waqasbhatti / cdips-pipeline

Port of the HATPI pipeline for CDIPS Project TESS image-subtraction reductions
MIT License
0 stars 3 forks source link

build(deps): bump bleach from 2.1.2 to 2.1.3 #6

Closed dependabot[bot] closed 5 years ago

dependabot[bot] commented 5 years ago

Bumps bleach from 2.1.2 to 2.1.3.

Changelog *Sourced from [bleach's changelog](https://github.com/mozilla/bleach/blob/master/CHANGES).* > Version 2.1.3 (March 5th, 2018) > ------------------------------- > > **Security fixes** > > * Attributes that have URI values weren't properly sanitized if the > values contained character entities. Using character entities, it > was possible to construct a URI value with a scheme that was not > allowed that would slide through unsanitized. > > This security issue was introduced in Bleach 2.1. Anyone using > Bleach 2.1 is highly encouraged to upgrade. > > https://bugzilla.mozilla.org/show_bug.cgi?id=1442745 > > **Backwards incompatible changes** > > None > > **Features** > > None > > **Bug fixes** > > * Fixed some other edge cases for attribute URI value sanitizing and > improved testing of this code.
Commits - [`9584f42`](https://github.com/mozilla/bleach/commit/9584f42051c0039cb0f27a617e8ab3e945018cc6) Prep for 2.1.3 release - [`c5df578`](https://github.com/mozilla/bleach/commit/c5df5789ec3471a31311f42c2d19fc2cf21b35ef) Merge pull request [#356](https://github-redirect.dependabot.com/mozilla/bleach/issues/356) from willkg/fix-entities - [`61bf0e6`](https://github.com/mozilla/bleach/commit/61bf0e6db3bdce6294633555e08dd061af465c3c) Fix errant comment - [`73dfef1`](https://github.com/mozilla/bleach/commit/73dfef1d3b96c2e432660d8d2f2e9d0eaa230e36) Fix url sanitizing - [`e7f83b8`](https://github.com/mozilla/bleach/commit/e7f83b82b023e4956f99e9316fc7a621f6f507af) Merge pull request [#355](https://github-redirect.dependabot.com/mozilla/bleach/issues/355) from willkg/fix-test-data - [`d580f0a`](https://github.com/mozilla/bleach/commit/d580f0abba6ae62da22e59be4355ea1d690eb1f5) Fix MANIFEST and data_to_json.py related to recent changes - [`c9fa0ed`](https://github.com/mozilla/bleach/commit/c9fa0ed2e688c1b93e74bffd688d3107d2d45fd7) Merge pull request [#354](https://github-redirect.dependabot.com/mozilla/bleach/issues/354) from willkg/more-test-cleanup - [`18ecceb`](https://github.com/mozilla/bleach/commit/18ecceb5f61896e1a88e8d965b1e61e860ded2a5) Correct a regression comment and fix a test I misunderstood - [`5882861`](https://github.com/mozilla/bleach/commit/588286152b0c24d2d2c9e68d4761c14f00ce88b6) Merge all the clean tests into one file and clean up - [`8f79858`](https://github.com/mozilla/bleach/commit/8f79858aededa7a130bfd3e9c856c15c6194d117) Merge pull request [#353](https://github-redirect.dependabot.com/mozilla/bleach/issues/353) from willkg/tests-cleanup - Additional commits viewable in [compare view](https://github.com/mozilla/bleach/compare/v2.1.2...v2.1.3)


Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot ignore this [patch|minor|major] version` will close this PR and stop Dependabot creating any more for this minor/major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) - `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language - `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language - `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language - `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/waqasbhatti/cdips-pipeline/network/alerts).