Follow our blog, Twitter, or GitHub to see future announcements.
This represents a significant amount of work, and there are quite a few changes. Be sure to carefully read the changelog, and use tools such as pip-compile and Dependabot to pin your dependencies and control your updates.
3.0.0rc2
Fixes an issue with the deprecated Markup subclass, #1401.
This contains a fix for a speed issue with the urlize filter. urlize is likely to be called on untrusted user input. For certain inputs some of the regular expressions used to parse the text could take a very long time due to backtracking. As part of the fix, the email matching became slightly stricter. The various speedups apply to urlize in general, not just the specific input cases.
Mark top-level names as exported so type checking understands
imports in user projects. :issue:1426
Fix some types that weren't available in Python 3.6.0. :issue:1433
The deprecation warning for unneeded autoescape and with_
extensions shows more relevant context. :issue:1429
Fixed calling deprecated jinja2.Markup without an argument.
Use markupsafe.Markup instead. :issue:1438
Calling sync render for an async template uses asyncio.run
on Python >= 3.7. This fixes a deprecation that Python 3.10
introduces. :issue:1443
Version 3.0.0
Released 2021-05-11
Drop support for Python 2.7 and 3.5.
Bump MarkupSafe dependency to >=1.1.
Bump Babel optional dependency to >=2.1.
Remove code that was marked deprecated.
Add type hinting. :pr:1412
Use :pep:451 API to load templates with
:class:~loaders.PackageLoader. :issue:1168
Fix a bug that caused imported macros to not have access to the
current template's globals. :issue:688
Add ability to ignore trim_blocks using +%}. :issue:1036
Fix a bug that caused custom async-only filters to fail with
constant input. :issue:1279
Fix UndefinedError incorrectly being thrown on an undefined variable
instead of Undefined being returned on
NativeEnvironment on Python 3.10. :issue:1335
Blocks can be marked as required. They must be overridden at
some point, but not necessarily by the direct child. :issue:1147
Deprecate the autoescape and with extensions, they are
built-in to the compiler. :issue:1203
The urlize filter recognizes mailto: links and takes
extra_schemes (or env.policies["urlize.extra_schemes"]) to
recognize other schemes. It tries to balance parentheses within a
URL instead of ignoring trailing characters. The parsing in general
has been updated to be more efficient and match more cases. URLs
without a scheme are linked as https:// instead of http://.
:issue:522, 827, 1172, :pr:1195
Filters that get attributes, such as map and groupby, can
... (truncated)
Commits
3b3e16f Merge pull request #1445 from pallets/release-3.0.1
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
dependabot[bot]
commented
3 years ago
Bumps jinja2 from 2.10 to 3.0.1.
Release notes
Sourced from jinja2's releases.
... (truncated)
Changelog
Sourced from jinja2's changelog.
... (truncated)
Commits
3b3e16fMerge pull request #1445 from pallets/release-3.0.14d23bfbrelease version 3.0.177674b9Merge pull request #1444 from pallets/event-loop7d0b7acuse asyncio.run94a6423Merge pull request #1442 from dannysepler/use-pathlib-in-places06c646dUse pathlib in some test places9f5db9aMerge pull request #1440 from pallets/deprecated-markupf562a4ffix deprecatedMarkupsubclassfb564a8Merge pull request #1436 from pallets/deprecated-extensionsb4d31e7show context for deprecated extensionsDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)