Bump the pip group across 1 directories with 4 updates #1

dependabot · 2024-02-28T09:21:24Z

Bumps the pip group with 4 updates in the / directory: django, jinja2, mako and tornado.

Updates django from 2.0.1 to 3.2.24

Commits

f5c8808 [3.2.x] Bumped version for 3.2.24 release.
c1171ff [3.2.x] Fixed CVE-2024-24680 -- Mitigated potential DoS in intcomma template ...
9dc3456 [3.2.x] Added stub release notes 3.2.24.
90eae45 [3.2.x] Fixed documented alias of smart_text().
c9ad858 [3.2.x] Pinned python-memcached == 1.59 in test requirements.
12b685c [3.2.x] Added CVE-2023-46695 to security archive.
0059182 [3.2.x] Post-release version bump.
60e648a [3.2.x] Bumped version for 3.2.23 release.
f9a7fb8 [3.2.x] Fixed CVE-2023-46695 -- Fixed potential DoS in UsernameField on Windows.
e6d2591 [3.2.x] Added stub release notes for 3.2.23.
Additional commits viewable in compare view

Updates jinja2 from 2.10 to 3.1.3

Release notes

3.1.3

This is a fix release for the 3.1.x feature branch.

Fix for GHSA-h5c8-rqwp-cp95. You are affected if you are using xmlattr and passing user input as attribute keys.

Changes: https://jinja.palletsprojects.com/en/3.1.x/changes/#version-3-1-3

Milestone: https://github.com/pallets/jinja/milestone/15?closed=1

3.1.2

This is a fix release for the 3.1.0 feature release.

Changes: https://jinja.palletsprojects.com/en/3.1.x/changes/#version-3-1-2

Milestone: https://github.com/pallets/jinja/milestone/13?closed=1

3.1.1

Changes: https://jinja.palletsprojects.com/en/3.1.x/changes/#version-3-1-1

Milestone: https://github.com/pallets/jinja/milestone/12?closed=1

3.1.0

This is a feature release, which includes new features and removes previously deprecated features. The 3.1.x branch is now the supported bugfix branch, the 3.0.x branch has become a tag marking the end of support for that branch. We encourage everyone to upgrade, and to use a tool such as pip-tools to pin all dependencies and control upgrades. We also encourage upgrading to MarkupSafe 2.1.1, the latest version at this time.

Changes: https://jinja.palletsprojects.com/en/3.1.x/changes/#version-3-1-0

Milestone: https://github.com/pallets/jinja/milestone/8?closed=1

MarkupSafe changes: https://markupsafe.palletsprojects.com/en/2.1.x/changes/#version-2-1-1

3.0.3

Changes: https://jinja.palletsprojects.com/en/3.0.x/changes/#version-3-0-3

3.0.2

Changes: https://jinja.palletsprojects.com/en/3.0.x/changes/#version-3-0-2

3.0.1

Changes: https://jinja.palletsprojects.com/en/3.0.x/changes/#version-3-0-1

3.0.0

New major versions of all the core Pallets libraries, including Jinja 3.0, have been released! 🎉

Read the announcement on our blog: https://palletsprojects.com/blog/flask-2-0-released/

Read the full list of changes: https://jinja.palletsprojects.com/changes/#version-3-0-0

Retweet the announcement on Twitter: https://twitter.com/PalletsTeam/status/1392266507296514048

Follow our blog, Twitter, or GitHub to see future announcements.

This represents a significant amount of work, and there are quite a few changes. Be sure to carefully read the changelog, and use tools such as pip-compile and Dependabot to pin your dependencies and control your updates.

3.0.0rc2

Fixes an issue with the deprecated Markup subclass, #1401.

Changes: https://jinja.palletsprojects.com/en/master/changes/#version-3-0-0

3.0.0rc1

Changes: https://jinja.palletsprojects.com/en/master/changes/#version-3-0-0

... (truncated)

Changelog

Sourced from jinja2's changelog.

Version 3.1.3

Released 2024-01-10

Fix compiler error when checking if required blocks in parent templates are empty. :pr:1858

xmlattr filter does not allow keys with spaces. GHSA-h5c8-rqwp-cp95

Make error messages stemming from invalid nesting of {% trans %} blocks more helpful. :pr:1918

Version 3.1.2

Released 2022-04-28

Add parameters to Environment.overlay to match __init__. :issue:1645

Handle race condition in FileSystemBytecodeCache. :issue:1654

Version 3.1.1

Released 2022-03-25

The template filename on Windows uses the primary path separator. :issue:1637

Version 3.1.0

Released 2022-03-24

Drop support for Python 3.6. :pr:1534

Remove previously deprecated code. :pr:1544

WithExtension and AutoEscapeExtension are built-in now.

contextfilter and contextfunction are replaced by pass_context. evalcontextfilter and evalcontextfunction are replaced by pass_eval_context. environmentfilter and environmentfunction are replaced by pass_environment.

Markup and escape should be imported from MarkupSafe.

Compiled templates from very old Jinja versions may need to be recompiled.

Legacy resolve mode for Context subclasses is no longer supported. Override resolve_or_missing instead of

... (truncated)

Commits

d9de4bb release version 3.1.3
50124e1 skip test pypi
9ea7222 use trusted publishing
da703f7 use trusted publishing
bce1746 use trusted publishing
7277d80 update pre-commit hooks
5c8a105 Make nested-trans-block exceptions nicer (#1918)
19a55db Make nested-trans-block exceptions nicer
7167953 Merge pull request from GHSA-h5c8-rqwp-cp95
7dd3680 xmlattr filter disallows keys with spaces
Additional commits viewable in compare view

Updates mako from 1.0.7 to 1.2.2

Release notes

Sourced from mako's releases.

1.2.2

Released: Mon Aug 29 2022

bug

[bug] [lexer] Fixed issue in lexer where the regexp used to match tags would not correctly interpret quoted sections individually. While this parsing issue still produced the same expected tag structure later on, the mis-handling of quoted sections was also subject to a regexp crash if a tag had a large number of quotes within its quoted sections.

References: #366

1.2.1

Released: Thu Jun 30 2022

bug

[bug] [tests] Various fixes to the test suite in the area of exception message rendering to accommodate for variability in Python versions as well as Pygments.

References: #360

misc

[performance] Optimized some codepaths within the lexer/Python code generation process, improving performance for generation of templates prior to their being cached. Pull request courtesy Takuto Ikuta.

References: #361

1.2.0

Released: Thu Mar 10 2022

changed

[changed] [py3k] Corrected "universal wheel" directive in setup.cfg so that building a wheel does not target Python 2.

References: #351

[changed] [py3k] The bytestring_passthrough template argument is removed, as this flag only applied to Python 2.

... (truncated)

Commits

See full diff in compare view

Updates tornado from 4.5.3 to 6.3.3

Changelog

Sourced from tornado's changelog.

Release notes

.. toctree:: :maxdepth: 2

releases/v6.4.0 releases/v6.3.3 releases/v6.3.2 releases/v6.3.1 releases/v6.3.0 releases/v6.2.0 releases/v6.1.0 releases/v6.0.4 releases/v6.0.3 releases/v6.0.2 releases/v6.0.1 releases/v6.0.0 releases/v5.1.1 releases/v5.1.0 releases/v5.0.2 releases/v5.0.1 releases/v5.0.0 releases/v4.5.3 releases/v4.5.2 releases/v4.5.1 releases/v4.5.0 releases/v4.4.3 releases/v4.4.2 releases/v4.4.1 releases/v4.4.0 releases/v4.3.0 releases/v4.2.1 releases/v4.2.0 releases/v4.1.0 releases/v4.0.2 releases/v4.0.1 releases/v4.0.0 releases/v3.2.2 releases/v3.2.1 releases/v3.2.0 releases/v3.1.1 releases/v3.1.0 releases/v3.0.2 releases/v3.0.1 releases/v3.0.0 releases/v2.4.1 releases/v2.4.0 releases/v2.3.0 releases/v2.2.1

... (truncated)

Commits

e4d6984 Merge pull request #3307 from bdarnell/branch6.3
6a9e6fb ci: Don't test py312 in branch6.3
5c8a9a4 Set version to 6.3.3
7dfe8b5 httpserver_test: Add ExpectLog to fix CI
217295b http1connection: Make content-length parsing more strict
e3aa6c5 Merge pull request #3267 from bdarnell/branch6.3
34f5c1c Version 6.3.2
32ad07c web: Fix an open redirect in StaticFileHandler
e0fa53e Merge pull request #3257 from bdarnell/build-workflow-wstest-warning
f5a1d5c ci: Only run pypi actions from the main repo
Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot merge will merge this PR after your CI passes on it
@dependabot squash and merge will squash and merge this PR after your CI passes on it
@dependabot cancel merge will cancel a previously requested merge and block automerging
@dependabot reopen will reopen this PR if it is closed
@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
@dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
@dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
@dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
@dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
@dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
@dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions
You can disable automated security fix PRs for this repo from the Security Alerts page.

Bumps the pip group with 4 updates in the / directory: [django](https://github.com/django/django), [jinja2](https://github.com/pallets/jinja), [mako](https://github.com/sqlalchemy/mako) and [tornado](https://github.com/tornadoweb/tornado). Updates `django` from 2.0.1 to 3.2.24 - [Commits](django/django@2.0.1...3.2.24) Updates `jinja2` from 2.10 to 3.1.3 - [Release notes](https://github.com/pallets/jinja/releases) - [Changelog](https://github.com/pallets/jinja/blob/main/CHANGES.rst) - [Commits](pallets/jinja@2.10...3.1.3) Updates `mako` from 1.0.7 to 1.2.2 - [Release notes](https://github.com/sqlalchemy/mako/releases) - [Changelog](https://github.com/sqlalchemy/mako/blob/main/CHANGES) - [Commits](https://github.com/sqlalchemy/mako/commits) Updates `tornado` from 4.5.3 to 6.3.3 - [Changelog](https://github.com/tornadoweb/tornado/blob/master/docs/releases.rst) - [Commits](tornadoweb/tornado@v4.5.3...v6.3.3) --- updated-dependencies: - dependency-name: django dependency-type: direct:production dependency-group: pip-security-group - dependency-name: jinja2 dependency-type: direct:production dependency-group: pip-security-group - dependency-name: mako dependency-type: direct:production dependency-group: pip-security-group - dependency-name: tornado dependency-type: direct:production dependency-group: pip-security-group ... Signed-off-by: dependabot[bot] <[email protected]>

dependabot · 2024-05-06T14:56:28Z

Superseded by #2.

dependabot bot added the dependencies Pull requests that update a dependency file label Feb 28, 2024

dependabot bot closed this May 6, 2024

dependabot bot deleted the dependabot/pip/pip-security-group-da937bb19d branch May 6, 2024 14:56

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Bump the pip group across 1 directories with 4 updates #1

Bump the pip group across 1 directories with 4 updates #1

dependabot bot commented on behalf of github Feb 28, 2024

dependabot bot commented on behalf of github May 6, 2024

Bump the pip group across 1 directories with 4 updates #1

Bump the pip group across 1 directories with 4 updates #1

Conversation

dependabot bot commented on behalf of github Feb 28, 2024

3.1.3

3.1.2

3.1.1

3.1.0

3.0.3

3.0.2

3.0.1

3.0.0

3.0.0rc2

3.0.0rc1

Version 3.1.3

Version 3.1.2

Version 3.1.1

Version 3.1.0

1.2.2

bug

1.2.1

bug

misc

1.2.0

changed

Release notes

dependabot bot commented on behalf of github May 6, 2024