Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

support bleach 5, add packaging and tinycss2 dependencies #1755

Merged
merged 5 commits into from Apr 8, 2022

Conversation

bollwyvl
Copy link
Contributor

@bollwyvl bollwyvl commented Apr 7, 2022

References

Code Changes

  • add dependency on packaging, which was previously being provided by bleach
    • it's better if we can support bleach 4 and 5
  • add dependency on tinycss2
    • it has a rather tight pin upstream, but is hidden behind an [extra], sigh
  • sort dependencies
  • add compatibility for bleach 5 with tinycss2
    • fallback to bleach 4, with deprecation warning
      • fallback with to no CSS santizaton, with user warning

Alternatives

  • pin to bleach<5 (not great, because security-related)
  • pin to bleach>=5 (not terrible)

@bollwyvl bollwyvl marked this pull request as ready for review April 7, 2022 19:01
@bollwyvl bollwyvl changed the title add packaging dependency support bleach 5, add packaginga and tinycss2 dependencies Apr 7, 2022
@bollwyvl bollwyvl changed the title support bleach 5, add packaginga and tinycss2 dependencies support bleach 5, add packaging and tinycss2 dependencies Apr 7, 2022
Copy link
Member

@blink1073 blink1073 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks!

@blink1073 blink1073 merged commit c53c97c into jupyter:main Apr 8, 2022
@s-weigand
Copy link

s-weigand commented Apr 9, 2022

Any chance that there will be a release with this fix in it soon? ❤
Currently, the missing packaging dependency is breaking my pre-commit hook.

@blink1073
Copy link
Member

I plan to make a release on Monday.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

None yet

3 participants