* Babel 2.15.0 will require Python 3.8 or newer. (:gh:`1048`)
Features
* CLDR: Upgrade to CLDR 44 (:gh:`1071`) (@akx)
* Dates: Support for the "fall back to short format" logic for time delta formatting (:gh:`1075`) (@akx)
* Message: More versatile .po IO functions (:gh:`1068`) (@akx)
* Numbers: Improved support for alternate spaces when parsing numbers (:gh:`1007`) (@ronnix's first contribution)
Infrastructure
Upgrade GitHub Actions (:gh:1054) (@cclauss's first contribution)
The Unicode license is now included in locale-data and in the documentation (:gh:1074) (@akx)
This is the Jinja 3.1.4 security release, which fixes security issues and bugs but does not otherwise change behavior and should not result in breaking changes.
The xmlattr filter does not allow keys with / solidus, > greater-than sign, or = equals sign, in addition to disallowing spaces. Regardless of any validation done by Jinja, user input should never be used as keys to this filter, or must be separately validated first. GHSA-h75v-3vvj-5mfj
3.1.3
This is a fix release for the 3.1.x feature branch.
Fix for GHSA-h5c8-rqwp-cp95. You are affected if you are using xmlattr and passing user input as attribute keys.
The xmlattr filter does not allow keys with / solidus, >
greater-than sign, or = equals sign, in addition to disallowing spaces.
Regardless of any validation done by Jinja, user input should never be used
as keys to this filter, or must be separately validated first.
:ghsa:h75v-3vvj-5mfj
Version 3.1.3
Released 2024-01-10
Fix compiler error when checking if required blocks in parent templates are
empty. :pr:1858
xmlattr filter does not allow keys with spaces. :ghsa:h5c8-rqwp-cp95
Make error messages stemming from invalid nesting of {% trans %} blocks
more helpful. :pr:1918
All postprocessors are now run on heading content.
Footnote references are now stripped from heading content. Fixes #660.
A more robust striptags is provided to convert headings to plain text.
Unlike, the markupsafe implementation, HTML entities are not unescaped.
The plain text name, rich html, and unescaped raw data-toc-label are
saved to toc_tokens, allowing users to access the full rich text content of
the headings directly from toc_tokens.
The value of data-toc-label is sanitized separate from heading content
before being written to name. This fixes a bug which allowed markup through
in certain circumstances. To access the raw unsanitized data, retrieve the
value from token['data-toc-label'] directly.
An html.unescape call is made just prior to calling slugify so that
slugify only operates on Unicode characters. Note that html.unescape is
not run on name, html, or data-toc-label.
The functions get_name and stashedHTML2text defined in the toc extension
are both deprecated. Instead, third party extensions should use some
combination of the new functions run_postprocessors, render_inner_html and
striptags.
Fixed
Include scripts/*.py in the generated source tarballs (#1430).
Ensure lines after heading in loose list are properly detabbed (#1443).
Give smarty tree processor higher priority than toc (#1440).
Permit carets (^) and square brackets (]) but explicitly exclude
backslashes (\) from abbreviations (#1444).
In attribute lists (attr_list, fenced_code), quoted attribute values are
now allowed to contain curly braces (}) (#1414).
Release 3.5.2
Fixed
Fix type annotations for convertFile - it accepts only bytes-based buffers.
Also remove legacy checks from Python 2 (#1400)
Remove legacy import needed only in Python 2 (#1403)
Fix typo that left the attribute AdmonitionProcessor.content_indent unset
(#1404)
Fix edge-case crash in InlineProcessor with AtomicString (#1406).
Fix edge-case crash in codehilite with an empty code tag (#1405).
Improve and expand type annotations in the code base (#1401).
All postprocessors are now run on heading content.
Footnote references are now stripped from heading content. Fixes #660.
A more robust striptags is provided to convert headings to plain text.
Unlike, the markupsafe implementation, HTML entities are not unescaped.
The plain text name, rich html, and unescaped raw data-toc-label are
saved to toc_tokens, allowing users to access the full rich text content of
the headings directly from toc_tokens.
The value of data-toc-label is sanitized separate from heading content
before being written to name. This fixes a bug which allowed markup through
in certain circumstances. To access the raw unsanitized data, retrieve the
value from token['data-toc-label'] directly.
An html.unescape call is made just prior to calling slugify so that
slugify only operates on Unicode characters. Note that html.unescape is
not run on name, html, or data-toc-label.
The functions get_name and stashedHTML2text defined in the toc extension
are both deprecated. Instead, third party extensions should use some
combination of the new functions run_postprocessors, render_inner_html and
striptags.
Fixed
Include scripts/*.py in the generated source tarballs (#1430).
Ensure lines after heading in loose list are properly detabbed (#1443).
Give smarty tree processor higher priority than toc (#1440).
Permit carets (^) and square brackets (]) but explicitly exclude
backslashes (\) from abbreviations (#1444).
In attribute lists (attr_list, fenced_code), quoted attribute values are
now allowed to contain curly braces (}) (#1414).
[3.5.2] -- 2024-01-10
Fixed
Fix type annotations for convertFile - it accepts only bytes-based buffers.
Also remove legacy checks from Python 2 (#1400)
Remove legacy import needed only in Python 2 (#1403)
Fix typo that left the attribute AdmonitionProcessor.content_indent unset
(#1404)
Fix edge-case crash in InlineProcessor with AtomicString (#1406).
Fix edge-case crash in codehilite with an empty code tag (#1405).
Improve and expand type annotations in the code base (#1401).
This is a fix release for the 2.1.x feature release branch. It fixes bugs but does not otherwise change behavior and should not result in breaking changes.
Fixes a regression in striptags behavior from 2.14. Spaces are now collapsed correctly.
This is a fix release for the 2.1.x feature release branch. It fixes bugs but does not otherwise change behavior and should not result in breaking changes.
Improves performance of the Markup.striptags method for large input.
👌 Add option for footnotes references to always be matched
Usually footnote references are only matched when a footnote definition of the same label has already been found. If always_match_refs=True, any [^...] syntax will be treated as a footnote.
Bumps the llvm-docs-requirements group in /llvm/docs with 21 updates:
7.2.6
7.3.7
0.20.1
0.21.2
2024.1.29
2024.5.6
2.0.0
3.0.1
0.7.13
0.7.16
2.14.0
2.15.0
4.12.2
4.12.3
2023.11.17
2024.7.4
3.6
3.7
3.1.2
3.1.4
3.5.1
3.6
2.1.3
2.1.5
0.4.0
0.4.1
23.2
24.1
2.17.2
2.18.0
2.31.0
2.32.3
1.0.5
1.0.6
2.0.4
2.0.5
1.0.6
1.0.7
1.1.9
1.1.10
2.1.0
2.2.2
Updates
sphinx
from 7.2.6 to 7.3.7Release notes
Sourced from sphinx's releases.
Changelog
Sourced from sphinx's changelog.
... (truncated)
Commits
de4ac2f
Bump to 7.3.7 final4a0c9dd
Return the default value for unsupported theme configuration sections62c3bad
Re-exportpy_sig_re
from the Python domain3bcc669
Defer loading entry-point themes until neededfa4563f
Bump version630b4fb
Bump to 7.3.6 final740b964
fixup! Elaborate a little more in the warning message forconfig.cache
141f3ec
Elaborate a little more in the warning message forconfig.cache
af27188
Addconfig.cache
to the list of warning typesbe2b083
Re-export more names insphinx.domains.python
(#12297)Updates
docutils
from 0.20.1 to 0.21.2Updates
furo
from 2024.1.29 to 2024.5.6Changelog
Sourced from furo's changelog.
... (truncated)
Commits
b087e93
Prepare release: 2024.05.06169c63d
Update the changelogb7ec84d
Drop discussion of Sphinx'sbasic
theme2cd4d4a
Demote the note about inherited frombasic
configuration983d6c3
Tweak the colours for APIversionmodified
information1ffbf76
Add release information to various customisation knobs2c386b9
Use the appropriate Sphinx directive instead of weird textec8815a
Add (back?) support for RtD context inference on top of page buttons1b4cf89
Bump the npm group with 5 updates (#793)ce8fb10
Bump the github-actions group with 3 updates (#792)Updates
myst-parser
from 2.0.0 to 3.0.1Release notes
Sourced from myst-parser's releases.
... (truncated)
Changelog
Sourced from myst-parser's changelog.
Commits
3d84ff8
🚀 Release v3.0.1 (#926)790a926
🐛 FIX: allow indented option block (#925)446feba
🐛 FIX empty value for final directive option (#924)c9579c4
📚 Update live preview (#921)1b44e06
🚀 Release v3.0.0 (#920)5ad2d6d
🔧 More improvements for directive option parsing (#919)8614eca
📚 Update theme version (#918)5416b9f
🔧 Update mypy to use sphinx v7.3 (#917)167c902
⬆️ Update docutils requirement from >=0.16,<0.21 to >=0.18,<0.22 (#916)c00ef09
📚 Fix architecture typo (#855) (#910)Updates
alabaster
from 0.7.13 to 0.7.16Release notes
Sourced from alabaster's releases.
Changelog
Sourced from alabaster's changelog.
Commits
f3fdc04
Bump to 0.7.1639cbbc1
Do not display logo_name == 'false'd24c4cb
Bump to 0.7.1556f12de
Include documentation in the sdist2d8d038
Adorn the LICENSE file with a suffixa31816c
Remove obscenities (#173)166d6e7
Replace © with unicode decimal code entity (#161)b9e8d79
Deprecate canonical_url in favor of html_baseurl (#178)848e718
Allow an arbitrary string in the logo_name option (#213)6922a16
Improve sidebar stylesUpdates
babel
from 2.14.0 to 2.15.0Release notes
Sourced from babel's releases.
Changelog
Sourced from babel's changelog.
Commits
40b194f
Prepare for 2.15.0 release (#1079)c2e6c6e
Encode support for the "fall back to short format" logic for time delta forma...1a03526
Include Unicode license inlocale-data
and in documentation (#1074)c0fb56e
Allow alternative space characters as group separator when parsing numbers (#...fe82fbc
Use CLDR 44 and adjust tests to match new data (#1071)e0d1018
Improve .po IO (#1068)40e60a1
Upgrade GitHub Actions (#1054)2a1709a
Drop support for Python 3.7 (EOL since June 2023) (#1048)Updates
beautifulsoup4
from 4.12.2 to 4.12.3Updates
certifi
from 2023.11.17 to 2024.7.4Commits
bd81538
2024.07.04 (#295)06a2cbf
Bump peter-evans/create-pull-request from 6.0.5 to 6.1.0 (#294)13bba02
Bump actions/checkout from 4.1.6 to 4.1.7 (#293)e8abcd0
Bump pypa/gh-action-pypi-publish from 1.8.14 to 1.9.0 (#292)124f4ad
2024.06.02 (#291)c2196ce
--- (#290)fefdeec
Bump actions/checkout from 4.1.4 to 4.1.5 (#289)3c5fb15
Bump actions/download-artifact from 4.1.6 to 4.1.7 (#286)4a9569a
Bump actions/checkout from 4.1.2 to 4.1.4 (#287)1fc8086
Bump peter-evans/create-pull-request from 6.0.4 to 6.0.5 (#288)Updates
idna
from 3.6 to 3.7Release notes
Sourced from idna's releases.
Changelog
Sourced from idna's changelog.
Commits
1d365e1
Release v3.7c1b3154
Merge pull request #172 from kjd/optimize-contextj0394ec7
Merge branch 'master' into optimize-contextjcd58a23
Merge pull request #152 from elliotwutingfeng/dev5beb28b
More efficient resolution of joiner contexts1b12148
Update ossf/scorecard-action to v2.3.1d516b87
Update Github actions/checkout to v4c095c75
Merge branch 'master' into dev60a0a4c
Fix typo in GitHub Actions workflow key5918a0e
Merge branch 'master' into devUpdates
jinja2
from 3.1.2 to 3.1.4Release notes
Sourced from jinja2's releases.
Changelog
Sourced from jinja2's changelog.
Commits
dd4a8b5
release version 3.1.40668239
Merge pull request from GHSA-h75v-3vvj-5mfjd655030
disallow invalid characters in keys to xmlattr filtera7863ba
add ghsa linksb5c98e7
start version 3.1.4da3a9f0
update project files (#1968)0ee5eb4
satisfy formatter, linter, and strict mypy20477c6
update project files (#5457)e491223
update pyyaml dev dependency36f9885
fix pr linkUpdates
markdown
from 3.5.1 to 3.6Release notes
Sourced from markdown's releases.
Changelog
Sourced from markdown's changelog.
Commits
e524b8f
Bump version to 3.63d8afc6
Allow attr_list quoted values to contain curly braces9edba85
Refactor abbr escapinge4ab4a6
Refactor TOC sanitationa18765c
Explicitly omit carot and backslash from abbr421f1e8
Give smarty tree processor higher priority than tocc334a3e
Ensure lines after heading in loose list are properly detabbedea92856
Update the license template so GitHub can detect ita2effd6
Disable mkdocstrings show_symbol_type_toc option to work around searching iss...91f9a12
Restore Attribute symbol type in mkdocstrings templateUpdates
markupsafe
from 2.1.3 to 2.1.5Release notes
Sourced from markupsafe's releases.
Changelog
Sourced from markupsafe's changelog.
Commits
fbba4ac
release version 2.1.5c5fa23b
update publish actions60a6512
striptags collapses spaces correctly (#418)0b6bee0
collapse spaces after stripping tags73e6a48
start version 2.1.5d704bf4
use pip-compile, dependabot updates (#419)1f82932
use pip-compile, dependabot updates25a640f
release version 2.1.4 (#414)b7cd652
release version 2.1.43bead8e
update cibuildwheel for 3.12 wheelsUpdates
mdit-py-plugins
from 0.4.0 to 0.4.1Release notes
Sourced from mdit-py-plugins's releases.
Changelog
Sourced from mdit-py-plugins's changelog.
Commits
d11bdaf
🚀 Release v0.4.1 (#110)aa1f557
🧪 Test against 3.12 (#109)33c27e0
👌 Add option for footnotes references to always be matched (#108)7762458
🔧 Use ruff-format (#107)950908b
[pre-commit.ci] pre-commit autoupdate (#100)This pull request was built based on a group rule. Closing it will not ignore any of these versions in future pull requests.
To ignore these dependencies, configure ignore rules in dependabot.yml