Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR contains the following updates:
==1.1.0
->==1.4.0
==0.14.3
->==0.17.3
==3.1.2
->==3.1.5
==3.4.1
->==3.7
==1.4.43
->==2.0.36
==2.2.2
->==3.1.3
v3
->v4
==22.1.0
->==24.1.0
==3.8.3
->==3.11.11
==1.8.1
->==1.14.0
==3.5.2
->==3.8.1
==1.7.7
->==2.3.1
==4.0.1
->==4.2.1
==4.11.1
->==4.12.3
==22.10.0
->==24.10.0
==5.0.1
->==6.2.0
==6.5.0
->==7.6.10
==1.3.0
->==2.2.0
==1.10.0
->==2.26.2
==0.86.0
->==0.115.6
==0.9.0
->==1.0.0
==3.8.0
->==3.16.1
==5.0.4
->==7.1.1
==20.1.0
->==23.0.0
11.5.0
->11.11.1
==0.23.0
->==0.28.1
==5.10.1
->==5.13.2
==2.1.2
->==2.2.0
==4.9.1
->==5.3.0
==0.5.2
->==0.8.1
==2.1.1
->==2.2.6
==3.8.1
->==3.10.14
==0.5.6
->==0.5.7
==1.0.5
->==1.1.1
==5.9.1
->==7.0.0
==4.21.9
->==5.29.3
==1.10.1
->==1.17.0
==7.2.0
->==8.3.4
==0.20.1
->==0.25.2
==4.0.0
->==6.0.0
==3.3
->==3.4
==3.0.2
->==3.6.1
==0.0.5
->==0.0.20
==4.3.4
->==5.2.1
==2.28.1
->==2.32.3
==1.10.1
->==2.19.2
==0.19.0
->==0.34.0
Release Notes
lepture/authlib (Authlib)
v1.4.0
Compare Source
v1.3.2
: Version 1.3.2Compare Source
quote
client id and secret.unquote
basic auth header for authorization server.v1.3.1
: Version 1.3.1Compare Source
Prevent
OctKey
to import ssh and PEM strings.v1.3.0
: Version 1.3.0Compare Source
Bug fixes
Breaking changes
v1.2.1
: Version 1.2.1Compare Source
ClientSecretJWT.sign
method, via #552authorize_redirect
for Starlette v0.26.0, via #533has_client_secret
method and documentation, via #513request_invalid
andtoken_revoked
remaining occurencesand documentation. #514
grant_types
andresponse_types
default values, via #509v1.2.0
: Version 1.2.0Compare Source
request.body
toResourceProtector
, #485.flask.g
instead of_app_ctx_stack
, #482.headers
parameter back toClientSecretJWT
, #457.realm
parameter in OAuth 1 clients, #339.default_timeout
for requestsOAuth2Session
andAssertionSession
.jwk.loads
andjwk.dumps
pgjones/hypercorn (Hypercorn)
v0.17.3
Compare Source
v0.17.2
Compare Source
v0.17.1
Compare Source
v0.17.0
Compare Source
ProxyFixMiddleware.
is accepted.
v0.16.0
Compare Source
the HTTP/2 rapid reset attack.
proxy.
manage memory leaks in apps.
flushing.
headers on first response byte, erroring if
start_response
isnot called, and switching wsgi.errors to stdout.
race conditions.
v0.15.0
Compare Source
found.
failures.
memory leak issues.
is being used.
systems that don't support multiprocessing.
v0.14.4
Compare Source
unmaintained toml library.
client-only code).
0.22 is not supported).
machines.
pallets/jinja (Jinja2)
v3.1.5
Compare Source
Unreleased
render
for an async template usesasyncio.run
.:pr:
1952
auto_aiter
warnings. :pr:1960
aclose
-ableAsyncGenerator
fromTemplate.generate_async
. :pr:1960
root_render_func()
unclosed inTemplate.generate_async
. :pr:1960
:pr:
1960
v3.1.4
Compare Source
Released 2024-05-05
xmlattr
filter does not allow keys with/
solidus,>
greater-than sign, or
=
equals sign, in addition to disallowing spaces.Regardless of any validation done by Jinja, user input should never be used
as keys to this filter, or must be separately validated first.
:ghsa:
h75v-3vvj-5mfj
v3.1.3
Compare Source
Released 2024-01-10
empty. :pr:
1858
xmlattr
filter does not allow keys with spaces. :ghsa:h5c8-rqwp-cp95
{% trans %}
blocksmore helpful. :pr:
1918
Python-Markdown/markdown (Markdown)
v3.7
Compare Source
Changed
Refactor
abbr
ExtensionA new
AbbrTreeprocessor
has been introduced, which replaces the now deprecatedAbbrInlineProcessor
. Abbreviation processing now happens after Attribute Lists,avoiding a conflict between the two extensions (#1460).
The
AbbrPreprocessor
class has been renamed toAbbrBlockprocessor
, whichbetter reflects what it is.
AbbrPreprocessor
has been deprecated.A call to
Markdown.reset()
now clears all previously defined abbreviations.Abbreviations are now sorted by length before executing
AbbrTreeprocessor
to ensure that multi-word abbreviations are implemented even if an abbreviation
exists for one of those component words. (#1465)
Abbreviations without a definition are now ignored. This avoids applying
abbr tags to text without a title value.
Added an optional
glossary
configuration option to the abbreviations extension.This provides a simple and efficient way to apply a dictionary of abbreviations
to every page.
Abbreviations can now be disabled by setting their definition to
""
or''
.This can be useful when using the
glossary
option.Fixed
v3.6
Compare Source
Changed
Refactor TOC Sanitation
striptags
is provided to convert headings to plain text.Unlike, the
markupsafe
implementation, HTML entities are not unescaped.name
, richhtml
, and unescaped rawdata-toc-label
aresaved to
toc_tokens
, allowing users to access the full rich text content ofthe headings directly from
toc_tokens
.data-toc-label
is sanitized separate from heading contentbefore being written to
name
. This fixes a bug which allowed markup throughin certain circumstances. To access the raw unsanitized data, retrieve the
value from
token['data-toc-label']
directly.html.unescape
call is made just prior to callingslugify
so thatslugify
only operates on Unicode characters. Note thathtml.unescape
isnot run on
name
,html
, ordata-toc-label
.get_name
andstashedHTML2text
defined in thetoc
extensionare both deprecated. Instead, third party extensions should use some
combination of the new functions
run_postprocessors
,render_inner_html
andstriptags
.Fixed
scripts/*.py
in the generated source tarballs (#1430).^
) and square brackets (]
) but explicitly excludebackslashes (
\
) from abbreviations (#1444).attr_list
,fenced_code
), quoted attribute values arenow allowed to contain curly braces (
}
) (#1414).v3.5.2
Compare Source
Fixed
convertFile
- it accepts only bytes-based buffers.Also remove legacy checks from Python 2 (#1400)
AdmonitionProcessor.content_indent
unset(#1404)
InlineProcessor
withAtomicString
(#1406).codehilite
with an emptycode
tag (#1405).v3.5.1
Compare Source
Fixed
trigger quadratic line counting behavior (#1392).
v3.5
Compare Source
v3.4.4
Compare Source
v3.4.3
Compare Source
v3.4.2
Compare Source
actions/checkout (actions/checkout)
v4
Compare Source
Tinche/aiofiles (aiofiles)
v24.1.0
: 24.1.0Compare Source
os.link
conditionally to fix importing on android.#175
aiofiles.os.__all__
when running on Windows.aiofiles.os.path.abspath
andaiofiles.os.getcwd
.#174
#184
v23.2.1
: 23.2.1Compare Source
os.statvfs
conditionally to fix importing on non-UNIX systems.#171 #172
v23.2.0
: 23.2.0Compare Source
23.2.0
#166 #168
aiofiles.tempfile.NamedTemporaryFile
now accepts adelete_on_close
argument, just like the stdlib version.aiofiles.tempfile.NamedTemporaryFile
no longer exposes adelete
attribute, just like the stdlib version.aiofiles.os.statvfs
andaiofiles.os.path.ismount
.#162
#169
v23.1.0
Compare Source
aio-libs/aiohttp (aiohttp)
v3.11.11
Compare Source
====================
Bug fixes
Updated :py:meth:
~aiohttp.ClientSession.request
to reuse thequote_cookie
setting fromClientSession._cookie_jar
when processing cookies parameter.-- by :user:
Cycloctane
.Related issues and pull requests on GitHub:
:issue:
10093
.Fixed type of
SSLContext
for some static type checkers (e.g. pyright).Related issues and pull requests on GitHub:
:issue:
10099
.Updated :meth:
aiohttp.web.StreamResponse.write
annotation to also allow :class:bytearray
and :class:memoryview
as inputs -- by :user:cdce8p
.Related issues and pull requests on GitHub:
:issue:
10154
.Fixed a hang where a connection previously used for a streaming
download could be returned to the pool in a paused state.
-- by :user:
javitonino
.Related issues and pull requests on GitHub:
:issue:
10169
.Features
Enabled ALPN on default SSL contexts. This improves compatibility with some
proxies which don't work without this extension.
-- by :user:
Cycloctane
.Related issues and pull requests on GitHub:
:issue:
10156
.Miscellaneous internal changes
Fixed an infinite loop that can occur when using aiohttp in combination
with
async-solipsism
_ -- by :user:bmerry
... _async-solipsism: https://github.com/bmerry/async-solipsism
Related issues and pull requests on GitHub:
:issue:
10149
.v3.11.10
Compare Source
====================
Bug fixes
Fixed race condition in :class:
aiohttp.web.FileResponse
that could have resulted in an incorrect response if the file was replaced on the file system duringprepare
-- by :user:bdraco
.Related issues and pull requests on GitHub:
:issue:
10101
, :issue:10113
.Replaced deprecated call to :func:
mimetypes.guess_type
with :func:mimetypes.guess_file_type
when using Python 3.13+ -- by :user:bdraco
.Related issues and pull requests on GitHub:
:issue:
10102
.Disabled zero copy writes in the
StreamWriter
-- by :user:bdraco
.Related issues and pull requests on GitHub:
:issue:
10125
.v3.11.9
Compare Source
===================
Bug fixes
Fixed invalid method logging unexpected being logged at exception level on subsequent connections -- by :user:
bdraco
.Related issues and pull requests on GitHub:
:issue:
10055
, :issue:10076
.Miscellaneous internal changes
Improved performance of parsing headers when using the C parser -- by :user:
bdraco
.Related issues and pull requests on GitHub:
:issue:
10073
.v3.11.8
Compare Source
===================
Miscellaneous internal changes
Improved performance of creating :class:
aiohttp.ClientResponse
objects when there are no cookies -- by :user:bdraco
.Related issues and pull requests on GitHub:
:issue:
10029
.Improved performance of creating :class:
aiohttp.ClientResponse
objects -- by :user:bdraco
.Related issues and pull requests on GitHub:
:issue:
10030
.Improved performa
Configuration
📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.
This PR was generated by Mend Renovate. View the repository job log.