Skip to content

Bump soupsieve to 2.8.4#228

Merged
masa10-f merged 1 commit into
masterfrom
fix/soupsieve-security
Jul 11, 2026
Merged

Bump soupsieve to 2.8.4#228
masa10-f merged 1 commit into
masterfrom
fix/soupsieve-security

Conversation

@masa10-f

Copy link
Copy Markdown
Collaborator

Summary

Root cause and impact

soupsieve is pulled in transitively by the documentation dependency chain through Beautiful Soup. Version 2.8.3 is affected by memory-exhaustion and ReDoS vulnerabilities when parsing malicious selectors. The patched version is 2.8.4.

This change only updates the locked package version and artifact hashes; project dependency constraints and application code are unchanged.

Validation

  • uv lock --check
  • uv run --extra dev pytest -s -m "not pyzx" — 497 passed, 1 skipped
  • verified soupsieve.__version__ == "2.8.4" with the doc extra
  • uv run --extra doc sphinx-build -W docs/source docs/build

@masa10-f masa10-f marked this pull request as ready for review July 11, 2026 02:50
@codecov

codecov Bot commented Jul 11, 2026

Copy link
Copy Markdown

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 85.62%. Comparing base (cef85df) to head (4cbd2bb).
⚠️ Report is 2 commits behind head on master.

Additional details and impacted files
@@           Coverage Diff           @@
##           master     #228   +/-   ##
=======================================
  Coverage   85.62%   85.62%           
=======================================
  Files          25       25           
  Lines        3674     3674           
  Branches      638      638           
=======================================
  Hits         3146     3146           
  Misses        379      379           
  Partials      149      149           
🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

@masa10-f masa10-f merged commit 7a5cfa4 into master Jul 11, 2026
24 checks passed
@masa10-f masa10-f deleted the fix/soupsieve-security branch July 11, 2026 02:52
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant