From b66e899d351b7fc8e5f6589e2273d3cc4478f631 Mon Sep 17 00:00:00 2001
From: Sagar Vora <16315650+sagarvora@users.noreply.github.com>
Date: Fri, 23 Jan 2026 05:11:10 +0530
Subject: [PATCH] build: pin tinycss2 dependency manually

---
 pyproject.toml | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/pyproject.toml b/pyproject.toml
index fe978601b8..e076edf958 100644
--- a/pyproject.toml
+++ b/pyproject.toml
@@ -27,12 +27,14 @@ dependencies = [
     "PyYAML~=6.0.3",
     "RestrictedPython~=8.1",
     "WeasyPrint==68.0",
+    # we don't use tinycss2 directly, but pinned to ensure compatibility with WeasyPrint and bleach
+    "tinycss2~=1.5.1,<1.6",
     "pydyf==0.12.1",
     "Werkzeug==3.1.5",
     "Whoosh~=2.7.4",
     "beautifulsoup4~=4.13.5",
     "bleach-allowlist~=1.0.3",
-    "bleach[css]~=6.3.0",
+    "bleach~=6.3.0",
     "chardet~=5.2.0",
     "croniter~=6.0.0",
     "cryptography~=46.0.3",