There's a merged pull request on the void-packages repository

python3-bleach: update to 3.2.1
https://github.com/void-linux/void-packages/pull/26468

Description:
Fixes CVE-2020-6816

Synapse seemed to run fine with this version and also tested against another python package that uses this as a checkdepend and tests ran fine.