Skip to content

Bump bleach from 6.2.0 to 6.3.0#2145

Open
dependabot[bot] wants to merge 14 commits into
masterfrom
dependabot/pip/bleach-6.3.0
Open

Bump bleach from 6.2.0 to 6.3.0#2145
dependabot[bot] wants to merge 14 commits into
masterfrom
dependabot/pip/bleach-6.3.0

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Mar 31, 2026
edited
Loading

Copy link
Copy Markdown
Contributor

Bumps bleach from 6.2.0 to 6.3.0.

Changelog

Sourced from bleach's changelog.

Version 6.3.0 (October 27th, 2025)

Backwards incompatible changes

  • Dropped support for Python 3.9. (#756)

Security fixes

None

Bug fixes

  • Add support for Python 3.14. (#758)
  • Fix wbr handling. (#488)
Commits
  • 5546d5d chore: prep for 6.3.0 release
  • 88df3ff chore: fix readthedocs
  • d8b2fb4 fix: fix wbr handling (#488)
  • 55e48ce chore: add support for Python 3.14 (#758)
  • a4d6cdd chore: drop support for Python 3.9 (#756)
  • 172d92f Bump actions/setup-python from 5.6.0 to 6.0.0
  • df88612 Bump actions/checkout from 4.2.2 to 5.0.0
  • cbcf6b1 Bump actions/cache from 4.2.3 to 4.3.0
  • d9aa7ef Switch from dependabot reviewers to CODEOWNERS
  • 06f0f76 Update setuptools, wheel, and twine for devs
  • Additional commits viewable in compare view

@dependabot
Bump apscheduler from 3.11.1 to 3.11.2
2e05ab0 
Bumps [apscheduler](https://github.com/agronholm/apscheduler) from 3.11.1 to 3.11.2.
- [Release notes](https://github.com/agronholm/apscheduler/releases)
- [Commits](agronholm/apscheduler@3.11.1...3.11.2)

---
updated-dependencies:
- dependency-name: apscheduler
  dependency-version: 3.11.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file python Pull requests that update Python code labels Mar 31, 2026
@codacy-production

codacy-production Bot commented Mar 31, 2026
edited
Loading

Copy link
Copy Markdown

Up to standards ✅

🟢 Issues 0 issues

Results:
0 new issues

View in Codacy

🟢 Metrics 0 complexity . 0 duplication

Metric Results
Complexity 0
Duplication 0

View in Codacy

TIP This summary will be updated as you push new changes. Give us feedback

Lionel Besson and others added 13 commits April 1, 2026 14:09
Mock navitia calls in tests
59b298e
Possibility to use devcontainer
f161b21
@lbesson
Mock navitia calls in unit tests
edeb464
@lbesson
Dev container configuration + README updates
85d3673
update pyjwt and move pyramid-jwtauth -> pyramid_jwt
9b1190e
security policy and token format
fe67d8c
secret key management
a1a0f91
@lbesson
update pyjwt and move pyramid-jwtauth -> pyramid_jwt
ff76695 
the jwt secret will now be read from docker-compose.yml (with fallback for local dev) to avoid having it in the repo code
@snyk-bot
fix: requirements.txt to reduce vulnerabilities
00f8271 
The following vulnerabilities are fixed by pinning transitive dependencies:
- https://snyk.io/vuln/SNYK-PYTHON-PYGMENTS-15746419
- https://snyk.io/vuln/SNYK-PYTHON-PYJWT-15518059
- https://snyk.io/vuln/SNYK-PYTHON-SETUPTOOLS-3180412
- https://snyk.io/vuln/SNYK-PYTHON-SETUPTOOLS-7448482
- https://snyk.io/vuln/SNYK-PYTHON-SETUPTOOLS-9964606
- https://snyk.io/vuln/SNYK-PYTHON-ZIPP-7430899
@snyk-bot
fix: requirements.txt to reduce vulnerabilities
f4aef6b 
The following vulnerabilities are fixed by pinning transitive dependencies:
- https://snyk.io/vuln/SNYK-PYTHON-PYGMENTS-15746419
- https://snyk.io/vuln/SNYK-PYTHON-PYJWT-15518059
- https://snyk.io/vuln/SNYK-PYTHON-SETUPTOOLS-3180412
- https://snyk.io/vuln/SNYK-PYTHON-SETUPTOOLS-7448482
- https://snyk.io/vuln/SNYK-PYTHON-SETUPTOOLS-9964606
- https://snyk.io/vuln/SNYK-PYTHON-ZIPP-7430899
@lbesson
Merge pull request #2150 from c2corg/snyk-fix-8e68d50373ed560f8586132…
cd90557 
…d7be448ca

[Snyk] Fix for 6 vulnerabilities
@lbesson
Merge pull request #2127 from c2corg/dependabot/pip/apscheduler-3.11.2
d110b59 
Bump apscheduler from 3.11.1 to 3.11.2
@dependabot
Bump bleach from 6.2.0 to 6.3.0
9de90e4 
Bumps [bleach](https://github.com/mozilla/bleach) from 6.2.0 to 6.3.0.
- [Changelog](https://github.com/mozilla/bleach/blob/main/CHANGES)
- [Commits](mozilla/bleach@v6.2.0...v6.3.0)

---
updated-dependencies:
- dependency-name: bleach
  dependency-version: 6.3.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot force-pushed the dependabot/pip/bleach-6.3.0 branch from fdf401b to 9de90e4 Compare April 1, 2026 16:06
@dependabot @github

dependabot Bot commented on behalf of github Jun 5, 2026

Copy link
Copy Markdown
Contributor Author

A newer version of bleach exists, but since this PR has been edited by someone other than Dependabot I haven't updated it. You'll get a PR for the updated version as normal once this PR is merged.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file python Pull requests that update Python code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@lbesson @snyk-bot