Skip to content

fix(deps): update dependency bleach to v6

renovate requested to merge renovate/bleach-6.x into master

This MR contains the following updates:

Package Change Age Adoption Passing Confidence
bleach ^5.0.0 -> ^6.0.0 age adoption passing confidence

Release Notes

mozilla/bleach

v6.0.0

Compare Source

Backwards incompatible changes

  • bleach.clean, bleach.sanitizer.Cleaner, bleach.html5lib_shim.BleachHTMLParser: the tags and protocols arguments were changed from lists to sets.

    Old pre-6.0.0:

    .. code-block:: python

    bleach.clean( "some text", tags=["a", "p", "img"],

^ ^ list

     protocols=["http", "https"],

^ ^ list

 )

New 6.0.0 and later:

.. code-block:: python

 bleach.clean(
     "some text",
     tags={"a", "p", "img"},

^ ^ set

     protocols={"http", "https"},

^ ^ set

 )
  • bleach.linkify, bleach.linkifier.Linker: the skip_tags and recognized_tags arguments were changed from lists to sets.

    Old pre-6.0.0:

    .. code-block:: python

    bleach.linkify( "some text", skip_tags=["pre"],

^ ^ list

 )

 linker = Linker(
     skip_tags=["pre"],

^ ^ list

     recognized_tags=html5lib_shim.HTML_TAGS + ["custom-element"],

^ ^ ^ list

|

| list concatenation

 )

New 6.0.0 and later:

.. code-block:: python

 bleach.linkify(
     "some text",
     skip_tags={"pre"},

^ ^ set

 )

 linker = Linker(
     skip_tags={"pre"},

^ ^ set

     recognized_tags=html5lib_shim.HTML_TAGS | {"custom-element"},

^ ^ ^ set

|

| union operator

 )
  • bleach.sanitizer.BleachSanitizerFilter: strip_allowed_elements is now strip_allowed_tags. We now use "tags" everywhere rather than a mishmash of "tags" in some places and "elements" in others.

Security fixes

None

Bug fixes

  • Add support for Python 3.11. (#​675)

  • Fix API weirness in BleachSanitizerFilter. (#​649)

    We're using "tags" instead of "elements" everywhere--no more weird overloading of "elements" anymore.

    Also, it no longer calls the superclass constructor.

  • Add warning when css_sanitizer isn't set, but the style attribute is allowed. (#​676)

  • Fix linkify handling of character entities. (#​501)

  • Rework dev dependencies to use requirements-dev.txt and requirements-flake8.txt instead of extras.

  • Fix project infrastructure to be tox-based so it's easier to have CI run the same things we're running in development and with flake8 in an isolated environment.

  • Update action versions in CI.

  • Switch to f-strings where possible. Make tests parametrized to be easier to read/maintain.


Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever MR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this MR and you won't be reminded about this update again.


  • If you want to rebase/retry this MR, click this checkbox.

This MR has been generated by Renovate Bot.

Merge request reports