security: fix bleach ReDOS security breach

Tests were broken because of a security breach in bleach <=3.1.3 * Fixes bleach version to upgrade to bleach >=3.1.4 Co-Authored-by: Olivier DOSSMANN <[email protected]>
rero · Mar 30, 2020 · 0850bd1 · 0850bd1
1 parent 232ea45
commit 0850bd1
Show file tree

Hide file tree

Showing 2 changed files with 15 additions and 15 deletions.
diff --git a/Pipfile b/Pipfile
@@ -69,8 +69,8 @@ pycountry = ">=19.7.15"
 xmltodict = "*"
 # TODO: to be removed when the thumbnail will be refactored
 angular-gettext-babel= ">=0.1"
-# Avoid CVE 38076 on bleach <=3.1.1 ( dependency of invenio-record-rest)
-bleach = ">3.1.1"
+# Avoid CVE 38107 on bleach <=3.1.3 (dependency of invenio-record-rest)
+bleach = ">=3.1.4"
 ## Additionnal constraints on python modules
 # solves datetime serialize error
 celery = "<4.3.0"

diff --git a/Pipfile.lock b/Pipfile.lock