openSUSE Build Service

Ana Guerrero (anag+factory) accepted request 1120892 from

Dirk Mueller (dirkmueller) 6 months ago (revision 20)

- update to 6.1.0:
  * Dropped support for Python 3.7.
  * Add support for Python 3.12.
  * Fix linkify with arrays in querystring
  * Handle more cases with < followed by character data
  * Fix entities inside a tags in linkification
  * Update cap for tinycss2 to <1.3
  * Updated Sphinx requirement
  * Add dependabot for github actions and update github actions

- Update to V3.1.1: Security update for CVE-2020-6802
  * CVE-2020-6802: Fixed mutation XSS vulnerabilities (bsc#1165303).

Dominique Leuenberger (dimstar_suse) accepted request 1096012 from

Matej Cepl (mcepl) 10 months ago (revision 19)

Dominique Leuenberger (dimstar_suse) accepted request 1085516 from

Daniel Garcia (dgarcia) 12 months ago (revision 18)

- Update to 6.0.0:
  * bleach.clean, bleach.sanitizer.Cleaner,
    bleach.html5lib_shim.BleachHTMLParser: the tags and protocols
    arguments were changed from lists to sets.
  * bleach.linkify, bleach.linkifier.Linker: the skip_tags and
    recognized_tags arguments were changed from lists to sets.
  * bleach.sanitizer.BleachSanitizerFilter: strip_allowed_elements is
    now strip_allowed_tags. We now use “tags” everywhere rather than a
    mishmash of “tags” in some places and “elements” in others.
  # Bug fixes
  * Add support for Python 3.11. (#675)
  * Fix API weirness in BleachSanitizerFilter. (#649)
  * We’re using “tags” instead of “elements” everywhere–no more weird
    overloading of “elements” anymore.
  * Also, it no longer calls the superclass constructor.
  * Add warning when css_sanitizer isn’t set, but the style attribute
    is allowed. (#676)
  * Fix linkify handling of character entities. (#501)
  * Rework dev dependencies to use requirements-dev.txt and
    requirements-flake8.txt instead of extras.
  * Fix project infrastructure to be tox-based so it’s easier to have
    CI run the same things we’re running in development and with
    flake8 in an isolated environment.
  * Update action versions in CI.
  * Switch to f-strings where possible. Make tests parametrized to be
    easier to read/maintain.

Dominique Leuenberger (dimstar_suse) accepted request 1081979 from

Dirk Mueller (dirkmueller) about 1 year ago (revision 17)

Dominique Leuenberger (dimstar_suse) accepted request 1074154 from

Daniel Garcia (dgarcia) about 1 year ago (revision 16)

- Remove not needed dependency python-packaging

Dominique Leuenberger (dimstar_suse) accepted request 1033010 from

Daniel Garcia (dgarcia) over 1 year ago (revision 15)

- Remove not needed python-six dependency
- Remove python_module macro definition
- More specific python_sitelib in files

Richard Brown (RBrownFactory) accepted request 1006839 from

Steve Kowalik (StevenK) over 1 year ago (revision 14)

- Update to 5.0.1:
  * Add missing comma to tinycss2 require. Thank you, @shadchin!
  * Add url parse tests based on wpt url tests. (#688)
  * Support scheme-less urls if "https" is in allow list. (#662)
  * Handle escaping ``<`` in edge cases where it doesn't start a tag. (#544)
  * Correctly urlencode email address parts. Thank you, @larseggert! (#659)
  * ``clean`` and ``linkify`` now preserve the order of HTML attributes.
  * Drop support for Python 3.6. Thank you, @hugovk! (#629)
  * CSS sanitization in style tags is completely different now.
  * Python 3.9 support
  * Drop support for unsupported Python versions <3.6. (#520)
  * add more tests for CVE-2021-23980 / GHSA-vv2x-vrpj-qqpq
- Refresh de-vendor.patch, and convert to patch level 1

Dominique Leuenberger (dimstar_suse) accepted request 884911 from

Matej Cepl (mcepl) about 3 years ago (revision 13)

Dominique Leuenberger (dimstar_suse) accepted request 830713 from

Tomáš Chvátal (scarabeus_iv) over 3 years ago (revision 12)

- Skip tests that fail with html5lib 1.1 ref the upstream ticket

  * replace missing ``setuptools`` dependency with ``packaging``. Thank you Benjamin Peterson.

Dominique Leuenberger (dimstar_suse) accepted request 800583 from

Tomáš Chvátal (scarabeus_iv) almost 4 years ago (revision 11)

- Update to 3.1.5:
  * * replace missing ``setuptools`` dependency with ``packaging``. Thank you Benjamin Peterson.

Dominique Leuenberger (dimstar_suse) accepted request 790549 from

Dirk Mueller (dirkmueller) about 4 years ago (revision 10)

- update to 3.1.4 (bsc#1168280, CVE-2020-6817):
  * ``bleach.clean`` behavior parsing style attributes could result in a
    regular expression denial of service (ReDoS).
    Calls to ``bleach.clean`` with an allowed tag with an allowed
    ``style`` attribute were vulnerable to ReDoS. For example,
    ``bleach.clean(..., attributes={'a': ['style']})``.
  * Style attributes with dashes, or single or double quoted values are
    cleaned instead of passed through.

- update to 3.1.3 (bsc#1167379, CVE-2020-6816):

Dominique Leuenberger (dimstar_suse) accepted request 787398 from

Dirk Mueller (dirkmueller) about 4 years ago (revision 9)

- update to 3.1.3 (bsc#1167379):
  * Add relative link to code of conduct. (#442)
  * Drop deprecated 'setup.py test' support. (#507)
  * Fix typo: curren -> current in tests/test_clean.py (#504)
  * Test on PyPy 7
  * Drop test support for end of life Python 3.4
  * ``bleach.clean`` behavior parsing embedded MathML and SVG content
    with RCDATA tags did not match browser behavior and could result in
    a mutation XSS.
    Calls to ``bleach.clean`` with ``strip=False`` and ``math`` or
    ``svg`` tags and one or more of the RCDATA tags ``script``,
    ``noscript``, ``style``, ``noframes``, ``iframe``, ``noembed``, or
    ``xmp`` in the allowed tags whitelist were vulnerable to a mutation
    XSS.
    This security issue was confirmed in Bleach version v3.1.1. Earlier
    versions are likely affected too.

Dominique Leuenberger (dimstar_suse) accepted request 780475 from

Tomáš Chvátal (scarabeus_iv) about 4 years ago (revision 8)

Dominique Leuenberger (dimstar_suse) accepted request 717075 from

Tomáš Chvátal (scarabeus_iv) almost 5 years ago (revision 7)

- Restrict pytest to <5.0; upstream has an issue already reported

Dominique Leuenberger (dimstar_suse) accepted request 681085 from

Tomáš Chvátal (scarabeus_iv) about 5 years ago (revision 6)

Dominique Leuenberger (dimstar_suse) accepted request 655395 from

Todd R (TheBlackCat) over 5 years ago (revision 5)

Dominique Leuenberger (dimstar_suse) accepted request 589030 from

Tomáš Chvátal (scarabeus_iv) about 6 years ago (revision 4)

Dominique Leuenberger (dimstar_suse) accepted request 555534 from

Tomáš Chvátal (scarabeus_iv) over 6 years ago (revision 3)

Dominique Leuenberger (dimstar_suse) accepted request 541217 from

Dirk Mueller (dirkmueller) over 6 years ago (revision 2)

Dominique Leuenberger (dimstar_suse) accepted request 493464 from

Todd R (TheBlackCat) almost 7 years ago (revision 1)

Needed by python-jupyter_nbconvert, which is already in openSUSE:Factory.

Browse Source

Places

Revisions of python-bleach

Places