Bleach

--------------------------------

**Backwards incompatible changes**

* Drop support for unsupported Python versions <3.6. (520)

**Security fixes**

None

**Features**

* fix attribute name in the linkify docs (thanks CheesyFeet!)

-------------------------------

**Security fixes**

None

**Features**

* add more tests for CVE-2021-23980 / GHSA-vv2x-vrpj-qqpq
* bump python version to 3.8 for tox doc, vendorverify, and lint targets
* update bug report template tag
* update vendorverify script to detect and fail when extra files are vendored
* update release process docs to check vendorverify passes locally

**Bug fixes**

* remove extra vendored django present in the v3.3.0 whl (595)
* duplicate h1 header doc fix (thanks Nguyễn Gia Phong / McSinyx!)

----------------------------------

**Backwards incompatible changes**

* clean escapes HTML comments even when strip_comments=False

**Security fixes**

* Fix bug 1621692 / GHSA-m6xf-fq7q-8743. See the advisory for details.

**Features**

None

**Bug fixes**

None

----------------------------------

**Security fixes**

None

**Features**

None

**Bug fixes**

* fix clean and linkify raising ValueErrors for certain inputs. Thank you Google-Autofuzz.

----------------------------------

**Security fixes**

None

**Features**

* Migrate CI to Github Actions. Thank you hugovk.

**Bug fixes**

* fix linkify raising an IndexError on certain inputs. Thank you Google-Autofuzz.

------------------------------------

**Security fixes**

None

**Features**

None

**Bug fixes**

* change linkifier to add rel="nofollow" as documented. Thank you mitar.
* suppress html5lib sanitizer DeprecationWarnings (557)