CVS commit: pkgsrc/www/py-bleach

["Adam Ciarcinski" <adam%netbsd.org@localhost>]

Module Name:    pkgsrc
Committed By:   adam
Date:           Thu Jun 11 13:17:07 UTC 2026

Modified Files:
        pkgsrc/www/py-bleach: Makefile distinfo

Log Message:
py-bleach: updated to 6.4.0

Version 6.4.0 (June 5th, 2026)

**NOTE: 2026-06-05: Bleach is no longer maintained. There will be no future
releases including for security issues.**
See issue: `<https://github.com/mozilla/bleach/issues/698>`__

**Backwards incompatible changes**

* Dropped support for pypy 3.10.

**Security fixes**

* Fix bug 2023812 / GHSA-8rfp-98v4-mmr6.

  Fix XSS issue with sanitize_uri_value where disallowed schemes with
  Unicode invisible characters wouldn't be rejected.

  For example::

    import bleach
    payload1 = '<a href="javascript\u200b:alert(document.cookie)">Click</a>'
    result1 = bleach.clean(payload1)
    print(repr(result1))

  outputs::

    '<a href="javascript\u200b:alert(document.cookie)">Click</a>'

  See the advisory for details.

* Fix GHSA-gj48-438w-jh9v.

  Fix issue where URI sanitization wasn't happening in formaction attributes.

  See the advisory for details.

**Bug fixes**

* Add support for pypy 3.11.

* Drop version max in tinycss2 pin.

  This removes one of the things we had to keep checking and updating. Users
  now own the responsibility for correctness with the version of tinycss2
  they're using.


To generate a diff of this commit:
cvs rdiff -u -r1.33 -r1.34 pkgsrc/www/py-bleach/Makefile
cvs rdiff -u -r1.24 -r1.25 pkgsrc/www/py-bleach/distinfo

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: pkgsrc/www/py-bleach/Makefile
diff -u pkgsrc/www/py-bleach/Makefile:1.33 pkgsrc/www/py-bleach/Makefile:1.34
--- pkgsrc/www/py-bleach/Makefile:1.33  Wed Oct 29 09:21:57 2025
+++ pkgsrc/www/py-bleach/Makefile       Thu Jun 11 13:17:07 2026
@@ -1,6 +1,6 @@
-# $NetBSD: Makefile,v 1.33 2025/10/29 09:21:57 adam Exp $
+# $NetBSD: Makefile,v 1.34 2026/06/11 13:17:07 adam Exp $
 
-DISTNAME=      bleach-6.3.0
+DISTNAME=      bleach-6.4.0
 PKGNAME=       ${PYPKGPREFIX}-${DISTNAME}
 CATEGORIES=    www python
 MASTER_SITES=  ${MASTER_SITE_PYPI:=b/bleach/}

Index: pkgsrc/www/py-bleach/distinfo
diff -u pkgsrc/www/py-bleach/distinfo:1.24 pkgsrc/www/py-bleach/distinfo:1.25
--- pkgsrc/www/py-bleach/distinfo:1.24  Wed Oct 29 09:21:57 2025
+++ pkgsrc/www/py-bleach/distinfo       Thu Jun 11 13:17:07 2026
@@ -1,5 +1,5 @@
-$NetBSD: distinfo,v 1.24 2025/10/29 09:21:57 adam Exp $
+$NetBSD: distinfo,v 1.25 2026/06/11 13:17:07 adam Exp $
 
-BLAKE2s (bleach-6.3.0.tar.gz) = 0366d2efdb9b02babef564e237c97e94889283474fda530725eaecfa7be2c12e
-SHA512 (bleach-6.3.0.tar.gz) = 8ebf85f78f7daae90db91e54f368fcc36dde8d93f04cbe469e861d76c55c52d147e756a9d0198e01b3cd93aca966fdaf4d5d35bd2ed3c731e772ed67d5d484a3
-Size (bleach-6.3.0.tar.gz) = 203533 bytes
+BLAKE2s (bleach-6.4.0.tar.gz) = 1e52e077ef407cb0a3f99b2dc8837763f368aa7ba6499158a5b0ad90bb7f6676
+SHA512 (bleach-6.4.0.tar.gz) = 3d60b3a96b41d574bb5318bfe7d28e1db94c38d4635b9b46c5d7b4ebd462244b4f424c70ea7b7882aeeabcce7bddae8e14c395455b0eaaff5b377cfd9a1c4198
+Size (bleach-6.4.0.tar.gz) = 204857 bytes