Resolved #949. Updated bleach because it was horrendously out of date. This is basically a duplicate of #944 tbh but I had the opportunity to verify that pipenv really doesn't let you just update a single package without re-locking every single non-explicit dependency. So, there are some unrelated package upgrades here but those should just need upgrading once.
I was able to remove html5lib because it's only a dependency of the older bleach version. The newer version instead relies on webencodings.
I chose bleach to start because it is least risky; it's a pretty stable API historically and it is only used for cleaning markdown via the |markdown filter.
You can manually test that this doesn't suddenly die by visiting an event detail page and checking that its description renders properly.
Resolved #949. Updated bleach because it was horrendously out of date. This is basically a duplicate of #944 tbh but I had the opportunity to verify that pipenv really doesn't let you just update a single package without re-locking every single non-explicit dependency. So, there are some unrelated package upgrades here but those should just need upgrading once.
I was able to remove html5lib because it's only a dependency of the older bleach version. The newer version instead relies on webencodings.
I chose bleach to start because it is least risky; it's a pretty stable API historically and it is only used for cleaning markdown via the
|markdownfilter.You can manually test that this doesn't suddenly die by visiting an event detail page and checking that its description renders properly.