Changelog for
python39-bleach-6.0.0-49.1.noarch.rpm :
* Thu Jun 29 2023 Markéta Machová
- Add patch strip-spaces.patch (bsc#1212852)
* sent upstream: https://github.com/mozilla/bleach/pull/706
* Mon May 08 2023 Daniel Garcia - Update to 6.0.0:
* bleach.clean, bleach.sanitizer.Cleaner, bleach.html5lib_shim.BleachHTMLParser: the tags and protocols arguments were changed from lists to sets.
* bleach.linkify, bleach.linkifier.Linker: the skip_tags and recognized_tags arguments were changed from lists to sets.
* bleach.sanitizer.BleachSanitizerFilter: strip_allowed_elements is now strip_allowed_tags. We now use “tags” everywhere rather than a mishmash of “tags” in some places and “elements” in others. [#] Bug fixes
* Add support for Python 3.11. (#675)
* Fix API weirness in BleachSanitizerFilter. (#649)
* We’re using “tags” instead of “elements” everywhere–no more weird overloading of “elements” anymore.
* Also, it no longer calls the superclass constructor.
* Add warning when css_sanitizer isn’t set, but the style attribute is allowed. (#676)
* Fix linkify handling of character entities. (#501)
* Rework dev dependencies to use requirements-dev.txt and requirements-flake8.txt instead of extras.
* Fix project infrastructure to be tox-based so it’s easier to have CI run the same things we’re running in development and with flake8 in an isolated environment.
* Update action versions in CI.
* Switch to f-strings where possible. Make tests parametrized to be easier to read/maintain.
* Fri Apr 21 2023 Dirk Müller - add sle15_python_module_pythons (jsc#PED-68)
* Thu Apr 13 2023 Matej Cepl - Make calling of %{sle15modernpython} optional.
* Fri Mar 24 2023 Daniel Garcia - Remove not needed dependency python-packaging
* Thu Nov 03 2022 Daniel Garcia - Remove not needed python-six dependency- Remove python_module macro definition- More specific python_sitelib in files
* Thu Sep 29 2022 Steve Kowalik - Update to 5.0.1:
* Add missing comma to tinycss2 require. Thank you, AATTshadchin!
* Add url parse tests based on wpt url tests. (#688)
* Support scheme-less urls if \"https\" is in allow list. (#662)
* Handle escaping ``<`` in edge cases where it doesn\'t start a tag. (#544)
* Correctly urlencode email address parts. Thank you, AATTlarseggert! (#659)
* ``clean`` and ``linkify`` now preserve the order of HTML attributes.
* Drop support for Python 3.6. Thank you, AATThugovk! (#629)
* CSS sanitization in style tags is completely different now.
* Python 3.9 support
* Drop support for unsupported Python versions <3.6. (#520)
* add more tests for CVE-2021-23980 / GHSA-vv2x-vrpj-qqpq- Refresh de-vendor.patch, and convert to patch level 1
* Tue Apr 13 2021 Andreas Stieger - update to 3.3.0:
* Backwards incompatible change: clean escapes HTML comments even when strip_comments=False
* Fix CVE-2021-23980: mutation XSS on bleach.clean with specific combinations of allowed tags (boo#1184547)- includes changes from 3.2.3:
* fix clean and linkify raising ValueErrors for certain inputs- includes changes from 3.2.2:
* fix linkify raising an IndexError on certain inputs- includes changes from 3.2.1:
* change linkifier to add rel=\"nofollow\" as documented- includes changes from 3.2.0:
* html5lib dependency increased to 1.1.0
* Mon Aug 31 2020 Tomáš Chvátal - Skip tests that fail with html5lib 1.1 ref the upstream ticket
* Wed May 06 2020 Tomáš Chvátal - Update to 3.1.5:
* replace missing ``setuptools`` dependency with ``packaging``. Thank you Benjamin Peterson.
* Wed Apr 01 2020 Dirk Mueller - update to 3.1.4 (bsc#1168280, CVE-2020-6817):
* ``bleach.clean`` behavior parsing style attributes could result in a regular expression denial of service (ReDoS). Calls to ``bleach.clean`` with an allowed tag with an allowed ``style`` attribute were vulnerable to ReDoS. For example, ``bleach.clean(..., attributes={\'a\': [\'style\']})``.
* Style attributes with dashes, or single or double quoted values are cleaned instead of passed through.
* Mon Mar 23 2020 Dirk Mueller - update to 3.1.3 (bsc#1167379, CVE-2020-6816):
* Add relative link to code of conduct. (#442)
* Drop deprecated \'setup.py test\' support. (#507)
* Fix typo: curren -> current in tests/test_clean.py (#504)
* Test on PyPy 7
* Drop test support for end of life Python 3.4
* ``bleach.clean`` behavior parsing embedded MathML and SVG content with RCDATA tags did not match browser behavior and could result in a mutation XSS. Calls to ``bleach.clean`` with ``strip=False`` and ``math`` or ``svg`` tags and one or more of the RCDATA tags ``script``, ``noscript``, ``style``, ``noframes``, ``iframe``, ``noembed``, or ``xmp`` in the allowed tags whitelist were vulnerable to a mutation XSS.
* Fri Feb 28 2020 Alexandros Toptsoglou - Update to V3.1.1: Security update for CVE-2020-6802
* CVE-2020-6802: Fixed mutation XSS vulnerabilities (bsc#1165303).
* Wed Jan 08 2020 Matej Cepl - Switch off test_uri_value_allowed_protocols test to work around gh#mozilla/bleach#503.