Merge pull request #36251 from sagarvora/bump-weasyprint-2

chore: bump weasyprint
2026-01-23 13:48:46 +05:30 · 2026-01-23 13:48:46 +05:30 · d21c6f5d31
commit d21c6f5d31
parent 5c01f2aa5c b66e899d35
2 changed files with 5 additions and 3 deletions
--- a/.github/workflows/linters.yml
+++ b/.github/workflows/linters.yml
@ -95,7 +95,7 @@ jobs:
        run: |
          pip install pip-audit
          cd ${GITHUB_WORKSPACE}
-          pip-audit --desc on --ignore-vuln PYSEC-2023-312 --ignore-vuln CVE-2025-68616 .
+          pip-audit --desc on --ignore-vuln PYSEC-2023-312 .

  precommit:
    name: 'Pre-Commit'
--- a/pyproject.toml
+++ b/pyproject.toml
@ -26,13 +26,15 @@ dependencies = [
    "PyQRCode~=1.2.1",
    "PyYAML~=6.0.3",
    "RestrictedPython~=8.1",
-    "WeasyPrint==66.0",
+    "WeasyPrint==68.0",
+    # we don't use tinycss2 directly, but pinned to ensure compatibility with WeasyPrint and bleach
+    "tinycss2~=1.5.1,<1.6",
    "pydyf==0.12.1",
    "Werkzeug==3.1.5",
    "Whoosh~=2.7.4",
    "beautifulsoup4~=4.13.5",
    "bleach-allowlist~=1.0.3",
-    "bleach[css]~=6.3.0",
+    "bleach~=6.3.0",
    "chardet~=5.2.0",
    "croniter~=6.0.0",
    "cryptography~=46.0.3",