Bump the llvm-docs-requirements group in /llvm/docs with 23 updates

[dependabot]

Bumps the llvm-docs-requirements group in /llvm/docs with 23 updates:

Package	From	To
sphinx	7.1.2	8.0.2
docutils	0.20.1	0.21.2
sphinx-automodapi	0.16.0	0.17.0
sphinxcontrib-applehelp	1.0.4	2.0.0
furo	2023.8.19	2024.7.18
myst-parser	2.0.0	3.0.1
alabaster	0.7.13	1.0.0
babel	2.14.0	2.15.0
beautifulsoup4	4.12.2	4.12.3
certifi	2023.11.17	2024.7.4
idna	3.6	3.7
jinja2	3.1.2	3.1.4
markdown	3.5.1	3.6
markupsafe	2.1.3	2.1.5
mdit-py-plugins	0.4.0	0.4.1
packaging	23.2	24.1
pygments	2.17.2	2.18.0
requests	2.31.0	2.32.3
sphinxcontrib-devhelp	1.0.5	2.0.0
sphinxcontrib-htmlhelp	2.0.4	2.1.0
sphinxcontrib-qthelp	1.0.6	2.0.0
sphinxcontrib-serializinghtml	1.1.9	2.0.0
urllib3	2.1.0	2.2.2

Updates sphinx from 7.1.2 to 8.0.2

Release notes

Sourced from sphinx's releases.

Sphinx 8.0.2

Changelog: https://www.sphinx-doc.org/en/master/changes.html

Sphinx 8.0.1

Changelog: https://www.sphinx-doc.org/en/master/changes.html

Sphinx 8.0.0

Changelog: https://www.sphinx-doc.org/en/master/changes.html

Dependencies

• #12633: Drop Python 3.9 support.

Incompatible changes

• Remove deprecated functions from sphinx.util:

  • Removed sphinx.util.path_stabilize (use sphinx.util.osutil.path_stabilize).
  • Removed sphinx.util.display_chunk (use sphinx.util.display.display_chunk).
  • Removed sphinx.util.status_iterator (use sphinx.util.display.status_iterator).
  • Removed sphinx.util.SkipProgressMessage (use sphinx.util.display.SkipProgressMessage).
  • Removed sphinx.util.progress_message (use sphinx.util.display.progress_message).
  • Removed sphinx.util.epoch_to_rfc1123 (use sphinx.http_date.epoch_to_rfc1123).
  • Removed sphinx.util.rfc1123_to_epoch (use sphinx.http_date.rfc1123_to_epoch).
  • Removed sphinx.util.save_traceback (use sphinx.exceptions.save_traceback).
  • Removed sphinx.util.format_exception_cut_frames (use sphinx.exceptions.format_exception_cut_frames).
  • Removed sphinx.util.xmlname_checker (use sphinx.builders.epub3._XML_NAME_PATTERN).

  Patch by Adam Turner.

• Removed sphinx.util.osutil.cd (use contextlib.chdir). Patch by Adam Turner.

• Removed sphinx.util.typing.stringify (use sphinx.util.typing.stringify_annotation). Patch by Adam Turner.

• #12593: Raise an error for invalid html_sidebars values. Patch by Adam Turner.

• #12593: Raise an error in Theme.get_config for invalid sections.

... (truncated)

Changelog

Sourced from sphinx's changelog.

Release 8.0.2 (released Jul 30, 2024)

Bugs fixed

• Fix the pygments.Formatter.__class_getitem__ patch. Patch by Adam Turner.

Release 8.0.1 (released Jul 30, 2024)

Bugs fixed

• Patch pygments.Formatter.__class_getitem__ in Pygments 2.17. Patch by Adam Turner.

Release 8.0.0 (released Jul 29, 2024)

Dependencies

• #12633: Drop Python 3.9 support.

Incompatible changes

.. rst-class:: compact

• Remove deprecated functions from sphinx.util:

  • Removed sphinx.util.path_stabilize (use sphinx.util.osutil.path_stabilize).
  • Removed sphinx.util.display_chunk (use sphinx.util.display.display_chunk).
  • Removed sphinx.util.status_iterator (use sphinx.util.display.status_iterator).
  • Removed sphinx.util.SkipProgressMessage (use sphinx.util.display.SkipProgressMessage).
  • Removed sphinx.util.progress_message (use sphinx.util.display.progress_message).
  • Removed sphinx.util.epoch_to_rfc1123 (use sphinx.http_date.epoch_to_rfc1123).
  • Removed sphinx.util.rfc1123_to_epoch (use sphinx.http_date.rfc1123_to_epoch).
  • Removed sphinx.util.save_traceback (use sphinx.exceptions.save_traceback).
  • Removed sphinx.util.format_exception_cut_frames

... (truncated)

Commits

• 043750e Bump to 8.0.2 final
• cee9efc Use classmethod for a class method
• 16fed35 Bump version
• d9bda77 Bump to 8.0.1 final
• 006a6a7 Fix Flake8
• d0915ab Fix mypy
• 865b513 Patch pygments.Formatter.__class_getitem__ in Pygments 2.17
• f1d3c3f Bump version
• 0e8a638 Bump to 8.0.0 final
• 5750d0e [bot]: Update message catalogues (#12641)
• Additional commits viewable in compare view

Updates docutils from 0.20.1 to 0.21.2

Updates sphinx-automodapi from 0.16.0 to 0.17.0

Release notes

Sourced from sphinx-automodapi's releases.

v0.17.0 Release Notes

Also see CHANGES.rst.

What's Changed

• MNT: Drop Python 3.7 and update test matrix again by @​pllim in astropy/sphinx-automodapi#177
• CI: fix environment name by @​bsipocz in astropy/sphinx-automodapi#178
• CI: update versions by @​bsipocz in astropy/sphinx-automodapi#179
• Updated "Use dict and ignore slots on classes #169 by @​kylefawcett in astropy/sphinx-automodapi#181
• Add automodsumm_included_members option, take2 by @​bsipocz in astropy/sphinx-automodapi#165
• Bump codecov/codecov-action from 3 to 4 in /.github/workflows by @​dependabot in astropy/sphinx-automodapi#183
• Fix nonascii object names by @​m-rossi in astropy/sphinx-automodapi#184

New Contributors

• @​kylefawcett made their first contribution in astropy/sphinx-automodapi#181
• @​dependabot made their first contribution in astropy/sphinx-automodapi#183

Full Changelog: astropy/sphinx-automodapi@v0.16.0...v0.17.0

Changelog

Sourced from sphinx-automodapi's changelog.

0.17.0 (2024-02-22)

• Fixes issue where __slots__ hides class variables. #181

• Minimum supported Python version is now 3.8. #177

• Fixed issue with non-ascii characters in object names. #184

Commits

• e5cb71b Finalize change log for 0.17.0
• 2963d43 Merge pull request #184 from m-rossi/more-nonascii-fixes
• 5ab68d0 Also update filename
• 5cb1818 Ensure @​bsipocz name is handled
• 4d78a2c Add period at the end of sentence
• f111d36 Update changelog
• 511f6de Set another open dialog with encoding utf8 to try to fix errors on Windows
• bb6d65e Fix nonascii object names
• 56f69fe Merge pull request #183 from astropy/dependabot/github_actions/dot-github/wor...
• 25b3e5f Bump codecov/codecov-action from 3 to 4 in /.github/workflows
• Additional commits viewable in compare view

Updates sphinxcontrib-applehelp from 1.0.4 to 2.0.0

Release notes

Sourced from sphinxcontrib-applehelp's releases.

sphinxcontrib-applehelp 2.0.0

Changelog: https://github.com/sphinx-doc/sphinxcontrib-applehelp/blob/master/CHANGES.rst

sphinxcontrib-applehelp 1.0.8

Changelog: https://www.sphinx-doc.org/en/master/changes.html

sphinxcontrib-applehelp 1.0.7

Changelog: https://www.sphinx-doc.org/en/master/changes.html

sphinxcontrib-applehelp 1.0.6

Changelog: https://www.sphinx-doc.org/en/master/changes.html

sphinxcontrib-applehelp 1.0.5

Changelog: https://www.sphinx-doc.org/en/master/changes.html

Changelog

Sourced from sphinxcontrib-applehelp's changelog.

Release 2.0.0 (2024-07-28)

• Adopt Ruff
• Tighten MyPy settings
• Update GitHub actions versions

Release 1.0.8 (2024-01-13)

• Remove Sphinx as a required dependency, as circular dependencies may cause failure with package managers that expect a directed acyclic graph (DAG) of dependencies.

Release 1.0.7 (2023-08-14)

• Use os.PathLike over pathlib.Path

Release 1.0.6 (2023-08-09)

• Fix tests for Sphinx 7.1 and below

Release 1.0.5 (2023-08-07)

• Drop support for Python 3.8
• Raise minimum required Sphinx version to 5.0

Commits

• f4f9d90 Bump to 2.0.0
• a3e76fc Update CHANGES links
• 2292a12 Rename LICENSE to LICENCE.rst
• e9efbd4 Rename CHANGES to CHANGES.rst
• 0544c40 Run CI with Python 3.12 releases
• 4e9b505 Run mypy without command-line options
• 5f01d27 Use the latest GitHub actions versions
• 5b53500 Enable GitHub's dependabot package update service
• d51bb2b Adopt Ruff and use stricter MyPy settings
• fbc12da Update .gitignore
• Additional commits viewable in compare view

Updates furo from 2023.8.19 to 2024.7.18

Changelog

Sourced from furo's changelog.

Changelog

2024.07.18 -- Dull Denim

• Improve how icons are handled and aligned.
• Improve scroll event handler.
• Hide the copybutton by default.
• Fix source_view_link configuration handling.
• Fix close tag on pencil icon.

2024.05.06 -- Cheerful Cerulean

• ✨ Add new custom icons for auto mode, reflecting the currently active theme.
• ✨ Add a view this page button.
• ✨ Add colours and highlighting to "version modified" API helpers.
• ✨ Add release information to various customisation knobs.
• Make all icons bigger and use a thinner stroke with them.

2024.04.27 -- Bold Burgundy

• Add a skip to content link.
• Add --font-stack--headings.
• Add :visited colour and enforce uniform contrast between light/dark.
• Add an offset of :target to reduce back-to-top overlap.
• Improve dark mode colours.
• Fix outstanding colour contrast warnings on Firefox.
• Fix bad indent in footnotes.
• Tweak handling of default configuration options in a more resilient manner.
• Tweak length and sizing of API source links.
• Stop search engine indexing on search page.

2024.01.29 -- Amazing Amethyst

• Fix canonical url when building with dirhtml.
• Relicense the demo module.

2023.09.10 -- Zesty Zaffre

• Make asset hash injection idempotent, fixing Sphinx 6 compatibility.

... (truncated)

Commits

• 78e4ba2 Prepare release: 2024.07.18
• 6b61424 Update changelog
• 58b532c Make the issue tracker template more explicit
• 17e351e Add source_view_link to configuration
• 7e51bc7 Delete svg-sun-half (#811)
• 073c497 Move a 'type: ignore' comment, for mypy (#812)
• cefbdc0 Bump the npm group with 2 updates (#809)
• 7fb7ec8 Bump the npm group with 3 updates (#806)
• 25091fc [pre-commit.ci] pre-commit autoupdate (#796)
• 550756e Fix close tag on pencil icon (#807)
• Additional commits viewable in compare view

Updates myst-parser from 2.0.0 to 3.0.1

Release notes

Sourced from myst-parser's releases.

v3.0.1

What's Changed

• 🐛 FIX empty value for final directive option by @​chrisjsewell in executablebooks/MyST-Parser#924
• 🐛 FIX: allow indented option block by @​chrisjsewell in executablebooks/MyST-Parser#925

Full Changelog: executablebooks/MyST-Parser@v3.0.0...v3.0.1

v3.0.0

What's Changed

Upgraded dependencies

• ⬆️ Add support for Python 3.12 by @​hugovk in executablebooks/MyST-Parser#848
• ⬆️ Update docutils requirement from >=0.16,=0.18,<0.22 by @​chrisjsewell in executablebooks/MyST-Parser#916

New features

• ✨ Allow for use of the line-block directive by @​chrisjsewell in executablebooks/MyST-Parser#900
• ✨ Emits sphinx include-read event by @​sumezulike in executablebooks/MyST-Parser#887

Improvements

• 👌 Nested parse attribution in attr_block by @​chrisjsewell in executablebooks/MyST-Parser#831
• 👌 Directive option parsing by @​chrisjsewell in executablebooks/MyST-Parser#796
• 👌 Improve directive parsing warnings by @​chrisjsewell in executablebooks/MyST-Parser#893
• 👌 Allow for opening external links in new tabs (#856) by @​marjus45 in executablebooks/MyST-Parser#857

Internal

• 🔧 Replace black, isort, pyupgrade with ruff formatter by @​chrisjsewell in executablebooks/MyST-Parser#833
• 🔧 remove redundant mypy config by @​danieleades in executablebooks/MyST-Parser#866
• 🔧 Add additional Ruff lints (and fix issues) by @​danieleades in executablebooks/MyST-Parser#862
• 🔧 mypy- disallow 'any generics' by @​danieleades in executablebooks/MyST-Parser#865
• 🔧 Fix docutils deprecation in option parsing by @​agoose77 in executablebooks/MyST-Parser#842

Documentation

• 📚 Fix a broken link in configuration.md by @​zupo in executablebooks/MyST-Parser#907
• 📚 Add linkify dependency to contributing docs. by @​jhcole in executablebooks/MyST-Parser#792
• 📚 Fix the double used in docs/syntax/math.md by @​ice-tong in executablebooks/MyST-Parser#810
• 📚 Also add linkify to pip install command in README by @​n-peugnet in executablebooks/MyST-Parser#851
• 📚 Fix the code section title in live preview by @​BoboTiG in executablebooks/MyST-Parser#875
• 📚 Fix admonition example by @​72757373656c6c in executablebooks/MyST-Parser#904
• 📚 Fix url for jupyter book gallery by @​72757373656c6c in executablebooks/MyST-Parser#905
• 📚 Update theme version by @​chrisjsewell in executablebooks/MyST-Parser#918
• 📚 Fix typo by @​blakeNaccarato in executablebooks/MyST-Parser#911
• 📚 Fix architecture typo (#855) by @​72757373656c6c in executablebooks/MyST-Parser#910

... (truncated)

Changelog

Sourced from myst-parser's changelog.

3.0.1 - 2024-04-28

🐛 Bug Fixes

• Account for the final directive option having an empty value, by gh-user:chrisjsewell in gh-pr:924
• Re-allow indented directive option blocks, by gh-user:chrisjsewell in gh-pr:925

Full Changelog: v3.0.1...v3.0.0

3.0.0 - 2024-04-23

Upgraded dependencies

• ⬆️ Add support for Python 3.12 by gh-user:hugovk in gh-pr:848
• ⬆️ Update docutils requirement from >=0.16,

New features

• ✨ Allow for use of the line-block directive by gh-user:chrisjsewell in gh-pr:900
• ✨ Emits sphinx include-read event by gh-user:sumezulike in gh-pr:887

Improvements

• 👌 Nested parse attribution in attr_block by gh-user:chrisjsewell in gh-pr:831
• 👌 Directive option parsing by gh-user:chrisjsewell in <gh-pr:796
• 👌 Improve directive parsing warnings by gh-user:chrisjsewell in gh-pr:893
• 👌 Allow for opening external links in new tabs (#856) by gh-user:marjus45 in gh-pr:857

Internal

• 🔧 Replace black, isort, pyupgrade with ruff formatter by gh-user:chrisjsewell in gh-pr:833
• 🔧 remove redundant mypy config by gh-user:danieleades in gh-pr:866
• 🔧 Add additional Ruff lints (and fix issues) by gh-user:danieleades in gh-pr:862
• 🔧 mypy- disallow 'any generics' by gh-user:danieleades in gh-pr:865
• 🔧 Fix docutils deprecation in option parsing by gh-user:agoose77 in gh-pr:842

Documentation

• 📚 Fix a broken link in configuration.md by gh-user:zupo in gh-pr:907
• 📚 Add linkify dependency to contributing docs. by gh-user:jhcole in gh-pr:792
• 📚 Fix the double used in docs/syntax/math.md by gh-user:ice-tong in gh-pr:810
• 📚 Also add linkify to pip install command in README by gh-user:n-peugnet in gh-pr:851
• 📚 Fix the code section title in live preview by gh-user:BoboTiG in gh-pr:875
• 📚 Fix admonition example by gh-user:72757373656c6c in gh-pr:904
• 📚 Fix url for jupyter book gallery by gh-user:72757373656c6c in gh-pr:905
• 📚 Update theme version by gh-user:chrisjsewell in gh-pr:918
• 📚 Fix typo by gh-user:blakeNaccarato in gh-pr:911
• 📚 Fix architecture typo (#855) by gh-user:72757373656c6c in gh-pr:910

Full Changelog: v2.0.0...v3.0.0

Commits

• 3d84ff8 🚀 Release v3.0.1 (#926)
• 790a926 🐛 FIX: allow indented option block (#925)
• 446feba 🐛 FIX empty value for final directive option (#924)
• c9579c4 📚 Update live preview (#921)
• 1b44e06 🚀 Release v3.0.0 (#920)
• 5ad2d6d 🔧 More improvements for directive option parsing (#919)
• 8614eca 📚 Update theme version (#918)
• 5416b9f 🔧 Update mypy to use sphinx v7.3 (#917)
• 167c902 ⬆️ Update docutils requirement from >=0.16,<0.21 to >=0.18,<0.22 (#916)
• c00ef09 📚 Fix architecture typo (#855) (#910)
• Additional commits viewable in compare view

Updates alabaster from 0.7.13 to 1.0.0

Release notes

Sourced from alabaster's releases.

Alabaster 1.0.0

Changelog: https://alabaster.readthedocs.io/en/latest/changelog.html

Alabaster 0.7.16

Changelog: https://alabaster.readthedocs.io/en/latest/changelog.html

Alabaster 0.7.15

Changelog: https://alabaster.readthedocs.io/en/latest/changelog.html

Alabaster 0.7.14

Changelog: https://alabaster.readthedocs.io/en/latest/changelog.html

Changelog

Sourced from alabaster's changelog.

:git_tag:1.0.0 -- 2024-07-26

• Dropped support for Python 3.9 and earlier.
• Dropped support for Sphinx 6.1 and earlier.
• Use a new SVG image for the GitHub banner.
• :feature:217 Use the new searchfield component for the search box. Patch by Tim Hoffmann.
• :feature:104 Allow translating strings in relations.html.
• 🐛125 Do not underline linked images. Patch by Joshua Bronson.
• 🐛169 Do not ignore the Pygments background colour. Patch by Matthias Geier.
• 🐛174 Fix clipping caused by incorrect CSS breakpoints.

:git_tag:0.7.16 -- 2024-01-10

• 🐛215 Do not display logo_name if it is set to False.

:git_tag:0.7.15 -- 2024-01-08

• :feature:213 Allow an arbitrary string in the logo_name option.
• :feature:114 Improved sidebar CSS styles.
• :issue:178 Deprecated canonical_url in favor of html_baseurl.
• 🐛200 Removed duplicate <meta name="viewport" ... /> tag.
• 🐛188 Removed underline from whitespace.
• 🐛164 Removed type="text/javascript" from elements.
• 🐛161 Replaced © with unicode decimal code entity [#169](https://github.com/sphinx-doc/alabaster/issues/169);.

:git_tag:0.7.14 -- 2024-01-08

• Dropped support for Python 3.8 and earlier.
• Dropped support for Sphinx 3.3 and earlier.
• :issue:198 Fix horizontal scrolling on mobile.
• :issue:206 Properly support the html_support_sphinx config value.
• :issue:211 Fix the GitHub 'forkme' banner.
• Added alabaster_version_info to the HTML template context.
• Declare support for Python 3.13.
• Adopt the Ruff linter and formatter.
• Migrate from CircleCI to GitHub Actions.

Commits

• fba58a4 Bump to 1.0.0
• 7d5c318 Update project maintainers
• d25c4bc List basic.css in theme.conf (#219)
• 97235d1 Fix incorrect breakpoints that cause clipping around 875px (#174)
• 5bb4411 Remove explicit width for search field input (#218)
• 9fdb57c Update references to searchbox
• a35a1df Don't ignore the Pygments background (#169)
• 17e55e5 Fix for "Don't put an underline on linked images" (#125)
• 73be878 Allow translations for strings in relations.html (#104)
• eb522b8 Use searchfield instead of searchbox component in sidebar (#217)
• Additional commits viewable in compare view

Updates babel from 2.14.0 to 2.15.0

Release notes

Sourced from babel's releases.

v2.15.0

The changelog below is auto-generated by GitHub.

The binary artifacts attached to this GitHub release were generated by the GitHub Actions workflow.

Please see CHANGELOG.rst for additional details.

---

What's Changed

• Drop support for Python 3.7 (EOL since June 2023) by @​akx in python-babel/babel#1048
• Upgrade GitHub Actions by @​cclauss in python-babel/babel#1054
• Improve .po IO by @​akx in python-babel/babel#1068
• Use CLDR 44 by @​akx in python-babel/babel#1071
• Allow alternative space characters as group separator when parsing numbers by @​ronnix in python-babel/babel#1007
• Include Unicode license in locale-data and in documentation by @​akx in python-babel/babel#1074
• Encode support for the "fall back to short format" logic for time delta formatting by @​akx in python-babel/babel#1075
• Prepare for 2.15.0 release by @​akx in python-babel/babel#1079

New Contributors

• @​cclauss made their first contribution in python-babel/babel#1054
• @​ronnix made their first contribution in python-babel/babel#1007

Full Changelog: python-babel/babel@v2.14.0...v2.15.0

Changelog

Sourced from babel's changelog.

Version 2.15.0

Python version support

* Babel 2.15.0 will require Python 3.8 or newer. (:gh:`1048`)
Features

* CLDR: Upgrade to CLDR 44 (:gh:`1071`) (@akx)
* Dates: Support for the "fall back to short format" logic for time delta formatting (:gh:`1075`) (@akx)
* Message: More versatile .po IO functions (:gh:`1068`) (@akx)
* Numbers: Improved support for alternate spaces when parsing numbers (:gh:`1007`) (@ronnix's first contribution)
Infrastructure



Upgrade GitHub Actions (:gh:1054) (@​cclauss's first contribution)
The Unicode license is now included in locale-data and in the documentation (:gh:1074) (@​akx)

Commits

• 40b194f Prepare for 2.15.0 release (#1079)
• c2e6c6e Encode support for the "fall back to short format" logic for time delta forma...
• 1a03526 Include Unicode license in locale-data and in documentation (#1074)
• c0fb56e Allow alternative space characters as group separator when parsing numbers (#...
• fe82fbc Use CLDR 44 and adjust tests to match new data (#1071)
• e0d1018 Improve .po IO (#1068)
• 40e60a1 Upgrade GitHub Actions (#1054)
• 2a1709a Drop support for Python 3.7 (EOL since June 2023) (#1048)
• See full diff in compare view

Updates beautifulsoup4 from 4.12.2 to 4.12.3

Updates certifi from 2023.11.17 to 2024.7.4

Commits

• bd81538 2024.07.04 (#295)
• 06a2cbf Bump peter-evans/create-pull-request from 6.0.5 to 6.1.0 (#294)
• 13bba02 Bump actions/checkout from 4.1.6 to 4.1.7 (#293)
• e8abcd0 Bump pypa/gh-action-pypi-publish from 1.8.14 to 1.9.0 (#292)
• 124f4ad 2024.06.02 (#291)
• c2196ce --- (#290)
• fefdeec Bump actions/checkout from 4.1.4 to 4.1.5 (#289)
• 3c5fb15 Bump actions/download-artifact from 4.1.6 to 4.1.7 (#286)
• 4a9569a Bump actions/checkout from 4.1.2 to 4.1.4 (#287)
• 1fc8086 Bump peter-evans/create-pull-request from 6.0.4 to 6.0.5 (#288)
• Additional commits viewable in compare view

Updates idna from 3.6 to 3.7

Release notes

Sourced from idna's releases.

v3.7

What's Changed

• Fix issue where specially crafted inputs to encode() could take exceptionally long amount of time to process. [CVE-2024-3651]

Thanks to Guido Vranken for reporting the issue.

Full Changelog: kjd/idna@v3.6...v3.7

Changelog

Sourced from idna's changelog.

3.7 (2024-04-11) ++++++++++++++++

• Fix issue where specially crafted inputs to encode() could take exceptionally long amount of time to process. [CVE-2024-3651]

Thanks to Guido Vranken for reporting the issue.

Commits

• 1d365e1 Release v3.7
• c1b3154 Merge pull request #172 from kjd/optimize-contextj
• 0394ec7 Merge branch 'master' into optimize-contextj
• cd58a23 Merge pull request #152 from elliotwutingfeng/dev
• 5beb28b More efficient resolution of joiner contexts
• 1b12148 Update ossf/scorecard-action to v2.3.1
• d516b87 Update Github actions/checkout to v4
• c095c75 Merge branch 'master' into dev
• 60a0a4c Fix typo in GitHub Actions workflow key
• 5918a0e Merge branch 'master' into dev
• Additional commits viewable in compare view

Updates jinja2 from 3.1.2 to 3.1.4

Release notes

Sourced from jinja2's releases.

3.1.4

This is the Jinja 3.1.4 security release, which fixes security issues and bugs but does not otherwise change behavior and should not result in breaking changes.

PyPI: https://pypi.org/project/Jinja2/3.1.4/ Changes: https://jinja.palletsprojects.com/en/3.1.x/changes/#version-3-1-4

• The xmlattr filter does not allow keys with / solidus, > greater-than sign, or = equals sign, in addition to disallowing spaces. Regardless of any validation done by Jinja, user input should never be used as keys to this filter, or must be separately validated first. GHSA-h75v-3vvj-5mfj

3.1.3

This is a fix release for the 3.1.x feature branch.

• Fix for GHSA-h5c8-rqwp-cp95. You are affected if you are using xmlattr and passing user input as attribute keys.
• Changes: https://jinja.palletsprojects.com/en/3.1.x/changes/#version-3-1-3
• Milestone: https://github.com/pallets/jinja/milestone/15?closed=1

Changelog

Sourced from jinja2's changelog.

Version 3.1.4

Released 2024-05-05

• The xmlattr filter does not allow keys with / solidus, > greater-than sign, or = equals sign, in addition to disallowing spaces. Regardless of any validation done by Jinja, user input should never be used as keys to this filter, or must be separately validated first. :ghsa:h75v-3vvj-5mfj

Version 3.1.3

Released 2024-01-10

• Fix compiler error when checking if required blocks in parent templates are empty. :pr:1858
• xmlattr filter does not allow keys with spaces. :ghsa:h5c8-rqwp-cp95
• Make error messages stemming from invalid nesting of {% trans %} blocks more helpful. :pr:1918

Commits

• dd4a8b5 release version 3.1.4
• 0668239 Merge pull request from GHSA-h75v-3vvj-5mfj
• d655030 disallow invalid characters in keys to xmlattr filter
• a7863ba add ghsa links
• b5c98e7 start version 3.1.4
• da3a9f0 update project files (#1968)
• 0ee5eb4 satisfy formatter, linter, and strict mypy
• 20477c6 update project files (#5457)
• e491223 update pyyaml dev dependency
• 36f9885 fix pr link
• Additional commits viewable in compare view

Updates markdown from 3.5.1 to 3.6

Release notes

Sourced from markdown's releases.

Release 3.6

Changed

Refactor TOC Sanitation

• All postprocessors are now run on heading content.
• Footnote references are now stripped from heading content. Fixes #660.
• A more robust striptags is provided to convert headings to plain text. Unlike, the markupsafe implementation, HTML entities are not unescaped.
• The plain text name, rich html, and unescaped raw data-toc-label are saved to toc_tokens, allowing users to access the full rich text content of the headings directly from toc_tokens.
• The value of data-toc-label is sanitized separate from heading content before being written to name. This fixes a bug which allowed markup through in certain circumstances. To access the raw unsanitized data, retrieve the value from token['data-toc-label'] directly.
• An html.unescape call is made just prior to calling slugify so that slugify only operates on Unicode characters. Note that html.unescape is not run on name, html, or data-toc-label.
• The functions get_name and stashedHTML2text defined in the toc extension are both deprecated. Instead, third party extensions should use some combination of the new functions run_postprocessors, render_inner_html and striptags.

Fixed

• Include scripts/*.py in the generated source tarballs (#1430).
• Ensure lines after heading in loose list are properly detabbed (#1443).
• Give smarty tree processor higher priority than toc (#1440).
• Permit carets (^) and square brackets (]) but explicitly exclude backslashes (\) from abbreviations (#1444).
• In attribute lists (attr_list, fenced_code), quoted attribute values are now allowed to contain curly braces (}) (#1414).

Release 3.5.2

Fixed

• Fix type annotations for convertFile - it accepts only bytes-based buffers. Also remove legacy checks from Python 2 (#1400)
• Remove legacy import needed only in Python 2 (#1403)
• Fix typo that left the attribute AdmonitionProcessor.content_indent unset (#1404)
• Fix edge-case crash in InlineProcessor with AtomicString (#1406).
• Fix edge-case crash in codehilite with an empty code tag (#1405).
• Improve and expand type annotations in the code base (#1401).
• Fix handling of bogus comments (#1425).

Changelog

Sourced from markdown's changelog.

[3.6] -- 2024-03-14

Changed

Refactor TOC Sanitation

• All postprocessors are now run on heading content.
• Footnote references are now stripped from heading content. Fixes #660.
• A more robust striptags is provided to convert headings to plain text. Unlike, the markupsafe implementation, HTML entities are not unescaped.
• The plain text name, rich html, and unescaped raw data-toc-label are saved to toc_tokens, allowing users to access the full rich text content of the headings directly from toc_tokens.
• The value of data-toc-label is sanitized separate from heading content before being written to name. This fixes a bug which allowed markup through in certain circumstances. To access the raw unsanitized data, retrieve the value from token['data-toc-label'] directly.
• An html.unescape call is made just prior to calling slugify so that slugify only operates on Unicode characters. Note that html.unescape is not run on name, html, or data-toc-label.
• The functions get_name and stashedHTML2text defined in the toc extension are both deprecated. Instead, third party extensions should use some combination of the new functions run_postprocessors, render_inner_html and striptags.

Fixed

• Include scripts/*.py in the generated source tarballs (

[dependabot]

This pull request was built based on a group rule. Closing it will not ignore any of these versions in future pull requests.

To ignore these dependencies, configure ignore rules in dependabot.yml