# HG changeset patch
# User Mads Kiilerich <mads@kiilerich.com>
# Date 1585242772 -3600
# Node ID e965ff6f8cb3d90be040fa4d17c7a750654d00f0
# Parent  86f22a1fe48ca12d4dc540ce5edda95c655d5968
setup: avoid bleach 3.1.4 for now - it seems to deliberately cause regressions

See https://github.com/mozilla/bleach/blob/master/CHANGES and
https://github.com/mozilla/bleach/commit/d6018f2539d271963c3e7f54f36ef11900363c69
... which adds xfails for use cases similar to how we use bleach.

It would completely remove style attributes instead of dropping bad parts of
them, as shown by the markup_renderer.py doctest it made fail:

    >>> MarkupRenderer.render('''<img id="a" style="margin-top:-1000px;color:red" src="http://example.com/test.jpg">''', '.md')
  Expected:
    '<p><img id="a" src="http://example.com/test.jpg" style="color: red;"></p>'
  Got:
    '<p><img id="a" src="http://example.com/test.jpg" style=""></p>'

Until a better solution is found, stick to 3.1.3 and accept the potential
ReDoS.

diff -r 86f22a1fe48c -r e965ff6f8cb3 setup.py
--- a/setup.py	Thu Mar 26 17:35:43 2020 +0100
+++ b/setup.py	Thu Mar 26 18:12:52 2020 +0100
@@ -66,7 +66,7 @@
     "mercurial >= 5.2, < 5.4",
     "decorator >= 4.2.1, < 4.5",
     "Paste >= 2.0.3, < 3.4",
-    "bleach >= 3.0, < 3.2",
+    "bleach >= 3.0, < 3.1.4",
     "Click >= 7.0, < 8",
     "ipaddr >= 2.2.0, < 2.3",
     "paginate >= 0.5, < 0.6",