems, but callers should expect different error codes, counts, locations, and ordering than the old tokenizer/tree-builder pipeline.

Performance

  • Deliver roughly a 2x parsing speedup from the new fused engine while preserving browser-style HTML5 recovery behavior. The hot path now avoids the old tokenizer-to-treebuilder handoff, compiles default sanitizer decisions into parser tag actions, and scans projected attributes directly while parsing.

Fixed

  • Preserve HTML5 tree-construction behavior across foreign-content integration points, select/table recovery, framesets, plaintext formatting reconstruction, form-pointer handling, malformed comments, foreign attribute parsing, adoption-agency edge cases, and scope-repair bugs found through Chromium and html5lib differentials.
  • Stabilize sanitization of malformed foreign-namespace rawtext structures so trailing HTML cannot be exposed by mutation-XSS reparsing.

Breaking

  • BREAKING: Error collection is no longer a compatibility surface for the legacy parser internals. Applications that assert on the exact contents of doc.errors, or on the specific exception details raised by strict=True, must update to the new diagnostic model. Other users should not need API changes for this release.

Release v2.4.1

Fixed

  • Prevent the leading-line-feed exception for <pre>, <listing>, and <textarea> from leaking past intervening non-character tokens and removing a later newline.
  • Apply paragraph closing and leading-line-feed handling to <pre> and <listing> inside customizable <select> content.
  • Preserve U+000C FORM FEED in HTML text like browsers do, while retaining its intentional conversion to a space in XML-coercion mode.

Release v2.4.0

Fixed

  • Handle <hr> using the HTML in-body void-element rules in delegated insertion modes, preserving following content in table cells and captions, closing open paragraphs, and acknowledging self-closing syntax.

Release v2.3.0

Fixed

  • Preserve pretty-printed paragraph line breaks when sanitization is disabled and comments are present in block containers.

Performance

  • Speed up tree construction scope checks by tracking open elements for common scoped element names.

Changed

  • Refactor tree-builder open-element bookkeeping and active-formatting entries without changing the public API.
Changelog

Sourced from justhtml's changelog.

[3.0.0] - 2026-06-21

JustHTML 3.0.0 ships a new parser core. The old tokenizer and tree-builder are now one integrated system, which makes the parser much faster while keeping browser-style HTML5 recovery and default-safe behavior intact. In practice, this release is mainly about getting materially better performance without asking most users to change how they use the library.

The breaking part is narrow: if you do not depend on doc.errors or on the exact diagnostic details raised by strict=True, this release should behave like a faster, more robust JustHTML. If you do depend on parser diagnostics, expect different error codes, counts, locations, and ordering from the old implementation.

Changed

  • Replace the legacy tokenizer/tree-builder split with one plan-driven parser engine shared across sanitized, unsanitized, fragment, streaming, diagnostic, and source-location modes. This is a new parser architecture, not just an optimization pass: scanning, tree construction, and default-safe decisions now run as one coordinated system.
  • BREAKING: Rework parser diagnostics around a smaller, higher-value built-in error set. collect_errors=True and strict=True still surface parser problems, but callers should expect different error codes, counts, locations, and ordering than the old tokenizer/tree-builder pipeline.

Performance

  • Deliver roughly a 2x parsing speedup from the new fused engine while preserving browser-style HTML5 recovery behavior. The hot path now avoids the old tokenizer-to-treebuilder handoff, compiles default sanitizer decisions into parser tag actions, and scans projected attributes directly while parsing.

Fixed

  • Preserve HTML5 tree-construction behavior across foreign-content integration points, select/table recovery, framesets, plaintext formatting reconstruction, form-pointer handling, malformed comments, foreign attribute parsing, adoption-agency edge cases, and scope-repair bugs found through Chromium and html5lib differentials.
  • Stabilize sanitization of malformed foreign-namespace rawtext structures so trailing HTML cannot be exposed by mutation-XSS reparsing.

Breaking

  • BREAKING: Error collection is no longer a compatibility surface for the legacy parser internals. Applications that assert on the exact contents of doc.errors, or on the specific exception details raised by strict=True, must update to the new diagnostic model. Other users should not need API changes for this release.

[2.4.1] - 2026-06-21

Fixed

  • Prevent the leading-line-feed exception for <pre>, <listing>, and <textarea> from leaking past intervening non-character tokens and removing a later newline.
  • Apply paragraph closing and leading-line-feed handling to <pre> and <listing> inside customizable <select> content.
  • Preserve U+000C FORM FEED in HTML text like browsers do, while retaining its intentional conversion to a space in XML-coercion mode.

[2.4.0] - 2026-06-20

Fixed

  • Handle <hr> using the HTML in-body void-element rules in delegated insertion modes, preserving following content in table cells and captions, closing open paragraphs, and acknowledging self-closing syntax.

[2.3.0] - 2026-06-12

Fixed

  • Preserve pretty-printed paragraph line breaks when sanitization is disabled and comments are present in block containers.

Performance

  • Speed up tree construction scope checks by tracking open elements for common scoped element names.

Changed

  • Refactor tree-builder open-element bookkeeping and active-formatting entries without changing the public API.
Commits
  • 06e148f Release v3.0.0
  • d87bed8 Enhance parser based on Chromium differences to handle nested templates and i...
  • 341607e Update changelog for JustHTML 3.0.0 release, highlighting new parser core, pe...
  • 45a9ff8 Enhance parser to correctly handle <li> start tags before special elements an...
  • 0b83206 Enhance parser to handle incomplete DOCTYPE prefixes and improve attribute re...
  • dd7e917 Enhance parser to handle absent-digit numeric references and improve serializ...
  • 5c74e11 Enhance parser to handle null characters and carriage returns, improve test c...
  • fc77efd Preserve form feed in rewritten parser
  • 3d7c1af Refactor end tag handling logic and improve test cases for <pre> and <listing...
  • 378adb4 Refactor error handling tests and improve coverage
  • Additional commits viewable in compare view

Most Recent Ignore Conditions Applied to This Pull Request
Dependency Name Ignore Conditions
justhtml [>= 2.dev0, < 3]

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Note: Dependabot was ignoring updates to this dependency, but since you've updated it yourself we've started tracking it for you again. 🤖

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot
Bump justhtml from 2.2.0 to 3.0.0
896ed9e 
Bumps [justhtml](https://github.com/emilstenstrom/justhtml) from 2.2.0 to 3.0.0.
- [Release notes](https://github.com/emilstenstrom/justhtml/releases)
- [Changelog](https://github.com/EmilStenstrom/justhtml/blob/main/CHANGELOG.md)
- [Commits](EmilStenstrom/justhtml@v2.2.0...v3.0.0)

---
updated-dependencies:
- dependency-name: justhtml
  dependency-version: 3.0.0
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file python:uv Pull requests that update python:uv code labels Jun 22, 2026
@escattone

escattone commented Jun 22, 2026

Copy link
Copy Markdown
Contributor

@dependabot ignore this major version

@dependabot dependabot Bot closed this Jun 22, 2026
@dependabot @github

dependabot Bot commented on behalf of github Jun 22, 2026

Copy link
Copy Markdown
Contributor Author

OK, I won't notify you about version 3.x.x again, unless you re-open this PR.

@dependabot dependabot Bot deleted the dependabot/uv/justhtml-3.0.0 branch June 22, 2026 23:09
@escattone escattone mentioned this pull request Jun 22, 2026
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file python:uv Pull requests that update python:uv code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@escattone