diff --git a/CHANGELOG.rst b/CHANGELOG.rst
index 3c910e2c2f6fabcb2905095ec6e13f0c21972261..6962295af4e0e6e080dc41b027cf22a732ab6bd4 100644
--- a/CHANGELOG.rst
+++ b/CHANGELOG.rst
@@ -16,6 +16,12 @@ Please See the [releases tab](https://github.com/openedx/xblock-lti-consumer/rel
Unreleased
~~~~~~~~~~
+8.0.0 - 2023-01-31
+------------------
+* Update to work with bleachk>=6.0.0 and make that an explicit requirement in
+ ``install_requires`` since the changes are incompatible with the older
+ versions of bleach.
+
7.3.0 - 2023-01-30
------------------
* Rename edx-platform import of ``get_module_for_descriptor_internal``.
diff --git a/lti_consumer/__init__.py b/lti_consumer/__init__.py
index 0c989b3093078a6fe66296e89964ec6528099424..2ac31ca97338b4f41a3816e1fd4974378d1492c8 100644
--- a/lti_consumer/__init__.py
+++ b/lti_consumer/__init__.py
@@ -4,4 +4,4 @@ Runtime will load the XBlock class from here.
from .apps import LTIConsumerApp
from .lti_xblock import LtiConsumerXBlock
-__version__ = '7.3.0'
+__version__ = '8.0.0'
diff --git a/lti_consumer/lti_xblock.py b/lti_consumer/lti_xblock.py
index aae2678df3d7151f31fc485d0aeaa0f35f135846..3fe04ff78a1305b576f4e1a1328ce0b8b317eb16 100644
--- a/lti_consumer/lti_xblock.py
+++ b/lti_consumer/lti_xblock.py
@@ -1585,7 +1585,7 @@ class LtiConsumerXBlock(StudioEditableXBlockMixin, XBlock):
# For more context on ALLOWED_TAGS and ALLOWED_ATTRIBUTES
# Look into this documentation URL see https://bleach.readthedocs.io/en/latest/clean.html#allowed-tags-tags
# This lets all plaintext through.
- allowed_tags = bleach.sanitizer.ALLOWED_TAGS + ['img']
+ allowed_tags = bleach.sanitizer.ALLOWED_TAGS | {'img'}
allowed_attributes = dict(bleach.sanitizer.ALLOWED_ATTRIBUTES, **{'img': ['src', 'alt']})
sanitized_comment = bleach.clean(self.score_comment, tags=allowed_tags, attributes=allowed_attributes)
diff --git a/lti_consumer/templatetags/lti_sanitize.py b/lti_consumer/templatetags/lti_sanitize.py
index 35caaebfa737811d5ff9857b47595e72e24ce24f..bbb73f170a4524acf7ee09d3f5dd9f5c084e1e75 100644
--- a/lti_consumer/templatetags/lti_sanitize.py
+++ b/lti_consumer/templatetags/lti_sanitize.py
@@ -13,7 +13,7 @@ def lti_sanitize(html):
"""
Sanitize a html fragment with bleach.
"""
- allowed_tags = bleach.sanitizer.ALLOWED_TAGS + ['img']
+ allowed_tags = bleach.sanitizer.ALLOWED_TAGS | {'img'}
allowed_attributes = dict(bleach.sanitizer.ALLOWED_ATTRIBUTES, **{'img': ['src', 'alt']})
sanitized_html = bleach.clean(html, tags=allowed_tags, attributes=allowed_attributes)
return mark_safe(sanitized_html)
diff --git a/requirements/base.in b/requirements/base.in
index f946ff4b31361dc3c6a7209b26e7b51c1e0841ed..0be363005162bd7b840d48b14fb4659d14e3e4e3 100644
--- a/requirements/base.in
+++ b/requirements/base.in
@@ -3,7 +3,7 @@
attrs
lxml
-bleach
+bleach>=6.0.0
django
oauthlib
mako
diff --git a/requirements/base.txt b/requirements/base.txt
index 127b0629baa5047ca50b33bd50d36b5d7e9154d1..84101d44a2c4047d6eacdc79073f49ef07cdaa09 100644
--- a/requirements/base.txt
+++ b/requirements/base.txt
@@ -10,7 +10,7 @@ asgiref==3.6.0
# via django
attrs==22.2.0
# via -r requirements/base.in
-bleach==5.0.1
+bleach==6.0.0
# via -r requirements/base.in
certifi==2022.12.7
# via requests
@@ -63,7 +63,7 @@ mako==1.2.4
# via
# -r requirements/base.in
# xblock-utils
-markupsafe==2.1.1
+markupsafe==2.1.2
# via
# mako
# xblock
@@ -71,7 +71,7 @@ newrelic==8.5.0
# via edx-django-utils
oauthlib==3.2.2
# via -r requirements/base.in
-openedx-filters==0.8.0
+openedx-filters==1.0.0
# via -r requirements/base.in
pbr==5.11.1
# via stevedore
@@ -79,7 +79,7 @@ psutil==5.9.4
# via edx-django-utils
pycparser==2.21
# via cffi
-pycryptodomex==3.16.0
+pycryptodomex==3.17
# via
# -r requirements/base.in
# pyjwkest
@@ -124,7 +124,7 @@ webencodings==0.5.1
# via bleach
webob==1.8.7
# via xblock
-xblock==1.6.1
+xblock==1.6.2
# via
# -r requirements/base.in
# xblock-utils
diff --git a/requirements/ci.txt b/requirements/ci.txt
index de17b8714e08d5c0d1a444969c61f16c6ac8dbfd..a5d6a4da8f175097dbe2af164f848f015b12aaeb 100644
--- a/requirements/ci.txt
+++ b/requirements/ci.txt
@@ -16,7 +16,7 @@ asgiref==3.6.0
# via
# -r requirements/test.txt
# django
-astroid==2.13.2
+astroid==2.13.3
# via
# -r requirements/test.txt
# pylint
@@ -27,7 +27,7 @@ binaryornot==0.4.4
# via
# -r requirements/test.txt
# cookiecutter
-bleach==5.0.1
+bleach==6.0.0
# via
# -r requirements/test.txt
# readme-renderer
@@ -35,11 +35,11 @@ boto==2.49.0
# via
# -r requirements/test.txt
# xblock-sdk
-boto3==1.26.50
+boto3==1.26.59
# via
# -r requirements/test.txt
# fs-s3fs
-botocore==1.29.50
+botocore==1.29.59
# via
# -r requirements/test.txt
# boto3
@@ -77,10 +77,6 @@ code-annotations==1.3.0
# via
# -r requirements/test.txt
# edx-lint
-commonmark==0.9.1
- # via
- # -r requirements/test.txt
- # rich
cookiecutter==2.1.1
# via
# -r requirements/test.txt
@@ -116,6 +112,7 @@ django==3.2.16
# djangorestframework
# edx-django-utils
# jsonfield
+ # openedx-django-pyfs
# openedx-filters
# xblock-sdk
django-config-models==2.3.0
@@ -127,9 +124,7 @@ django-crum==0.7.9
django-filter==22.1
# via -r requirements/test.txt
django-pyfs==3.2.0
- # via
- # -r requirements/test.txt
- # xblock-sdk
+ # via -r requirements/test.txt
django-waffle==3.0.0
# via
# -r requirements/test.txt
@@ -164,11 +159,13 @@ fs==2.4.16
# -r requirements/test.txt
# django-pyfs
# fs-s3fs
+ # openedx-django-pyfs
# xblock
fs-s3fs==1.1.1
# via
# -r requirements/test.txt
# django-pyfs
+ # openedx-django-pyfs
# xblock-sdk
future==0.18.3
# via
@@ -187,7 +184,7 @@ importlib-resources==5.10.2
# via
# -r requirements/test.txt
# keyring
-isort==5.11.4
+isort==5.12.0
# via
# -r requirements/test.txt
# pylint
@@ -224,7 +221,7 @@ keyring==23.13.1
lazy==1.5
# via
# -r requirements/test.txt
- # xblock-sdk
+ # xblock
lazy-object-proxy==1.9.0
# via
# -r requirements/test.txt
@@ -238,7 +235,11 @@ mako==1.2.4
# via
# -r requirements/test.txt
# xblock-utils
-markupsafe==2.1.1
+markdown-it-py==2.1.0
+ # via
+ # -r requirements/test.txt
+ # rich
+markupsafe==2.1.2
# via
# -r requirements/test.txt
# jinja2
@@ -248,6 +249,10 @@ mccabe==0.7.0
# via
# -r requirements/test.txt
# pylint
+mdurl==0.1.2
+ # via
+ # -r requirements/test.txt
+ # markdown-it-py
mock==5.0.1
# via -r requirements/test.txt
more-itertools==9.0.0
@@ -260,7 +265,11 @@ newrelic==8.5.0
# edx-django-utils
oauthlib==3.2.2
# via -r requirements/test.txt
-openedx-filters==0.8.0
+openedx-django-pyfs==3.2.1
+ # via
+ # -r requirements/test.txt
+ # xblock
+openedx-filters==1.0.0
# via -r requirements/test.txt
packaging==23.0
# via
@@ -298,7 +307,7 @@ pycparser==2.21
# via
# -r requirements/test.txt
# cffi
-pycryptodomex==3.16.0
+pycryptodomex==3.17
# via
# -r requirements/test.txt
# pyjwkest
@@ -347,7 +356,7 @@ python-dateutil==2.8.2
# arrow
# botocore
# xblock
-python-slugify==7.0.0
+python-slugify==8.0.0
# via
# -r requirements/test.txt
# code-annotations
@@ -385,7 +394,7 @@ rfc3986==2.0.0
# via
# -r requirements/test.txt
# twine
-rich==13.1.0
+rich==13.3.1
# via
# -r requirements/test.txt
# twine
@@ -478,16 +487,16 @@ wrapt==1.14.1
# via
# -r requirements/test.txt
# astroid
-xblock==1.6.1
+xblock[django]==1.6.2
# via
# -r requirements/test.txt
# xblock-sdk
# xblock-utils
-xblock-sdk==0.5.1
+xblock-sdk==0.5.4
# via -r requirements/test.txt
xblock-utils==3.0.0
# via -r requirements/test.txt
-zipp==3.11.0
+zipp==3.12.0
# via
# -r requirements/test.txt
# importlib-metadata
diff --git a/requirements/common_constraints.txt b/requirements/common_constraints.txt
index b5f17153092fb6f873bbe788b4585fa29958097b..7e39123ff0454af3263ee2387b97c5e3f1769cc5 100644
--- a/requirements/common_constraints.txt
+++ b/requirements/common_constraints.txt
@@ -19,10 +19,6 @@ Django<4.0
# elastic search changelog: https://www.elastic.co/guide/en/enterprise-search/master/release-notes-7.14.0.html
elasticsearch<7.14.0
-# setuptools==60.0 had breaking changes and busted several service's pipeline.
-# Details can be found here: https://github.com/pypa/setuptools/issues/2940
-setuptools<60
-
# django-simple-history>3.0.0 adds indexing and causes a lot of migrations to be affected
django-simple-history==3.0.0
diff --git a/requirements/dev.txt b/requirements/dev.txt
index 926a781aff9ca93308f7fc93a8bc1c5ae5fe879d..2357f189171504198d23af0b5cb4947868908c59 100644
--- a/requirements/dev.txt
+++ b/requirements/dev.txt
@@ -14,7 +14,7 @@ asgiref==3.6.0
# django
attrs==22.2.0
# via -r requirements/base.txt
-bleach==5.0.1
+bleach==6.0.0
# via -r requirements/base.txt
certifi==2022.12.7
# via
@@ -91,7 +91,7 @@ mako==1.2.4
# via
# -r requirements/base.txt
# xblock-utils
-markupsafe==2.1.1
+markupsafe==2.1.2
# via
# -r requirements/base.txt
# mako
@@ -102,7 +102,7 @@ newrelic==8.5.0
# edx-django-utils
oauthlib==3.2.2
# via -r requirements/base.txt
-openedx-filters==0.8.0
+openedx-filters==1.0.0
# via -r requirements/base.txt
path==16.6.0
# via edx-i18n-tools
@@ -120,7 +120,7 @@ pycparser==2.21
# via
# -r requirements/base.txt
# cffi
-pycryptodomex==3.16.0
+pycryptodomex==3.17
# via
# -r requirements/base.txt
# pyjwkest
@@ -190,7 +190,7 @@ webob==1.8.7
# via
# -r requirements/base.txt
# xblock
-xblock==1.6.1
+xblock==1.6.2
# via
# -r requirements/base.txt
# xblock-utils
diff --git a/requirements/pip.txt b/requirements/pip.txt
index 2602215f734990238c8de66ff385e8bfea56124a..090e71cc5d5769dd6a6dab8ffe74016c495bd221 100644
--- a/requirements/pip.txt
+++ b/requirements/pip.txt
@@ -6,9 +6,7 @@
#
pip==22.3.1
# via -r requirements/pip.in
-setuptools==59.8.0
- # via
- # -c requirements/common_constraints.txt
- # -r requirements/pip.in
+setuptools==67.0.0
+ # via -r requirements/pip.in
wheel==0.38.4
# via -r requirements/pip.in
diff --git a/requirements/quality.txt b/requirements/quality.txt
index 0cfcbc8509a103f197ed92e97241c6d63b03db28..e2ad5503f86d90baad53754d76469aec8a476341 100644
--- a/requirements/quality.txt
+++ b/requirements/quality.txt
@@ -14,7 +14,7 @@ asgiref==3.6.0
# via
# -r requirements/base.txt
# django
-astroid==2.13.2
+astroid==2.13.3
# via
# pylint
# pylint-celery
@@ -22,13 +22,13 @@ attrs==22.2.0
# via -r requirements/base.txt
binaryornot==0.4.4
# via cookiecutter
-bleach==5.0.1
+bleach==6.0.0
# via -r requirements/base.txt
boto==2.49.0
# via xblock-sdk
-boto3==1.26.50
+boto3==1.26.59
# via fs-s3fs
-botocore==1.29.50
+botocore==1.29.59
# via
# boto3
# s3transfer
@@ -71,10 +71,10 @@ django==3.2.16
# django-config-models
# django-crum
# django-filter
- # django-pyfs
# djangorestframework
# edx-django-utils
# jsonfield
+ # openedx-django-pyfs
# openedx-filters
# xblock-sdk
django-config-models==2.3.0
@@ -85,8 +85,6 @@ django-crum==0.7.9
# edx-django-utils
django-filter==22.1
# via -r requirements/base.txt
-django-pyfs==3.2.0
- # via xblock-sdk
django-waffle==3.0.0
# via
# -r requirements/base.txt
@@ -106,12 +104,12 @@ edx-opaque-keys[django]==2.3.0
fs==2.4.16
# via
# -r requirements/base.txt
- # django-pyfs
# fs-s3fs
+ # openedx-django-pyfs
# xblock
fs-s3fs==1.1.1
# via
- # django-pyfs
+ # openedx-django-pyfs
# xblock-sdk
future==0.18.3
# via
@@ -121,7 +119,7 @@ idna==3.4
# via
# -r requirements/base.txt
# requests
-isort==5.11.4
+isort==5.12.0
# via pylint
jinja2==3.1.2
# via
@@ -139,7 +137,7 @@ jsonfield==3.1.0
lazy==1.5
# via
# -r requirements/base.txt
- # xblock-sdk
+ # xblock
lazy-object-proxy==1.9.0
# via astroid
lxml==4.9.2
@@ -151,7 +149,7 @@ mako==1.2.4
# via
# -r requirements/base.txt
# xblock-utils
-markupsafe==2.1.1
+markupsafe==2.1.2
# via
# -r requirements/base.txt
# jinja2
@@ -165,7 +163,9 @@ newrelic==8.5.0
# edx-django-utils
oauthlib==3.2.2
# via -r requirements/base.txt
-openedx-filters==0.8.0
+openedx-django-pyfs==3.2.1
+ # via xblock
+openedx-filters==1.0.0
# via -r requirements/base.txt
pbr==5.11.1
# via
@@ -183,7 +183,7 @@ pycparser==2.21
# via
# -r requirements/base.txt
# cffi
-pycryptodomex==3.16.0
+pycryptodomex==3.17
# via
# -r requirements/base.txt
# pyjwkest
@@ -220,7 +220,7 @@ python-dateutil==2.8.2
# arrow
# botocore
# xblock
-python-slugify==7.0.0
+python-slugify==8.0.0
# via
# code-annotations
# cookiecutter
@@ -300,12 +300,12 @@ webob==1.8.7
# xblock-sdk
wrapt==1.14.1
# via astroid
-xblock==1.6.1
+xblock[django]==1.6.2
# via
# -r requirements/base.txt
# xblock-sdk
# xblock-utils
-xblock-sdk==0.5.1
+xblock-sdk==0.5.4
# via -r requirements/quality.in
xblock-utils==3.0.0
# via -r requirements/base.txt
diff --git a/requirements/test.txt b/requirements/test.txt
index bd8733a6725d6feb65e3a13f93ec944c426c80ff..a81b9f83371cea105108cac382eab5421cbf75dc 100644
--- a/requirements/test.txt
+++ b/requirements/test.txt
@@ -14,7 +14,7 @@ asgiref==3.6.0
# via
# -r requirements/base.txt
# django
-astroid==2.13.2
+astroid==2.13.3
# via
# pylint
# pylint-celery
@@ -22,15 +22,15 @@ attrs==22.2.0
# via -r requirements/base.txt
binaryornot==0.4.4
# via cookiecutter
-bleach==5.0.1
+bleach==6.0.0
# via
# -r requirements/base.txt
# readme-renderer
boto==2.49.0
# via xblock-sdk
-boto3==1.26.50
+boto3==1.26.59
# via fs-s3fs
-botocore==1.29.50
+botocore==1.29.59
# via
# boto3
# s3transfer
@@ -61,8 +61,6 @@ click-log==0.4.0
# via edx-lint
code-annotations==1.3.0
# via edx-lint
-commonmark==0.9.1
- # via rich
cookiecutter==2.1.1
# via xblock-sdk
coverage==6.5.0
@@ -85,6 +83,7 @@ dill==0.3.6
# djangorestframework
# edx-django-utils
# jsonfield
+ # openedx-django-pyfs
# openedx-filters
# xblock-sdk
django-config-models==2.3.0
@@ -96,9 +95,7 @@ django-crum==0.7.9
django-filter==22.1
# via -r requirements/base.txt
django-pyfs==3.2.0
- # via
- # -r requirements/test.in
- # xblock-sdk
+ # via -r requirements/test.in
django-waffle==3.0.0
# via
# -r requirements/base.txt
@@ -125,10 +122,12 @@ fs==2.4.16
# -r requirements/base.txt
# django-pyfs
# fs-s3fs
+ # openedx-django-pyfs
# xblock
fs-s3fs==1.1.1
# via
# django-pyfs
+ # openedx-django-pyfs
# xblock-sdk
future==0.18.3
# via
@@ -144,7 +143,7 @@ importlib-metadata==6.0.0
# twine
importlib-resources==5.10.2
# via keyring
-isort==5.11.4
+isort==5.12.0
# via pylint
jaraco-classes==3.2.3
# via keyring
@@ -170,7 +169,7 @@ keyring==23.13.1
lazy==1.5
# via
# -r requirements/base.txt
- # xblock-sdk
+ # xblock
lazy-object-proxy==1.9.0
# via astroid
lxml==4.9.2
@@ -182,7 +181,9 @@ mako==1.2.4
# via
# -r requirements/base.txt
# xblock-utils
-markupsafe==2.1.1
+markdown-it-py==2.1.0
+ # via rich
+markupsafe==2.1.2
# via
# -r requirements/base.txt
# jinja2
@@ -190,6 +191,8 @@ markupsafe==2.1.1
# xblock
mccabe==0.7.0
# via pylint
+mdurl==0.1.2
+ # via markdown-it-py
mock==5.0.1
# via -r requirements/test.in
more-itertools==9.0.0
@@ -200,7 +203,9 @@ newrelic==8.5.0
# edx-django-utils
oauthlib==3.2.2
# via -r requirements/base.txt
-openedx-filters==0.8.0
+openedx-django-pyfs==3.2.1
+ # via xblock
+openedx-filters==1.0.0
# via -r requirements/base.txt
pbr==5.11.1
# via
@@ -220,7 +225,7 @@ pycparser==2.21
# via
# -r requirements/base.txt
# cffi
-pycryptodomex==3.16.0
+pycryptodomex==3.17
# via
# -r requirements/base.txt
# pyjwkest
@@ -260,7 +265,7 @@ python-dateutil==2.8.2
# arrow
# botocore
# xblock
-python-slugify==7.0.0
+python-slugify==8.0.0
# via
# code-annotations
# cookiecutter
@@ -293,7 +298,7 @@ requests-toolbelt==0.10.1
# via twine
rfc3986==2.0.0
# via twine
-rich==13.1.0
+rich==13.3.1
# via twine
s3transfer==0.6.0
# via boto3
@@ -359,16 +364,16 @@ webob==1.8.7
# xblock-sdk
wrapt==1.14.1
# via astroid
-xblock==1.6.1
+xblock[django]==1.6.2
# via
# -r requirements/base.txt
# xblock-sdk
# xblock-utils
-xblock-sdk==0.5.1
+xblock-sdk==0.5.4
# via -r requirements/test.in
xblock-utils==3.0.0
# via -r requirements/base.txt
-zipp==3.11.0
+zipp==3.12.0
# via
# importlib-metadata
# importlib-resources