Skip to content

Update Dependencies#2528

Open
jlchilders11 wants to merge 12 commits into
developfrom
jc/qa-update-dependencies
Open

Update Dependencies#2528
jlchilders11 wants to merge 12 commits into
developfrom
jc/qa-update-dependencies

Conversation

@jlchilders11

@jlchilders11 jlchilders11 commented Jul 15, 2026

Copy link
Copy Markdown
Collaborator

Update dependencies for QA testing

Summary by CodeRabbit

  • Chores
    • Updated pinned Python dependencies to newer patch versions and added nh3 for HTML sanitization.
    • Reordered specific JavaScript dependency entries in package.json (no version changes).
  • Bug Fixes
    • Improved inline markdown HTML sanitization by switching from bleach to nh3, affecting how disallowed markup is cleaned.
  • Tests
    • Updated template tag tests to reflect the new sanitization library and naming.

@coderabbitai

coderabbitai Bot commented Jul 15, 2026

Copy link
Copy Markdown

Review Change Stack

Note

Reviews paused

It looks like this branch is under active development. To avoid overwhelming you with review comments due to an influx of new commits, CodeRabbit has automatically paused this review. You can configure this behavior by changing the reviews.auto_review.auto_pause_after_reviewed_commits setting.

Use the following commands to manage reviews:

  • @coderabbitai resume to resume automatic reviews.
  • @coderabbitai review to trigger a single review.

Use the checkboxes below for quick actions:

  • ▶️ Resume reviews
  • 🔍 Trigger review
📝 Walkthrough

Walkthrough

The inline markdown filter now uses nh3 instead of bleach, with its test naming and dependency declarations updated. Pinned Python dependencies are refreshed, and five unchanged JavaScript dependency entries are reordered.

Changes

Sanitizer migration and dependency updates

Layer / File(s) Summary
Update Python dependency pins
requirements.txt
Multiple pinned dependencies are upgraded, nh3==0.3.6 is added, and generated dependency attribution comments are refreshed.
Switch inline markdown sanitization
versions/templatetags/whats_new_extras.py, versions/tests/test_templatetags.py
inline_markdown changes from bleach.clean to nh3.clean, and the related test naming and explanatory text reference nh3.
Reorder JavaScript dependencies
package.json
Five dependency entries are reordered without changing their versions.

Estimated code review effort: 2 (Simple) | ~10 minutes

🚥 Pre-merge checks | ✅ 4 | ❌ 1

❌ Failed checks (1 warning)

Check name Status Explanation Resolution
Description check ⚠️ Warning The description is only a one-line summary and omits required template sections like issue number, changes, risks, screenshots, and checklist. Expand the PR description to follow the template: add issue number, summary/context, detailed changes, risks, screenshots if applicable, and checklist items.
✅ Passed checks (4 passed)
Check name Status Explanation
Title check ✅ Passed The title is concise and clearly matches the dependency update in this PR.
Docstring Coverage ✅ Passed No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check ✅ Passed Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check ✅ Passed Check skipped because no linked issues were found for this pull request.
✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Commit unit tests in branch jc/qa-update-dependencies

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands.

@coderabbitai coderabbitai Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🧹 Nitpick comments (1)
requirements.txt (1)

49-49: 🎯 Functional Correctness | 🔵 Trivial | 💤 Low value

Keep the Black versions in sync. requirements.txt pins black==26.5.1, but .pre-commit-config.yaml still runs 26.1.0, so CI will keep using a different formatter version. Update the hook revision too, or document that the pins are intentionally separate.

🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@requirements.txt` at line 49, Synchronize the Black version used by the
pre-commit configuration with the black==26.5.1 pin in requirements.txt by
updating the relevant hook revision in .pre-commit-config.yaml, unless the
versions are intentionally separate and that decision is explicitly documented.
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Nitpick comments:
In `@requirements.txt`:
- Line 49: Synchronize the Black version used by the pre-commit configuration
with the black==26.5.1 pin in requirements.txt by updating the relevant hook
revision in .pre-commit-config.yaml, unless the versions are intentionally
separate and that decision is explicitly documented.

ℹ️ Review info
⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro Plus

Run ID: 713d65a8-f137-493c-b07d-be9849aa5d38

📥 Commits

Reviewing files that changed from the base of the PR and between 865a4ac and 0afb4d2.

📒 Files selected for processing (1)
  • requirements.txt

@coderabbitai coderabbitai Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (1)
requirements.txt (1)

49-49: 📐 Maintainability & Code Quality | 🟡 Minor | ⚡ Quick win

Keep Black pinned to the same version in both toolchains. requirements.txt pins black==26.5.1, but .pre-commit-config.yaml still uses 26.1.0, so local formatting and CI can drift. Update the hook rev or document why the split is intentional.

🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@requirements.txt` at line 49, Align the Black version used by the pre-commit
hook with the requirements.txt pin of 26.5.1 by updating the hook revision in
.pre-commit-config.yaml, unless there is a documented intentional reason to
retain the split.
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Outside diff comments:
In `@requirements.txt`:
- Line 49: Align the Black version used by the pre-commit hook with the
requirements.txt pin of 26.5.1 by updating the hook revision in
.pre-commit-config.yaml, unless there is a documented intentional reason to
retain the split.

ℹ️ Review info
⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro Plus

Run ID: 63574389-44f6-44f1-856c-a3604986bbbf

📥 Commits

Reviewing files that changed from the base of the PR and between 0afb4d2 and 933f156.

⛔ Files ignored due to path filters (2)
  • package-lock.json is excluded by !**/package-lock.json
  • yarn.lock is excluded by !**/yarn.lock, !**/*.lock
📒 Files selected for processing (2)
  • package.json
  • requirements.txt

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant