Safety CI > dubirajara/slack-Bot

pyup-update-slackclient-2.2.1-to-2.9.0

5 years, 7 months ago

5a46aaf3

Update slackclient from 2.2.1 to 2.9.0

bleach 3.1.3 has known security vulnerabilities.

Package	Installed	Affected	Info
bleach	3.1.3	<3.3.0	show Bleach 3.3.0 includes a fix for CVE-2021-23980: A mutation XSS affects users calling bleach.clean with all of: svg or math in the allowed tags p or br in allowed tags style, title, noscript, script, textarea, noframes, iframe, or xmp in allowed tags the keyword argument strip_comments=False Note: none of the above tags are in the default allowed tags and strip_comments defaults to True.
bleach	3.1.3	<=3.1.3	show Bleach 3.1.4 includes a fix for CVE-2020-6817: bleach.clean behavior parsing style attributes could result in a regular expression denial of service (ReDoS). Calls to bleach.clean with an allowed tag with an allowed style attribute are vulnerable to ReDoS. For example, bleach.clean(..., attributes={'a': ['style']}).

Package

Installed

Affected

Info

bleach

3.1.3

<3.3.0

show

Bleach 3.3.0 includes a fix for CVE-2021-23980: A mutation XSS affects users calling bleach.clean with all of: svg or math in the allowed tags p or br in allowed tags style, title, noscript, script, textarea, noframes, iframe, or xmp in allowed tags the keyword argument strip_comments=False Note: none of the above tags are in the default allowed tags and strip_comments defaults to True.

bleach

3.1.3

<=3.1.3

show

Bleach 3.1.4 includes a fix for CVE-2020-6817: bleach.clean behavior parsing style attributes could result in a regular expression denial of service (ReDoS). Calls to bleach.clean with an allowed tag with an allowed style attribute are vulnerable to ReDoS. For example, bleach.clean(..., attributes={'a': ['style']}).

pyup-update-bleach-3.1.3-to-3.2.0

5 years, 7 months ago

56ad5a53

Update bleach from 3.1.3 to 3.2.0

No dependencies with known security vulnerabilities.

pyup-update-psycopg2-binary-2.8.4-to-2.8.6

5 years, 7 months ago

a38ef2af

Update psycopg2-binary from 2.8.4 to 2.8.6

bleach 3.1.3 has known security vulnerabilities.

Package	Installed	Affected	Info
bleach	3.1.3	<3.3.0	show Bleach 3.3.0 includes a fix for CVE-2021-23980: A mutation XSS affects users calling bleach.clean with all of: svg or math in the allowed tags p or br in allowed tags style, title, noscript, script, textarea, noframes, iframe, or xmp in allowed tags the keyword argument strip_comments=False Note: none of the above tags are in the default allowed tags and strip_comments defaults to True.
bleach	3.1.3	<=3.1.3	show Bleach 3.1.4 includes a fix for CVE-2020-6817: bleach.clean behavior parsing style attributes could result in a regular expression denial of service (ReDoS). Calls to bleach.clean with an allowed tag with an allowed style attribute are vulnerable to ReDoS. For example, bleach.clean(..., attributes={'a': ['style']}).

Package

Installed

Affected

Info

bleach

3.1.3

<3.3.0

show

Bleach 3.3.0 includes a fix for CVE-2021-23980: A mutation XSS affects users calling bleach.clean with all of: svg or math in the allowed tags p or br in allowed tags style, title, noscript, script, textarea, noframes, iframe, or xmp in allowed tags the keyword argument strip_comments=False Note: none of the above tags are in the default allowed tags and strip_comments defaults to True.

bleach

3.1.3

<=3.1.3

show

Bleach 3.1.4 includes a fix for CVE-2020-6817: bleach.clean behavior parsing style attributes could result in a regular expression denial of service (ReDoS). Calls to bleach.clean with an allowed tag with an allowed style attribute are vulnerable to ReDoS. For example, bleach.clean(..., attributes={'a': ['style']}).

pyup-update-slackclient-2.2.1-to-2.8.2

5 years, 7 months ago

34e61997

Update slackclient from 2.2.1 to 2.8.2

bleach 3.1.3 has known security vulnerabilities.

Package	Installed	Affected	Info
bleach	3.1.3	<3.3.0	show Bleach 3.3.0 includes a fix for CVE-2021-23980: A mutation XSS affects users calling bleach.clean with all of: svg or math in the allowed tags p or br in allowed tags style, title, noscript, script, textarea, noframes, iframe, or xmp in allowed tags the keyword argument strip_comments=False Note: none of the above tags are in the default allowed tags and strip_comments defaults to True.
bleach	3.1.3	<=3.1.3	show Bleach 3.1.4 includes a fix for CVE-2020-6817: bleach.clean behavior parsing style attributes could result in a regular expression denial of service (ReDoS). Calls to bleach.clean with an allowed tag with an allowed style attribute are vulnerable to ReDoS. For example, bleach.clean(..., attributes={'a': ['style']}).

Package

Installed

Affected

Info

bleach

3.1.3

<3.3.0

show

Bleach 3.3.0 includes a fix for CVE-2021-23980: A mutation XSS affects users calling bleach.clean with all of: svg or math in the allowed tags p or br in allowed tags style, title, noscript, script, textarea, noframes, iframe, or xmp in allowed tags the keyword argument strip_comments=False Note: none of the above tags are in the default allowed tags and strip_comments defaults to True.

bleach

3.1.3

<=3.1.3

show

Bleach 3.1.4 includes a fix for CVE-2020-6817: bleach.clean behavior parsing style attributes could result in a regular expression denial of service (ReDoS). Calls to bleach.clean with an allowed tag with an allowed style attribute are vulnerable to ReDoS. For example, bleach.clean(..., attributes={'a': ['style']}).

pyup-update-slackclient-2.2.1-to-2.8.1

5 years, 7 months ago

65d5a012

Update slackclient from 2.2.1 to 2.8.1

bleach 3.1.3 has known security vulnerabilities.

Package	Installed	Affected	Info
bleach	3.1.3	<3.3.0	show Bleach 3.3.0 includes a fix for CVE-2021-23980: A mutation XSS affects users calling bleach.clean with all of: svg or math in the allowed tags p or br in allowed tags style, title, noscript, script, textarea, noframes, iframe, or xmp in allowed tags the keyword argument strip_comments=False Note: none of the above tags are in the default allowed tags and strip_comments defaults to True.
bleach	3.1.3	<=3.1.3	show Bleach 3.1.4 includes a fix for CVE-2020-6817: bleach.clean behavior parsing style attributes could result in a regular expression denial of service (ReDoS). Calls to bleach.clean with an allowed tag with an allowed style attribute are vulnerable to ReDoS. For example, bleach.clean(..., attributes={'a': ['style']}).

Package

Installed

Affected

Info

bleach

3.1.3

<3.3.0

show

Bleach 3.3.0 includes a fix for CVE-2021-23980: A mutation XSS affects users calling bleach.clean with all of: svg or math in the allowed tags p or br in allowed tags style, title, noscript, script, textarea, noframes, iframe, or xmp in allowed tags the keyword argument strip_comments=False Note: none of the above tags are in the default allowed tags and strip_comments defaults to True.

bleach

3.1.3

<=3.1.3

show

Bleach 3.1.4 includes a fix for CVE-2020-6817: bleach.clean behavior parsing style attributes could result in a regular expression denial of service (ReDoS). Calls to bleach.clean with an allowed tag with an allowed style attribute are vulnerable to ReDoS. For example, bleach.clean(..., attributes={'a': ['style']}).

pyup-update-slackclient-2.2.1-to-2.8.0

5 years, 8 months ago

24c751c0

Update slackclient from 2.2.1 to 2.8.0

bleach 3.1.3 has known security vulnerabilities.

Package	Installed	Affected	Info
bleach	3.1.3	<3.3.0	show Bleach 3.3.0 includes a fix for CVE-2021-23980: A mutation XSS affects users calling bleach.clean with all of: svg or math in the allowed tags p or br in allowed tags style, title, noscript, script, textarea, noframes, iframe, or xmp in allowed tags the keyword argument strip_comments=False Note: none of the above tags are in the default allowed tags and strip_comments defaults to True.
bleach	3.1.3	<=3.1.3	show Bleach 3.1.4 includes a fix for CVE-2020-6817: bleach.clean behavior parsing style attributes could result in a regular expression denial of service (ReDoS). Calls to bleach.clean with an allowed tag with an allowed style attribute are vulnerable to ReDoS. For example, bleach.clean(..., attributes={'a': ['style']}).

Package

Installed

Affected

Info

bleach

3.1.3

<3.3.0

show

Bleach 3.3.0 includes a fix for CVE-2021-23980: A mutation XSS affects users calling bleach.clean with all of: svg or math in the allowed tags p or br in allowed tags style, title, noscript, script, textarea, noframes, iframe, or xmp in allowed tags the keyword argument strip_comments=False Note: none of the above tags are in the default allowed tags and strip_comments defaults to True.

bleach

3.1.3

<=3.1.3

show

Bleach 3.1.4 includes a fix for CVE-2020-6817: bleach.clean behavior parsing style attributes could result in a regular expression denial of service (ReDoS). Calls to bleach.clean with an allowed tag with an allowed style attribute are vulnerable to ReDoS. For example, bleach.clean(..., attributes={'a': ['style']}).

pyup-update-slackclient-2.2.1-to-2.7.3

5 years, 9 months ago

103c2a02

Update slackclient from 2.2.1 to 2.7.3

bleach 3.1.3 has known security vulnerabilities.

Package	Installed	Affected	Info
bleach	3.1.3	<3.3.0	show Bleach 3.3.0 includes a fix for CVE-2021-23980: A mutation XSS affects users calling bleach.clean with all of: svg or math in the allowed tags p or br in allowed tags style, title, noscript, script, textarea, noframes, iframe, or xmp in allowed tags the keyword argument strip_comments=False Note: none of the above tags are in the default allowed tags and strip_comments defaults to True.
bleach	3.1.3	<=3.1.3	show Bleach 3.1.4 includes a fix for CVE-2020-6817: bleach.clean behavior parsing style attributes could result in a regular expression denial of service (ReDoS). Calls to bleach.clean with an allowed tag with an allowed style attribute are vulnerable to ReDoS. For example, bleach.clean(..., attributes={'a': ['style']}).

Package

Installed

Affected

Info

bleach

3.1.3

<3.3.0

show

Bleach 3.3.0 includes a fix for CVE-2021-23980: A mutation XSS affects users calling bleach.clean with all of: svg or math in the allowed tags p or br in allowed tags style, title, noscript, script, textarea, noframes, iframe, or xmp in allowed tags the keyword argument strip_comments=False Note: none of the above tags are in the default allowed tags and strip_comments defaults to True.

bleach

3.1.3

<=3.1.3

show

Bleach 3.1.4 includes a fix for CVE-2020-6817: bleach.clean behavior parsing style attributes could result in a regular expression denial of service (ReDoS). Calls to bleach.clean with an allowed tag with an allowed style attribute are vulnerable to ReDoS. For example, bleach.clean(..., attributes={'a': ['style']}).

pyup-update-flask-sqlalchemy-2.4.1-to-2.4.4

5 years, 9 months ago

c4c849eb

Update flask-sqlalchemy from 2.4.1 to 2.4.4

bleach 3.1.3 has known security vulnerabilities.

Package	Installed	Affected	Info
bleach	3.1.3	<3.3.0	show Bleach 3.3.0 includes a fix for CVE-2021-23980: A mutation XSS affects users calling bleach.clean with all of: svg or math in the allowed tags p or br in allowed tags style, title, noscript, script, textarea, noframes, iframe, or xmp in allowed tags the keyword argument strip_comments=False Note: none of the above tags are in the default allowed tags and strip_comments defaults to True.
bleach	3.1.3	<=3.1.3	show Bleach 3.1.4 includes a fix for CVE-2020-6817: bleach.clean behavior parsing style attributes could result in a regular expression denial of service (ReDoS). Calls to bleach.clean with an allowed tag with an allowed style attribute are vulnerable to ReDoS. For example, bleach.clean(..., attributes={'a': ['style']}).

Package

Installed

Affected

Info

bleach

3.1.3

<3.3.0

show

Bleach 3.3.0 includes a fix for CVE-2021-23980: A mutation XSS affects users calling bleach.clean with all of: svg or math in the allowed tags p or br in allowed tags style, title, noscript, script, textarea, noframes, iframe, or xmp in allowed tags the keyword argument strip_comments=False Note: none of the above tags are in the default allowed tags and strip_comments defaults to True.

bleach

3.1.3

<=3.1.3

show

Bleach 3.1.4 includes a fix for CVE-2020-6817: bleach.clean behavior parsing style attributes could result in a regular expression denial of service (ReDoS). Calls to bleach.clean with an allowed tag with an allowed style attribute are vulnerable to ReDoS. For example, bleach.clean(..., attributes={'a': ['style']}).

pyup-update-lxml-4.4.1-to-4.5.2

5 years, 9 months ago

c4d0a774

Update lxml from 4.4.1 to 4.5.2

bleach 3.1.3 has known security vulnerabilities.

Package	Installed	Affected	Info
bleach	3.1.3	<3.3.0	show Bleach 3.3.0 includes a fix for CVE-2021-23980: A mutation XSS affects users calling bleach.clean with all of: svg or math in the allowed tags p or br in allowed tags style, title, noscript, script, textarea, noframes, iframe, or xmp in allowed tags the keyword argument strip_comments=False Note: none of the above tags are in the default allowed tags and strip_comments defaults to True.
bleach	3.1.3	<=3.1.3	show Bleach 3.1.4 includes a fix for CVE-2020-6817: bleach.clean behavior parsing style attributes could result in a regular expression denial of service (ReDoS). Calls to bleach.clean with an allowed tag with an allowed style attribute are vulnerable to ReDoS. For example, bleach.clean(..., attributes={'a': ['style']}).

Package

Installed

Affected

Info

bleach

3.1.3

<3.3.0

show

Bleach 3.3.0 includes a fix for CVE-2021-23980: A mutation XSS affects users calling bleach.clean with all of: svg or math in the allowed tags p or br in allowed tags style, title, noscript, script, textarea, noframes, iframe, or xmp in allowed tags the keyword argument strip_comments=False Note: none of the above tags are in the default allowed tags and strip_comments defaults to True.

bleach

3.1.3

<=3.1.3

show

Bleach 3.1.4 includes a fix for CVE-2020-6817: bleach.clean behavior parsing style attributes could result in a regular expression denial of service (ReDoS). Calls to bleach.clean with an allowed tag with an allowed style attribute are vulnerable to ReDoS. For example, bleach.clean(..., attributes={'a': ['style']}).

pyup-update-slackclient-2.2.1-to-2.7.2

5 years, 9 months ago

5b3d94b7

Update slackclient from 2.2.1 to 2.7.2

bleach 3.1.3 has known security vulnerabilities.

Package	Installed	Affected	Info
bleach	3.1.3	<3.3.0	show Bleach 3.3.0 includes a fix for CVE-2021-23980: A mutation XSS affects users calling bleach.clean with all of: svg or math in the allowed tags p or br in allowed tags style, title, noscript, script, textarea, noframes, iframe, or xmp in allowed tags the keyword argument strip_comments=False Note: none of the above tags are in the default allowed tags and strip_comments defaults to True.
bleach	3.1.3	<=3.1.3	show Bleach 3.1.4 includes a fix for CVE-2020-6817: bleach.clean behavior parsing style attributes could result in a regular expression denial of service (ReDoS). Calls to bleach.clean with an allowed tag with an allowed style attribute are vulnerable to ReDoS. For example, bleach.clean(..., attributes={'a': ['style']}).

Package

Installed

Affected

Info

bleach

3.1.3

<3.3.0

show

Bleach 3.3.0 includes a fix for CVE-2021-23980: A mutation XSS affects users calling bleach.clean with all of: svg or math in the allowed tags p or br in allowed tags style, title, noscript, script, textarea, noframes, iframe, or xmp in allowed tags the keyword argument strip_comments=False Note: none of the above tags are in the default allowed tags and strip_comments defaults to True.

bleach

3.1.3

<=3.1.3

show

Bleach 3.1.4 includes a fix for CVE-2020-6817: bleach.clean behavior parsing style attributes could result in a regular expression denial of service (ReDoS). Calls to bleach.clean with an allowed tag with an allowed style attribute are vulnerable to ReDoS. For example, bleach.clean(..., attributes={'a': ['style']}).

pyup-update-requests-2.22.0-to-2.24.0

5 years, 10 months ago

e7d20b11

Update requests from 2.22.0 to 2.24.0

bleach 3.1.3 has known security vulnerabilities.

Package	Installed	Affected	Info
bleach	3.1.3	<3.3.0	show Bleach 3.3.0 includes a fix for CVE-2021-23980: A mutation XSS affects users calling bleach.clean with all of: svg or math in the allowed tags p or br in allowed tags style, title, noscript, script, textarea, noframes, iframe, or xmp in allowed tags the keyword argument strip_comments=False Note: none of the above tags are in the default allowed tags and strip_comments defaults to True.
bleach	3.1.3	<=3.1.3	show Bleach 3.1.4 includes a fix for CVE-2020-6817: bleach.clean behavior parsing style attributes could result in a regular expression denial of service (ReDoS). Calls to bleach.clean with an allowed tag with an allowed style attribute are vulnerable to ReDoS. For example, bleach.clean(..., attributes={'a': ['style']}).

Package

Installed

Affected

Info

bleach

3.1.3

<3.3.0

show

Bleach 3.3.0 includes a fix for CVE-2021-23980: A mutation XSS affects users calling bleach.clean with all of: svg or math in the allowed tags p or br in allowed tags style, title, noscript, script, textarea, noframes, iframe, or xmp in allowed tags the keyword argument strip_comments=False Note: none of the above tags are in the default allowed tags and strip_comments defaults to True.

bleach

3.1.3

<=3.1.3

show

Bleach 3.1.4 includes a fix for CVE-2020-6817: bleach.clean behavior parsing style attributes could result in a regular expression denial of service (ReDoS). Calls to bleach.clean with an allowed tag with an allowed style attribute are vulnerable to ReDoS. For example, bleach.clean(..., attributes={'a': ['style']}).

pyup-update-slackclient-2.2.1-to-2.7.1

5 years, 10 months ago

ad40e4f3

Update slackclient from 2.2.1 to 2.7.1

bleach 3.1.3 has known security vulnerabilities.

Package	Installed	Affected	Info
bleach	3.1.3	<3.3.0	show Bleach 3.3.0 includes a fix for CVE-2021-23980: A mutation XSS affects users calling bleach.clean with all of: svg or math in the allowed tags p or br in allowed tags style, title, noscript, script, textarea, noframes, iframe, or xmp in allowed tags the keyword argument strip_comments=False Note: none of the above tags are in the default allowed tags and strip_comments defaults to True.
bleach	3.1.3	<=3.1.3	show Bleach 3.1.4 includes a fix for CVE-2020-6817: bleach.clean behavior parsing style attributes could result in a regular expression denial of service (ReDoS). Calls to bleach.clean with an allowed tag with an allowed style attribute are vulnerable to ReDoS. For example, bleach.clean(..., attributes={'a': ['style']}).

Package

Installed

Affected

Info

bleach

3.1.3

<3.3.0

show

Bleach 3.3.0 includes a fix for CVE-2021-23980: A mutation XSS affects users calling bleach.clean with all of: svg or math in the allowed tags p or br in allowed tags style, title, noscript, script, textarea, noframes, iframe, or xmp in allowed tags the keyword argument strip_comments=False Note: none of the above tags are in the default allowed tags and strip_comments defaults to True.

bleach

3.1.3

<=3.1.3

show

Bleach 3.1.4 includes a fix for CVE-2020-6817: bleach.clean behavior parsing style attributes could result in a regular expression denial of service (ReDoS). Calls to bleach.clean with an allowed tag with an allowed style attribute are vulnerable to ReDoS. For example, bleach.clean(..., attributes={'a': ['style']}).

pyup-update-slackclient-2.2.1-to-2.7.0

5 years, 10 months ago

ed38328d

Update slackclient from 2.2.1 to 2.7.0

bleach 3.1.3 has known security vulnerabilities.

Package	Installed	Affected	Info
bleach	3.1.3	<3.3.0	show Bleach 3.3.0 includes a fix for CVE-2021-23980: A mutation XSS affects users calling bleach.clean with all of: svg or math in the allowed tags p or br in allowed tags style, title, noscript, script, textarea, noframes, iframe, or xmp in allowed tags the keyword argument strip_comments=False Note: none of the above tags are in the default allowed tags and strip_comments defaults to True.
bleach	3.1.3	<=3.1.3	show Bleach 3.1.4 includes a fix for CVE-2020-6817: bleach.clean behavior parsing style attributes could result in a regular expression denial of service (ReDoS). Calls to bleach.clean with an allowed tag with an allowed style attribute are vulnerable to ReDoS. For example, bleach.clean(..., attributes={'a': ['style']}).

Package

Installed

Affected

Info

bleach

3.1.3

<3.3.0

show

Bleach 3.3.0 includes a fix for CVE-2021-23980: A mutation XSS affects users calling bleach.clean with all of: svg or math in the allowed tags p or br in allowed tags style, title, noscript, script, textarea, noframes, iframe, or xmp in allowed tags the keyword argument strip_comments=False Note: none of the above tags are in the default allowed tags and strip_comments defaults to True.

bleach

3.1.3

<=3.1.3

show

Bleach 3.1.4 includes a fix for CVE-2020-6817: bleach.clean behavior parsing style attributes could result in a regular expression denial of service (ReDoS). Calls to bleach.clean with an allowed tag with an allowed style attribute are vulnerable to ReDoS. For example, bleach.clean(..., attributes={'a': ['style']}).

pyup-update-slackclient-2.2.1-to-2.6.2

5 years, 10 months ago

c49772c9

Update slackclient from 2.2.1 to 2.6.2

bleach 3.1.3 has known security vulnerabilities.

Package	Installed	Affected	Info
bleach	3.1.3	<3.3.0	show Bleach 3.3.0 includes a fix for CVE-2021-23980: A mutation XSS affects users calling bleach.clean with all of: svg or math in the allowed tags p or br in allowed tags style, title, noscript, script, textarea, noframes, iframe, or xmp in allowed tags the keyword argument strip_comments=False Note: none of the above tags are in the default allowed tags and strip_comments defaults to True.
bleach	3.1.3	<=3.1.3	show Bleach 3.1.4 includes a fix for CVE-2020-6817: bleach.clean behavior parsing style attributes could result in a regular expression denial of service (ReDoS). Calls to bleach.clean with an allowed tag with an allowed style attribute are vulnerable to ReDoS. For example, bleach.clean(..., attributes={'a': ['style']}).

Package

Installed

Affected

Info

bleach

3.1.3

<3.3.0

show

Bleach 3.3.0 includes a fix for CVE-2021-23980: A mutation XSS affects users calling bleach.clean with all of: svg or math in the allowed tags p or br in allowed tags style, title, noscript, script, textarea, noframes, iframe, or xmp in allowed tags the keyword argument strip_comments=False Note: none of the above tags are in the default allowed tags and strip_comments defaults to True.

bleach

3.1.3

<=3.1.3

show

Bleach 3.1.4 includes a fix for CVE-2020-6817: bleach.clean behavior parsing style attributes could result in a regular expression denial of service (ReDoS). Calls to bleach.clean with an allowed tag with an allowed style attribute are vulnerable to ReDoS. For example, bleach.clean(..., attributes={'a': ['style']}).

pyup-update-flask-sqlalchemy-2.4.1-to-2.4.3

5 years, 10 months ago

d8c6a8f3

Update flask-sqlalchemy from 2.4.1 to 2.4.3

bleach 3.1.3 has known security vulnerabilities.

Package	Installed	Affected	Info
bleach	3.1.3	<3.3.0	show Bleach 3.3.0 includes a fix for CVE-2021-23980: A mutation XSS affects users calling bleach.clean with all of: svg or math in the allowed tags p or br in allowed tags style, title, noscript, script, textarea, noframes, iframe, or xmp in allowed tags the keyword argument strip_comments=False Note: none of the above tags are in the default allowed tags and strip_comments defaults to True.
bleach	3.1.3	<=3.1.3	show Bleach 3.1.4 includes a fix for CVE-2020-6817: bleach.clean behavior parsing style attributes could result in a regular expression denial of service (ReDoS). Calls to bleach.clean with an allowed tag with an allowed style attribute are vulnerable to ReDoS. For example, bleach.clean(..., attributes={'a': ['style']}).

Package

Installed

Affected

Info

bleach

3.1.3

<3.3.0

show

Bleach 3.3.0 includes a fix for CVE-2021-23980: A mutation XSS affects users calling bleach.clean with all of: svg or math in the allowed tags p or br in allowed tags style, title, noscript, script, textarea, noframes, iframe, or xmp in allowed tags the keyword argument strip_comments=False Note: none of the above tags are in the default allowed tags and strip_comments defaults to True.

bleach

3.1.3

<=3.1.3

show

Bleach 3.1.4 includes a fix for CVE-2020-6817: bleach.clean behavior parsing style attributes could result in a regular expression denial of service (ReDoS). Calls to bleach.clean with an allowed tag with an allowed style attribute are vulnerable to ReDoS. For example, bleach.clean(..., attributes={'a': ['style']}).