search

olympus-fergus / dvpwa

Damn Vulnerable Python Web App
MIT License
0 stars 1 forks source link

Bump jinja2 from 2.10 to 3.1.0 #41

Closed dependabot[bot] closed 2 years ago

dependabot[bot] commented 2 years ago

Bumps jinja2 from 2.10 to 3.1.0.

Release notes

Sourced from jinja2's releases.

3.1.0

This is a feature release, which includes new features and removes previously deprecated features. The 3.1.x branch is now the supported bugfix branch, the 3.0.x branch has become a tag marking the end of support for that branch. We encourage everyone to upgrade, and to use a tool such as pip-tools to pin all dependencies and control upgrades. We also encourage upgrading to MarkupSafe 2.1.1, the latest version at this time.

3.0.3

3.0.2

3.0.1

3.0.0

New major versions of all the core Pallets libraries, including Jinja 3.0, have been released! :tada:

This represents a significant amount of work, and there are quite a few changes. Be sure to carefully read the changelog, and use tools such as pip-compile and Dependabot to pin your dependencies and control your updates.

3.0.0rc2

Fixes an issue with the deprecated Markup subclass, #1401.

3.0.0rc1

2.11.3

This contains a fix for a speed issue with the urlize filter. urlize is likely to be called on untrusted user input. For certain inputs some of the regular expressions used to parse the text could take a very long time due to backtracking. As part of the fix, the email matching became slightly stricter. The various speedups apply to urlize in general, not just the specific input cases.

2.11.2

2.11.1

This fixes an issue in async environment when indexing the result of an attribute lookup, like {{ data.items[1:] }}.

2.11.0

... (truncated)

Changelog

Sourced from jinja2's changelog.

Version 3.1.0

Released 2022-03-24

  • Drop support for Python 3.6. :pr:1534

  • Remove previously deprecated code. :pr:1544

    • WithExtension and AutoEscapeExtension are built-in now.
    • contextfilter and contextfunction are replaced by pass_context. evalcontextfilter and evalcontextfunction are replaced by pass_eval_context. environmentfilter and environmentfunction are replaced by pass_environment.
    • Markup and escape should be imported from MarkupSafe.
    • Compiled templates from very old Jinja versions may need to be recompiled.
    • Legacy resolve mode for Context subclasses is no longer supported. Override resolve_or_missing instead of resolve.
    • unicode_urlencode is renamed to url_quote.

  • Add support for native types in macros. :issue:1510

  • The {% trans %} tag can use pgettext and npgettext by passing a context string as the first token in the tag, like {% trans "title" %}. :issue:1430

  • Update valid identifier characters from Python 3.6 to 3.7. :pr:1571

  • Filters and tests decorated with @async_variant are pickleable. :pr:1612

  • Add items filter. :issue:1561

  • Subscriptions ([0], etc.) can be used after filters, tests, and calls when the environment is in async mode. :issue:1573

  • The groupby filter is case-insensitive by default, matching other comparison filters. Added the case_sensitive parameter to control this. :issue:1463

  • Windows drive-relative path segments in template names will not result in FileSystemLoader and PackageLoader loading from drive-relative paths. :pr:1621

Version 3.0.3

Released 2021-11-09

  • Fix traceback rewriting internals for Python 3.10 and 3.11. :issue:1535
  • Fix how the native environment treats leading and trailing spaces when parsing values on Python 3.10. :pr:1537

... (truncated)

Commits
  • 84c0e2c Merge pull request #1625 from pallets/release-3.1.0
  • 7b0c47f release version 3.1.0
  • ede0f98 Merge pull request #1621 from pallets/template-safe-path
  • 040088a use posixpath.join when loading template names
  • a292075 Merge pull request #1620 from janfilips/patch-1
  • 6e4df02 Fix formatting in tricks.rst
  • 3a050b1 Merge pull request #1617 from pallets/docs-prose
  • 4b63cd8 rewrite include statement section
  • a98d482 clean up faq, move technical discussions
  • 9de99f8 clean up engine comparisons
  • Additional commits viewable in compare view


Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
dependabot[bot] commented 2 years ago

Superseded by #42.