Skip to content

refactor(backend): replace bleach with nh3 and bump weasy#11655

Merged
SchrodingersGat merged 8 commits intoinventree:masterfrom
matmair:copilot/replace-bleach-with-nh3
Apr 2, 2026
Merged

refactor(backend): replace bleach with nh3 and bump weasy#11655
SchrodingersGat merged 8 commits intoinventree:masterfrom
matmair:copilot/replace-bleach-with-nh3

Conversation

@matmair
Copy link
Copy Markdown
Member

@matmair matmair commented Apr 1, 2026
edited
Loading

Most work done by AI: Github Copilot (claude sonnet 4.6)

weasyprint has some issues and we need to bump, but we can not upgrade due to complex dependencies between weasyprint and bleach (via some transitive deps); so our usage of bleach needs to be replaced by something - in this case nh3 which seems to be what most users of bleach switched to

Replaces #11415
Fixes https://github.com/inventree/InvenTree/security/dependabot/301

@matmair matmair added this to the 1.3.0 milestone Apr 1, 2026
@matmair matmair self-assigned this Apr 1, 2026
@matmair matmair requested a review from SchrodingersGat as a code owner April 1, 2026 19:16
@matmair matmair added refactor full-run Always do a full QC CI run labels Apr 1, 2026
@netlify
Copy link
Copy Markdown

netlify bot commented Apr 1, 2026
edited
Loading

Deploy Preview for inventree-web-pui-preview ready!

Name Link
🔨 Latest commit 83408e7
🔍 Latest deploy log https://app.netlify.com/projects/inventree-web-pui-preview/deploys/69cd6f261d08f900080e41d7
😎 Deploy Preview https://deploy-preview-11655--inventree-web-pui-preview.netlify.app
📱 Preview on mobile
Toggle QR Code...

QR Code

Use your smartphone camera to open QR code link.
Lighthouse
Lighthouse		 1 paths audited
Performance: 93 (🟢 up 1 from production)
Accessibility: 81 (no change from production)
Best Practices: 100 (no change from production)
SEO: 78 (no change from production)
PWA: -
View the detailed breakdown and full score reports

To edit notification comments on pull requests, go to your Netlify project configuration.

@codecov
Copy link
Copy Markdown

codecov bot commented Apr 1, 2026
edited
Loading

Codecov Report

❌ Patch coverage is 85.71429% with 3 lines in your changes missing coverage. Please review.
✅ Project coverage is 91.44%. Comparing base (c8bcb92) to head (fa82051).
⚠️ Report is 3 commits behind head on master.

Additional details and impacted files 
@@            Coverage Diff             @@
##           master   #11655      +/-   ##
==========================================
- Coverage   91.45%   91.44%   -0.01%     
==========================================
  Files         963      963              
  Lines       49836    49841       +5     
==========================================
+ Hits        45576    45578       +2     
- Misses       4260     4263       +3
Flag Coverage Δ
backend 89.25% <85.71%> (-0.01%) ⬇️
migrations 41.81% <42.85%> (-0.02%) ⬇️

Flags with carried forward coverage won't be shown. Click here to find out more.

Components Coverage Δ
Backend Apps 91.71% <100.00%> (ø)
Backend General 93.41% <ø> (ø)
Frontend ∅ <ø> (∅)
🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

@SchrodingersGat
Copy link
Copy Markdown
Member

SchrodingersGat commented Apr 2, 2026

@matmair nice work getting this sorted finally, as the tests are unchanged here, this looks good to me!

@SchrodingersGat SchrodingersGat merged commit 5d1cbf4 into inventree:master Apr 2, 2026
54 of 55 checks passed
@matmair matmair deleted the copilot/replace-bleach-with-nh3 branch April 7, 2026 23:31
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@SchrodingersGat SchrodingersGat SchrodingersGat approved these changes

Assignees

@matmair matmair

Labels

full-run Always do a full QC CI run refactor

Projects

None yet

Milestone

1.3.0

Development

Successfully merging this pull request may close these issues.

3 participants

@matmair @SchrodingersGat