search

mozmeao / snippets-service

Service powering snippets on Firefox's about:home.
https://snippets.mozilla.com
Mozilla Public License 2.0
31 stars 36 forks source link

Bump bleach from 3.3.0 to 4.1.0 #1553

Closed dependabot[bot] closed 2 years ago

dependabot[bot] commented 2 years ago

Bumps bleach from 3.3.0 to 4.1.0.

Changelog

Sourced from bleach's changelog.

Version 4.1.0 (August 25th, 2021)

Features

  • Python 3.9 support

Bug fixes

  • Update sanitizer clean to use vendored 3.6.14 stdlib urllib.parse to fix test failures on Python 3.9 #536

Version 4.0.0 (August 3rd, 2021)

Backwards incompatible changes

  • Drop support for unsupported Python versions <3.6 #520

Security fixes

None

Features

Version 3.3.1 (July 14th, 2021)

Security fixes

None

Features

  • add more tests for CVE-2021-23980 / GHSA-vv2x-vrpj-qqpq
  • bump python version to 3.8 for tox doc, vendorverify, and lint targets
  • update bug report template tag
  • update vendorverify script to detect and fail when extra files are vendored
  • update release process docs to check vendorverify passes locally

Bug fixes

  • remove extra vendored django present in the v3.3.0 whl #595
  • duplicate h1 header doc fix (thanks Nguyễn Gia Phong / @​McSinyx!)
Commits
  • e4718bd Merge pull request #565 from mozilla/fix-536-3.9-urlparse-changes
  • 931b24e Update for v4.1.0 release
  • 1033d4d sanitizer: use urlparse from vendored CPython 3.6.14 urllib.parse
  • 9023f7f vendor: add Python 3.6.14 urllib.parse
  • b04b95e user vendor install script in vendor verify
  • 4f0cebb vendor: rename install script
  • 7838d76 scripts: black format and format-check for py36
  • 8a1ea67 ci: bump python to 3.9 for lint, vendorverify, and format-check jobs
  • 014d591 ci: test against python 3.9
  • 8445128 add black and mypy to dev requirements for cpython
  • Additional commits viewable in compare view


Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
dependabot[bot] commented 2 years ago

Looks like bleach is up-to-date now, so this is no longer needed.