From abf2986299bd22d2f17370509a3177b362059eac Mon Sep 17 00:00:00 2001
From: Gateway <519563+gateway@users.noreply.github.com>
Date: Wed, 24 Jun 2026 23:32:48 -0700
Subject: [PATCH] build(deps): update Bleach sanitizer security fix (#37860)

---
 api/pyproject.toml | 2 +-
 api/uv.lock        | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/api/pyproject.toml b/api/pyproject.toml
index 4050944d573..e6a214fe700 100644
--- a/api/pyproject.toml
+++ b/api/pyproject.toml
@@ -5,7 +5,7 @@ requires-python = "~=3.12.0"
 
 dependencies = [
     # Legacy: mature and widely deployed
-    "bleach>=6.3.0,<7.0.0",
+    "bleach>=6.4.0,<7.0.0",
     "boto3>=1.43.24,<2.0.0",
     "celery>=5.6.3,<6.0.0",
     "croniter>=6.2.2,<7.0.0",
diff --git a/api/uv.lock b/api/uv.lock
index 097b38d3388..f1b1e2af01e 100644
--- a/api/uv.lock
+++ b/api/uv.lock
@@ -1619,7 +1619,7 @@ vdb-xinference = [
 requires-dist = [
     { name = "aliyun-log-python-sdk", specifier = "==0.9.44" },
     { name = "azure-identity", specifier = ">=1.25.3,<2.0.0" },
-    { name = "bleach", specifier = ">=6.3.0,<7.0.0" },
+    { name = "bleach", specifier = ">=6.4.0,<7.0.0" },
     { name = "boto3", specifier = ">=1.43.24,<2.0.0" },
     { name = "celery", specifier = ">=5.6.3,<6.0.0" },
     { name = "croniter", specifier = ">=6.2.2,<7.0.0" },