DeepPavlovAdmin / convai

394 stars 88 forks source link

Bump mistune from 0.7.4 to 0.8.1 in /2017/solutions/rllchatbot #82

Closed dependabot[bot] closed 2 years ago

dependabot[bot] commented 2 years ago

Bumps mistune from 0.7.4 to 0.8.1.

Changelog

Sourced from mistune's changelog.

Changelog

Here is the full history of mistune.

Version 0.8.1


Released on Nov. 07, 2017
  • Security fix CVE-2017-16876, thanks Dawid Czarnecki

Version 0.8


Released on Oct. 26, 2017

* Remove non breaking spaces preprocessing
* Remove rev and rel attribute for footnotes
* Fix bypassing XSS vulnerability by junorouse

This version is strongly recommended, since it fixed
a security issue.

Version 0.7.4
</code></pre>
<p>Released on Mar. 14, 2017</p>
<ul>
<li>Fix escape_link method by Marcos Ojeda</li>
<li>Handle block HTML with no content by David Baumgold</li>
<li>Use expandtabs for tab</li>
<li>Fix escape option for text renderer</li>
<li>Fix HTML attribute regex pattern</li>
</ul>
<p>Version 0.7.3</p>
<pre><code>
Released on Jun. 28, 2016

* Fix strikethrough regex
* Fix HTML attribute regex
* Fix close tag regex

Version 0.7.2
</code></pre>
<p>Released on Feb. 26, 2016</p>
<ul>
<li>Fix <code>hard_wrap</code> options on renderer.</li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>

<ul>
<li><a href="https://github.com/lepture/mistune/commit/cef69acaa506567595e95ab6ecea25a806de622e"><code>cef69ac</code></a> Add change log for v0.8.1</li>
<li><a href="https://github.com/lepture/mistune/commit/5f06d724bc05580e7f203db2d4a4905fc1127f98"><code>5f06d72</code></a> Fix CVE-2017-16876</li>
<li><a href="https://github.com/lepture/mistune/commit/7f7f106a717e6cf58012304e56b41d6fb2b98e5f"><code>7f7f106</code></a> Version bump 0.8</li>
<li><a href="https://github.com/lepture/mistune/commit/f8ac83ff6d49c0e850436b8d9e57b71c3b2c4d57"><code>f8ac83f</code></a> Cleanup appveyor CI</li>
<li><a href="https://github.com/lepture/mistune/commit/dda2ace2c74b534c82ba3a9571ee8e0bddba9e0e"><code>dda2ace</code></a> Fix CI testing</li>
<li><a href="https://github.com/lepture/mistune/commit/ab8f7de8bc78c2a88f9e01522b8a3a0aa8cd9416"><code>ab8f7de</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/lepture/mistune/issues/140">#140</a> from junorouse/master</li>
<li><a href="https://github.com/lepture/mistune/commit/d6f0b6402299bf5a380e7b4e77bd80e8736630fe"><code>d6f0b64</code></a> Fix bypassing XSS vulnerability.</li>
<li><a href="https://github.com/lepture/mistune/commit/5b8c3f7db4321bada0b955a9fb833a3faba4a67f"><code>5b8c3f7</code></a> Change donate link</li>
<li><a href="https://github.com/lepture/mistune/commit/4c117151ab536004599b0d5a8079ccda84cc5472"><code>4c11715</code></a> Add missing regex import to Lexers example (<a href="https://github-redirect.dependabot.com/lepture/mistune/issues/129">#129</a>)</li>
<li><a href="https://github.com/lepture/mistune/commit/e9e2066fee8ea4970cec17f1e480031db96906b9"><code>e9e2066</code></a> Update benchmark for misaka</li>
<li>Additional commits viewable in <a href="https://github.com/lepture/mistune/compare/v0.7.4...v0.8.1">compare view</a></li>
</ul>
</details>

<br />
[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=mistune&package-manager=pip&previous-version=0.7.4&new-version=0.8.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) - `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language - `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language - `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language - `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/DeepPavlov/convai/network/alerts).
dependabot[bot] commented 2 years ago

Superseded by #86.