Update dependency bleach to v6

[mend-for-github-com]

This PR contains the following updates:

Package	Update	Change
bleach	major	==3.3.0 -> ==6.1.0

---

Release Notes

mozilla/bleach (bleach)

v6.1.0

Compare Source

Backwards incompatible changes

• Dropped support for Python 3.7. (#​709)

Security fixes

None

Bug fixes

• Add support for Python 3.12. (#​710)
• Fix linkify with arrays in querystring (#​436)
• Handle more cases with < followed by character data (#​705)
• Fix entities inside a tags in linkification (#​704)
• Update cap for tinycss2 to <1.3 (#​702)
• Updated Sphinx requirement
• Add dependabot for github actions and update github actions

v6.0.0

Compare Source

Backwards incompatible changes

• bleach.clean, bleach.sanitizer.Cleaner,
  bleach.html5lib_shim.BleachHTMLParser: the tags and protocols
  arguments were changed from lists to sets.

  Old pre-6.0.0:

  .. code-block:: python

  bleach.clean(
  "some text",
  tags=["a", "p", "img"],

^ ^ list

     protocols=["http", "https"],

^ ^ list

 )

New 6.0.0 and later:

.. code-block:: python

 bleach.clean(
     "some text",
     tags={"a", "p", "img"},

^ ^ set

     protocols={"http", "https"},

^ ^ set

 )

• bleach.linkify, bleach.linkifier.Linker: the skip_tags and
  recognized_tags arguments were changed from lists to sets.

  Old pre-6.0.0:

  .. code-block:: python

  bleach.linkify(
  "some text",
  skip_tags=["pre"],

^ ^ list

 )

 linker = Linker(
     skip_tags=["pre"],

^ ^ list

     recognized_tags=html5lib_shim.HTML_TAGS + ["custom-element"],

^ ^ ^ list

|

| list concatenation

 )

New 6.0.0 and later:

.. code-block:: python

 bleach.linkify(
     "some text",
     skip_tags={"pre"},

^ ^ set

 )

 linker = Linker(
     skip_tags={"pre"},

^ ^ set

     recognized_tags=html5lib_shim.HTML_TAGS | {"custom-element"},

^ ^ ^ set

|

| union operator

 )

• bleach.sanitizer.BleachSanitizerFilter: strip_allowed_elements is now
  strip_allowed_tags. We now use "tags" everywhere rather than a mishmash
  of "tags" in some places and "elements" in others.

Security fixes

None

Bug fixes

• Add support for Python 3.11. (#​675)

• Fix API weirness in BleachSanitizerFilter. (#​649)

  We're using "tags" instead of "elements" everywhere--no more weird
  overloading of "elements" anymore.

  Also, it no longer calls the superclass constructor.

• Add warning when css_sanitizer isn't set, but the style
  attribute is allowed. (#​676)

• Fix linkify handling of character entities. (#​501)

• Rework dev dependencies to use requirements-dev.txt and
  requirements-flake8.txt instead of extras.

• Fix project infrastructure to be tox-based so it's easier to have CI
  run the same things we're running in development and with flake8
  in an isolated environment.

• Update action versions in CI.

• Switch to f-strings where possible. Make tests parametrized to be
  easier to read/maintain.

v5.0.1

Compare Source

Security fixes

None

Bug fixes

• Add missing comma to tinycss2 require. Thank you, @​shadchin!

• Add url parse tests based on wpt url tests. (#​688)

• Support scheme-less urls if "https" is in allow list. (#​662)

• Handle escaping < in edge cases where it doesn't start a tag. (#​544)

• Fix reference warnings in docs. (#​660)

• Correctly urlencode email address parts. Thank you, @​larseggert! (#​659)

v5.0.0

Compare Source

Backwards incompatible changes

• clean and linkify now preserve the order of HTML attributes. Thank
  you, @​askoretskly! (#​566)

• Drop support for Python 3.6. Thank you, @​hugovk! (#​629)

• CSS sanitization in style tags is completely different now. If you're using
  Bleach clean to sanitize css in style tags, you'll need to update your
  code and you'll need to install the css extras::

  pip install 'bleach[css]'
  

  See the documentation on sanitizing CSS for how to do it <https://bleach.readthedocs.io/en/latest/clean.html#sanitizing-css>_. (#​633)

Security fixes

None

Bug fixes

• Rework dev dependencies. We no longer have
  requirements-dev.in/requirements-dev.txt. Instead, we're using
  dev extras.

  See development docs <https://bleach.readthedocs.io/en/latest/dev.html>_
  for more details. (#​620)

• Add newline when dropping block-level tags. Thank you, @​jvanasco! (#​369)

v4.1.0

Compare Source

Features

• Python 3.9 support

Security fixes

None

Bug fixes

• Update sanitizer clean to use vendored 3.6.14 stdlib urllib.parse to
  fix test failures on Python 3.9. (#​536)

v4.0.0

Compare Source

Backwards incompatible changes

• Drop support for unsupported Python versions <3.6. (#​520)

Security fixes

None

Features

• fix attribute name in the linkify docs (thanks @​CheesyFeet!)

v3.3.1

Compare Source

Security fixes

None

Features

• add more tests for CVE-2021-23980 / GHSA-vv2x-vrpj-qqpq
• bump python version to 3.8 for tox doc, vendorverify, and lint targets
• update bug report template tag
• update vendorverify script to detect and fail when extra files are vendored
• update release process docs to check vendorverify passes locally

Bug fixes

• remove extra vendored django present in the v3.3.0 whl (#​595)
• duplicate h1 header doc fix (thanks Nguyễn Gia Phong / @​McSinyx!)

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box