Closed dependabot[bot] closed 4 years ago
Merging #35 into master will not change coverage. The diff coverage is
n/a
.
@@ Coverage Diff @@
## master #35 +/- ##
=====================================
Coverage 100% 100%
=====================================
Files 4 4
Lines 164 164
=====================================
Hits 164 164
Continue to review full report at Codecov.
Legend - Click here to learn more
Δ = absolute <relative> (impact)
,ø = not affected
,? = missing data
Powered by Codecov. Last update 603cd23...7788f27. Read the comment docs.
Looks like bleach is up-to-date now, so this is no longer needed.
Bumps bleach from 3.1.0 to 3.1.1.
Changelog
*Sourced from [bleach's changelog](https://github.com/mozilla/bleach/blob/master/CHANGES).* > Version 3.1.1 (February 13th, 2020) > ----------------------------------- > > **Security fixes** > > * ``bleach.clean`` behavior parsing ``noscript`` tags did not match > browser behavior. > > Calls to ``bleach.clean`` allowing ``noscript`` and one or more of > the raw text tags (``title``, ``textarea``, ``script``, ``style``, > ``noembed``, ``noframes``, ``iframe``, and ``xmp``) were vulnerable > to a mutation XSS. > > This security issue was confirmed in Bleach versions v2.1.4, v3.0.2, > and v3.1.0. Earlier versions are probably affected too. > > Anyone using Bleach <=v3.1.0 is highly encouraged to upgrade. > > https://bugzilla.mozilla.org/show_bug.cgi?id=1615315 > > **Backwards incompatible changes** > > None > > **Features** > > None > > **Bug fixes** > > None > > Bleach changes > ==============Commits
- [`0d88dd8`](https://github.com/mozilla/bleach/commit/0d88dd83e425c4ba381d5b83fe61bfae5bbbd627) Update for v3.1.1 release - [`996cde7`](https://github.com/mozilla/bleach/commit/996cde7a2439a2323f9c4b2567c8b8449d393351) fix bug 1615315 - See full diff in [compare view](https://github.com/mozilla/bleach/compare/v3.1.0...v3.1.1)Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase
.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) - `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language - `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language - `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language - `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/billdeitrick/pypco/network/alerts).