This is a feature release, which includes new features and removes previously deprecated features. The 3.1.x branch is now the supported bugfix branch, the 3.0.x branch has become a tag marking the end of support for that branch. We encourage everyone to upgrade, and to use a tool such as pip-tools to pin all dependencies and control upgrades. We also encourage upgrading to MarkupSafe 2.1.1, the latest version at this time.
Follow our blog, Twitter, or GitHub to see future announcements.
This represents a significant amount of work, and there are quite a few changes. Be sure to carefully read the changelog, and use tools such as pip-compile and Dependabot to pin your dependencies and control your updates.
3.0.0rc2
Fixes an issue with the deprecated Markup subclass, #1401.
This contains a fix for a speed issue with the urlize filter. urlize is likely to be called on untrusted user input. For certain inputs some of the regular expressions used to parse the text could take a very long time due to backtracking. As part of the fix, the email matching became slightly stricter. The various speedups apply to urlize in general, not just the specific input cases.
Add parameters to Environment.overlay to match __init__.
:issue:1645
Handle race condition in FileSystemBytecodeCache. :issue:1654
Version 3.1.1
Released 2022-03-25
The template filename on Windows uses the primary path separator.
:issue:1637
Version 3.1.0
Released 2022-03-24
Drop support for Python 3.6. :pr:1534
Remove previously deprecated code. :pr:1544
WithExtension and AutoEscapeExtension are built-in now.
contextfilter and contextfunction are replaced by
pass_context. evalcontextfilter and
evalcontextfunction are replaced by pass_eval_context.
environmentfilter and environmentfunction are replaced
by pass_environment.
Markup and escape should be imported from MarkupSafe.
Compiled templates from very old Jinja versions may need to be
recompiled.
Legacy resolve mode for Context subclasses is no longer
supported. Override resolve_or_missing instead of
resolve.
unicode_urlencode is renamed to url_quote.
Add support for native types in macros. :issue:1510
The {% trans %} tag can use pgettext and npgettext by
passing a context string as the first token in the tag, like
{% trans "title" %}. :issue:1430
Update valid identifier characters from Python 3.6 to 3.7.
:pr:1571
Filters and tests decorated with @async_variant are pickleable.
:pr:1612
Add items filter. :issue:1561
... (truncated)
Commits
b08cd4b Merge pull request #1660 from pallets/release-3.1.2
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Bumps jinja2 from 2.10 to 3.1.2.
Release notes
Sourced from jinja2's releases.
... (truncated)
Changelog
Sourced from jinja2's changelog.
... (truncated)
Commits
b08cd4bMerge pull request #1660 from pallets/release-3.1.21e68ba8release version 3.1.28efee35pre-commit updates latest release brancha24df26ignore new mypy finding9faee28update requirementsb802b5aMerge pull request #1655 from dvitek/dvitek/issue1654746bb95Fix race conditions in FileSystemBytecodeCache466a200update requirements990602fMerge pull request #1647 from Tom-Brouwer/202204/add-missing-overlay-options5d3d241fix flake8-bugbear findingDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)