Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We鈥檒l occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Bump the pip group across 1 directory with 4 updates #5

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

Bump the pip group across 1 directory with 4 updates #5

wants to merge 1 commit into from

Conversation

dependabot[bot]
Copy link

@dependabot dependabot bot commented on behalf of github May 6, 2024

Bumps the pip group with 4 updates in the /docs directory: jinja2, pymdown-extensions, pyyaml and tornado.

Updates jinja2 from 2.10.3 to 3.1.4

Release notes

Sourced from jinja2's releases.

3.1.4

This is the Jinja 3.1.4 security release, which fixes security issues and bugs but does not otherwise change behavior and should not result in breaking changes.

PyPI: https://pypi.org/project/Jinja2/3.1.4/ Changes: https://jinja.palletsprojects.com/en/3.1.x/changes/#version-3-1-4

  • The xmlattr filter does not allow keys with / solidus, > greater-than sign, or = equals sign, in addition to disallowing spaces. Regardless of any validation done by Jinja, user input should never be used as keys to this filter, or must be separately validated first. GHSA-h75v-3vvj-5mfj

3.1.3

This is a fix release for the 3.1.x feature branch.

3.1.2

This is a fix release for the 3.1.0 feature release.

3.1.1

3.1.0

This is a feature release, which includes new features and removes previously deprecated features. The 3.1.x branch is now the supported bugfix branch, the 3.0.x branch has become a tag marking the end of support for that branch. We encourage everyone to upgrade, and to use a tool such as pip-tools to pin all dependencies and control upgrades. We also encourage upgrading to MarkupSafe 2.1.1, the latest version at this time.

3.0.3

3.0.2

3.0.1

3.0.0

New major versions of all the core Pallets libraries, including Jinja 3.0, have been released! 馃帀

This represents a significant amount of work, and there are quite a few changes. Be sure to carefully read the changelog, and use tools such as pip-compile and Dependabot to pin your dependencies and control your updates.

... (truncated)

Changelog

Sourced from jinja2's changelog.

Version 3.1.4

Released 2024-05-05

  • The xmlattr filter does not allow keys with / solidus, > greater-than sign, or = equals sign, in addition to disallowing spaces. Regardless of any validation done by Jinja, user input should never be used as keys to this filter, or must be separately validated first. :ghsa:h75v-3vvj-5mfj

Version 3.1.3

Released 2024-01-10

  • Fix compiler error when checking if required blocks in parent templates are empty. :pr:1858
  • xmlattr filter does not allow keys with spaces. :ghsa:h5c8-rqwp-cp95
  • Make error messages stemming from invalid nesting of {% trans %} blocks more helpful. :pr:1918

Version 3.1.2

Released 2022-04-28

  • Add parameters to Environment.overlay to match __init__. :issue:1645
  • Handle race condition in FileSystemBytecodeCache. :issue:1654

Version 3.1.1

Released 2022-03-25

  • The template filename on Windows uses the primary path separator. :issue:1637

Version 3.1.0

Released 2022-03-24

  • Drop support for Python 3.6. :pr:1534
  • Remove previously deprecated code. :pr:1544

... (truncated)

Commits

Updates pymdown-extensions from 6.1 to 10.0

Release notes

Sourced from pymdown-extensions's releases.

10.0

  • Break: Snippets: snippets will restrict snippets to ensure they are under the base_path preventing snippets relative to the base_path but not explicitly under it. restrict_base_path can be set to False for legacy behavior.

9.11

  • NEW: Emoji: Update to new CDN and use Twemoji 14.1.2.
  • NEW: Snippets: Ignore nested snippet section syntax when including a section.

9.10

  • NEW: Blocks: Add new experimental general purpose blocks that provide a framework for creating fenced block containers for specialized parsing. A number of extensions utilizing general purpose blocks are included and are meant to be an alternative to (and maybe one day replace): Admonitions, Details, Definition Lists, and Tabbed. Also adds a new HTML plugin for quick wrapping of content with arbitrary HTML elements.
  • NEW: Highlight: When enabling line spans and/or line anchors, if a code block has an ID associated with it, line ids will be generated using that code ID instead of the code block count.
  • NEW: Snippets: Expand section syntax to allow section names with - and _.
  • NEW: Snippets: When check_paths is enabled, and a specified section is not found, raise an error.
  • NEW: Snippets: Add new experimental feature dedent_sections that will de-indent (remove any common leading whitespace from every line in text) from that block of text.
  • NEW: MagicLink: Update GitLab links to match recent changes and to be more correct.
  • NEW: MagicLink: Relax required hash length when performing link shortening.

9.10b5

  • NEW: Blocks: Add type_multi and type_none validators.
  • NEW: Blocks: Rename on_parse to on_validate and pass in parent element as context for validation.
  • NEW: Blocks: When a block uses raw mode, allow content to be indented to avoid conflicts with HTML parser. raw blocks should be indented and are now documented as such. The results will be dedented up to Python Markdown's tab length, so intentional indentation is still possible. raw blocks with no indentation will still work, but may have conflicts with other extensions.
  • FIX: Blocks: Commenting out all YAML options will not cause a block to invalidate.

9.10b4

  • NEW: Blocks: Add on_inline_end event.

9.10b3

  • NEW: Blocks: Ensure inline mode is handled properly.
  • NEW: Blocks: When using raw mode, ensure HTML stashed content is extracted.
  • NEW: HTML: The Blocks HTML extension should use inline specifier instead of span.

9.10b2

  • NEW: Blocks: Add new experimental general purpose blocks that provide a framework for creating fenced block containers for specialized parsing. A number of extensions utilizing general purpose blocks are included and are meant

... (truncated)

Commits

Updates pyyaml from 5.1.2 to 5.4

Changelog

Sourced from pyyaml's changelog.

5.4 (2021-01-19)

5.3.1 (2020-03-18)

  • yaml/pyyaml#386 -- Prevents arbitrary code execution during python/object/new constructor

5.3 (2020-01-06)

5.2 (2019-12-02)

  • Repair incompatibilities introduced with 5.1. The default Loader was changed, but several methods like add_constructor still used the old default yaml/pyyaml#279 -- A more flexible fix for custom tag constructors yaml/pyyaml#287 -- Change default loader for yaml.add_constructor yaml/pyyaml#305 -- Change default loader for add_implicit_resolver, add_path_resolver
  • Make FullLoader safer by removing python/object/apply from the default FullLoader yaml/pyyaml#347 -- Move constructor for object/apply to UnsafeConstructor
  • Fix bug introduced in 5.1 where quoting went wrong on systems with sys.maxunicode <= 0xffff yaml/pyyaml#276 -- Fix logic for quoting special characters
  • Other PRs: yaml/pyyaml#280 -- Update CHANGES for 5.1
Commits
  • 58d0cb7 5.4 release
  • a60f7a1 Fix compatibility with Jython
  • ee98abd Run CI on PR base branch changes
  • ddf2033 constructor.timezone: _copy & deepcopy
  • fc914d5 Avoid repeatedly appending to yaml_implicit_resolvers
  • a001f27 Fix for CVE-2020-14343
  • fe15062 Add 3.9 to appveyor file for completeness sake
  • 1e1c7fb Add a newline character to end of pyproject.toml
  • 0b6b7d6 Start sentences and phrases for capital letters
  • c976915 Shell code improvements
  • Additional commits viewable in compare view

Updates tornado from 5.1.1 to 6.3.3

Changelog

Sourced from tornado's changelog.

Release notes

.. toctree:: :maxdepth: 2

releases/v6.4.0 releases/v6.3.3 releases/v6.3.2 releases/v6.3.1 releases/v6.3.0 releases/v6.2.0 releases/v6.1.0 releases/v6.0.4 releases/v6.0.3 releases/v6.0.2 releases/v6.0.1 releases/v6.0.0 releases/v5.1.1 releases/v5.1.0 releases/v5.0.2 releases/v5.0.1 releases/v5.0.0 releases/v4.5.3 releases/v4.5.2 releases/v4.5.1 releases/v4.5.0 releases/v4.4.3 releases/v4.4.2 releases/v4.4.1 releases/v4.4.0 releases/v4.3.0 releases/v4.2.1 releases/v4.2.0 releases/v4.1.0 releases/v4.0.2 releases/v4.0.1 releases/v4.0.0 releases/v3.2.2 releases/v3.2.1 releases/v3.2.0 releases/v3.1.1 releases/v3.1.0 releases/v3.0.2 releases/v3.0.1 releases/v3.0.0 releases/v2.4.1 releases/v2.4.0 releases/v2.3.0 releases/v2.2.1

... (truncated)

Commits
  • e4d6984 Merge pull request #3307 from bdarnell/branch6.3
  • 6a9e6fb ci: Don't test py312 in branch6.3
  • 5c8a9a4 Set version to 6.3.3
  • 7dfe8b5 httpserver_test: Add ExpectLog to fix CI
  • 217295b http1connection: Make content-length parsing more strict
  • e3aa6c5 Merge pull request #3267 from bdarnell/branch6.3
  • 34f5c1c Version 6.3.2
  • 32ad07c web: Fix an open redirect in StaticFileHandler
  • e0fa53e Merge pull request #3257 from bdarnell/build-workflow-wstest-warning
  • f5a1d5c ci: Only run pypi actions from the main repo
  • Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions
    You can disable automated security fix PRs for this repo from the Security Alerts page.

@dependabot
Bump the pip group across 1 directory with 4 updates
55327a2 
Bumps the pip group with 4 updates in the /docs directory: [jinja2](https://github.com/pallets/jinja), [pymdown-extensions](https://github.com/facelessuser/pymdown-extensions), [pyyaml](https://github.com/yaml/pyyaml) and [tornado](https://github.com/tornadoweb/tornado).


Updates `jinja2` from 2.10.3 to 3.1.4
- [Release notes](https://github.com/pallets/jinja/releases)
- [Changelog](https://github.com/pallets/jinja/blob/main/CHANGES.rst)
- [Commits](pallets/jinja@2.10.3...3.1.4)

Updates `pymdown-extensions` from 6.1 to 10.0
- [Release notes](https://github.com/facelessuser/pymdown-extensions/releases)
- [Commits](facelessuser/pymdown-extensions@6.1.0...10.0)

Updates `pyyaml` from 5.1.2 to 5.4
- [Changelog](https://github.com/yaml/pyyaml/blob/main/CHANGES)
- [Commits](yaml/pyyaml@5.1.2...5.4)

Updates `tornado` from 5.1.1 to 6.3.3
- [Changelog](https://github.com/tornadoweb/tornado/blob/master/docs/releases.rst)
- [Commits](tornadoweb/tornado@v5.1.1...v6.3.3)

---
updated-dependencies:
- dependency-name: jinja2
  dependency-type: direct:production
  dependency-group: pip
- dependency-name: pymdown-extensions
  dependency-type: direct:production
  dependency-group: pip
- dependency-name: pyyaml
  dependency-type: direct:production
  dependency-group: pip
- dependency-name: tornado
  dependency-type: direct:production
  dependency-group: pip
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file python Pull requests that update Python code labels May 6, 2024
@dependabot dependabot bot mentioned this pull request May 6, 2024
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
dependencies Pull requests that update a dependency file python Pull requests that update Python code
Projects
None yet
Milestone
No milestone
0 participants