From 34f2a0ada13d3e542d6e19540d7fe1d5aa63437d Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 31 Mar 2020 09:38:12 +0000
Subject: [PATCH 1/4] chore(deps): bump bleach from 3.1.2 to 3.1.4

Bumps [bleach](https://github.com/mozilla/bleach) from 3.1.2 to 3.1.4.
- [Release notes](https://github.com/mozilla/bleach/releases)
- [Changelog](https://github.com/mozilla/bleach/blob/master/CHANGES)
- [Commits](https://github.com/mozilla/bleach/compare/v3.1.2...v3.1.4)

Signed-off-by: dependabot[bot] <support@github.com>
---
 requirements.txt | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/requirements.txt b/requirements.txt
index 55a4910056..bcf3760cd8 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -1,7 +1,7 @@
 Babel==2.6.0
 beautifulsoup4==4.8.2
 bleach-whitelist==0.0.10
-bleach==3.1.2
+bleach==3.1.4
 boto3==1.10.18
 braintree==3.57.1
 chardet==3.0.4

From ad95fbf5199cc31e73e267ae26db7dd3ba708a23 Mon Sep 17 00:00:00 2001
From: Suraj Shetty <surajshetty3416@gmail.com>
Date: Fri, 10 Apr 2020 10:17:01 +0530
Subject: [PATCH 2/4] fix: Handle invalid date parsing

---
 frappe/utils/data.py | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/frappe/utils/data.py b/frappe/utils/data.py
index 39c8c387eb..dc4d3c5e53 100644
--- a/frappe/utils/data.py
+++ b/frappe/utils/data.py
@@ -54,8 +54,8 @@ def get_datetime(datetime_str=None):
 	elif isinstance(datetime_str, datetime.date):
 		return datetime.datetime.combine(datetime_str, datetime.time())
 
-	# dateutil parser does not agree with dates like 0001-01-01
-	if not datetime_str or (datetime_str or "").startswith("0001-01-01"):
+	# dateutil parser does not agree with dates like "0001-01-01" or "0000-00-00"
+	if not datetime_str or (datetime_str or "").startswith(("0001-01-01", "0000-00-00")):
 		return None
 
 	try:

From 2c1ffaae9c9fde1133c4751b6116affa7997007b Mon Sep 17 00:00:00 2001
From: Gavin D'souza <gavin18d@gmail.com>
Date: Fri, 10 Apr 2020 12:13:48 +0530
Subject: [PATCH 3/4] fix(test): update test for updated bleach behaviour

bug report: https://bugzilla.mozilla.org/show_bug.cgi?id=1623633
---
 frappe/tests/test_document.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/frappe/tests/test_document.py b/frappe/tests/test_document.py
index 1e92015602..470ab35fb6 100644
--- a/frappe/tests/test_document.py
+++ b/frappe/tests/test_document.py
@@ -181,7 +181,7 @@ class TestDocument(unittest.TestCase):
 
 		# css attributes
 		xss = '<div style="something: doesn\'t work; color: red;">Test</div>'
-		escaped_xss = '<div style="color: red;">Test</div>'
+		escaped_xss = '<div style="">Test</div>'
 		d.subject += xss
 		d.save()
 		d.reload()

From 5d92e7cf9f2b3a878c9f479d778c86b2fea83770 Mon Sep 17 00:00:00 2001
From: Abhishek Kedar <44434910+AKedar21@users.noreply.github.com>
Date: Fri, 10 Apr 2020 15:30:09 +0530
Subject: [PATCH 4/4] fix: checking value of send_welcome_email (#9888)

* checking value of send_welcome_email

If send_welcome_email is set to 0 still it is triggering send_welcome_mail_to_user(). Need to check if send_welcome_email=1.
This is required.

* fix: cint(self.send_welcome_email) in user.py

Instead of checking self.send_welcome_email==1 used cint(self.send_welcome_email

Co-Authored-By: Chinmay Pai <chinmaydpai@gmail.com>

* chore: remove list from kwargs

Co-authored-by: Chinmay Pai <chinmaydpai@gmail.com>
---
 frappe/core/doctype/user/user.py | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/frappe/core/doctype/user/user.py b/frappe/core/doctype/user/user.py
index ddad3a91fb..7837c90d2b 100644
--- a/frappe/core/doctype/user/user.py
+++ b/frappe/core/doctype/user/user.py
@@ -205,7 +205,7 @@ class User(Document):
 						_update_password(user=self.name, pwd=new_password,
 							logout_all_sessions=self.logout_all_sessions)
 
-					if not self.flags.no_welcome_mail and self.send_welcome_email:
+					if not self.flags.no_welcome_mail and cint(self.send_welcome_email):
 						self.send_welcome_mail_to_user()
 						self.flags.email_sent = 1
 						if frappe.session.user != 'Guest':
@@ -577,7 +577,7 @@ def update_password(new_password, logout_all_sessions=0, key=None, old_password=
 		return redirect_url if redirect_url else "/"
 
 @frappe.whitelist(allow_guest=True)
-def test_password_strength(new_password, key=None, old_password=None, user_data=[]):
+def test_password_strength(new_password, key=None, old_password=None, user_data=None):
 	from frappe.utils.password_strength import test_password_strength as _test_password_strength
 
 	password_policy = frappe.db.get_value("System Settings", None,