Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR contains the following updates:
==4.1.0
->==6.1.0
Release Notes
mozilla/bleach (bleach)
v6.1.0
Compare Source
Backwards incompatible changes
Security fixes
None
Bug fixes
v6.0.0
Compare Source
Backwards incompatible changes
bleach.clean
,bleach.sanitizer.Cleaner
,bleach.html5lib_shim.BleachHTMLParser
: thetags
andprotocols
arguments were changed from lists to sets.
Old pre-6.0.0:
.. code-block:: python
bleach.clean(
"some text",
tags=["a", "p", "img"],
^ ^ list
^ ^ list
New 6.0.0 and later:
.. code-block:: python
^ ^ set
^ ^ set
bleach.linkify
,bleach.linkifier.Linker
: theskip_tags
andrecognized_tags
arguments were changed from lists to sets.Old pre-6.0.0:
.. code-block:: python
bleach.linkify(
"some text",
skip_tags=["pre"],
^ ^ list
^ ^ list
^ ^ ^ list
|
| list concatenation
New 6.0.0 and later:
.. code-block:: python
^ ^ set
^ ^ set
^ ^ ^ set
|
| union operator
bleach.sanitizer.BleachSanitizerFilter
:strip_allowed_elements
is nowstrip_allowed_tags
. We now use "tags" everywhere rather than a mishmashof "tags" in some places and "elements" in others.
Security fixes
None
Bug fixes
Add support for Python 3.11. (#675)
Fix API weirness in
BleachSanitizerFilter
. (#649)We're using "tags" instead of "elements" everywhere--no more weird
overloading of "elements" anymore.
Also, it no longer calls the superclass constructor.
Add warning when
css_sanitizer
isn't set, but thestyle
attribute is allowed. (#676)
Fix linkify handling of character entities. (#501)
Rework dev dependencies to use
requirements-dev.txt
andrequirements-flake8.txt
instead of extras.Fix project infrastructure to be tox-based so it's easier to have CI
run the same things we're running in development and with flake8
in an isolated environment.
Update action versions in CI.
Switch to f-strings where possible. Make tests parametrized to be
easier to read/maintain.
v5.0.1
Compare Source
Security fixes
None
Bug fixes
Add missing comma to tinycss2 require. Thank you, @shadchin!
Add url parse tests based on wpt url tests. (#688)
Support scheme-less urls if "https" is in allow list. (#662)
Handle escaping
<
in edge cases where it doesn't start a tag. (#544)Fix reference warnings in docs. (#660)
Correctly urlencode email address parts. Thank you, @larseggert! (#659)
v5.0.0
Compare Source
Backwards incompatible changes
clean
andlinkify
now preserve the order of HTML attributes. Thankyou, @askoretskly! (#566)
Drop support for Python 3.6. Thank you, @hugovk! (#629)
CSS sanitization in style tags is completely different now. If you're using
Bleach
clean
to sanitize css in style tags, you'll need to update yourcode and you'll need to install the
css
extras::See
the documentation on sanitizing CSS for how to do it <https://bleach.readthedocs.io/en/latest/clean.html#sanitizing-css>
_. (#633)Security fixes
None
Bug fixes
Rework dev dependencies. We no longer have
requirements-dev.in
/requirements-dev.txt
. Instead, we're usingdev
extras.See
development docs <https://bleach.readthedocs.io/en/latest/dev.html>
_for more details. (#620)
Add newline when dropping block-level tags. Thank you, @jvanasco! (#369)
Configuration
📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR has been generated by Mend Renovate. View repository job log here.