venthur / blag

blag is a blog-aware, static site generator -- it uses Markdown and is written in Python.
https://blag.readthedocs.io
MIT License
69 stars 7 forks source link

Bump markdown from 3.5.2 to 3.6 #222

Closed dependabot[bot] closed 4 months ago

dependabot[bot] commented 7 months ago

Bumps markdown from 3.5.2 to 3.6.

Release notes

Sourced from markdown's releases.

Release 3.6

Changed

Refactor TOC Sanitation

  • All postprocessors are now run on heading content.
  • Footnote references are now stripped from heading content. Fixes #660.
  • A more robust striptags is provided to convert headings to plain text. Unlike, the markupsafe implementation, HTML entities are not unescaped.
  • The plain text name, rich html, and unescaped raw data-toc-label are saved to toc_tokens, allowing users to access the full rich text content of the headings directly from toc_tokens.
  • The value of data-toc-label is sanitized separate from heading content before being written to name. This fixes a bug which allowed markup through in certain circumstances. To access the raw unsanitized data, retrieve the value from token['data-toc-label'] directly.
  • An html.unescape call is made just prior to calling slugify so that slugify only operates on Unicode characters. Note that html.unescape is not run on name, html, or data-toc-label.
  • The functions get_name and stashedHTML2text defined in the toc extension are both deprecated. Instead, third party extensions should use some combination of the new functions run_postprocessors, render_inner_html and striptags.

Fixed

  • Include scripts/*.py in the generated source tarballs (#1430).
  • Ensure lines after heading in loose list are properly detabbed (#1443).
  • Give smarty tree processor higher priority than toc (#1440).
  • Permit carets (^) and square brackets (]) but explicitly exclude backslashes (\) from abbreviations (#1444).
  • In attribute lists (attr_list, fenced_code), quoted attribute values are now allowed to contain curly braces (}) (#1414).
Changelog

Sourced from markdown's changelog.

[3.6] -- 2024-03-14

Changed

Refactor TOC Sanitation

  • All postprocessors are now run on heading content.
  • Footnote references are now stripped from heading content. Fixes #660.
  • A more robust striptags is provided to convert headings to plain text. Unlike, the markupsafe implementation, HTML entities are not unescaped.
  • The plain text name, rich html, and unescaped raw data-toc-label are saved to toc_tokens, allowing users to access the full rich text content of the headings directly from toc_tokens.
  • The value of data-toc-label is sanitized separate from heading content before being written to name. This fixes a bug which allowed markup through in certain circumstances. To access the raw unsanitized data, retrieve the value from token['data-toc-label'] directly.
  • An html.unescape call is made just prior to calling slugify so that slugify only operates on Unicode characters. Note that html.unescape is not run on name, html, or data-toc-label.
  • The functions get_name and stashedHTML2text defined in the toc extension are both deprecated. Instead, third party extensions should use some combination of the new functions run_postprocessors, render_inner_html and striptags.

Fixed

  • Include scripts/*.py in the generated source tarballs (#1430).
  • Ensure lines after heading in loose list are properly detabbed (#1443).
  • Give smarty tree processor higher priority than toc (#1440).
  • Permit carets (^) and square brackets (]) but explicitly exclude backslashes (\) from abbreviations (#1444).
  • In attribute lists (attr_list, fenced_code), quoted attribute values are now allowed to contain curly braces (}) (#1414).
Commits
  • e524b8f Bump version to 3.6
  • 3d8afc6 Allow attr_list quoted values to contain curly braces
  • 9edba85 Refactor abbr escaping
  • e4ab4a6 Refactor TOC sanitation
  • a18765c Explicitly omit carot and backslash from abbr
  • 421f1e8 Give smarty tree processor higher priority than toc
  • c334a3e Ensure lines after heading in loose list are properly detabbed
  • ea92856 Update the license template so GitHub can detect it
  • a2effd6 Disable mkdocstrings show_symbol_type_toc option to work around searching iss...
  • 91f9a12 Restore Attribute symbol type in mkdocstrings template
  • Additional commits viewable in compare view


Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)