Sourced from pymdown-extensions's releases.

10.0

• Break: Snippets: snippets will restrict snippets to ensure they are under the base_path preventing snippets relative to the base_path but not explicitly under it. restrict_base_path can be set to False for legacy behavior.

9.11

• NEW: Emoji: Update to new CDN and use Twemoji 14.1.2.
• NEW: Snippets: Ignore nested snippet section syntax when including a section.

9.10

• NEW: Blocks: Add new experimental general purpose blocks that provide a framework for creating fenced block containers for specialized parsing. A number of extensions utilizing general purpose blocks are included and are meant to be an alternative to (and maybe one day replace): Admonitions, Details, Definition Lists, and Tabbed. Also adds a new HTML plugin for quick wrapping of content with arbitrary HTML elements.
• NEW: Highlight: When enabling line spans and/or line anchors, if a code block has an ID associated with it, line ids will be generated using that code ID instead of the code block count.
• NEW: Snippets: Expand section syntax to allow section names with - and _.
• NEW: Snippets: When check_paths is enabled, and a specified section is not found, raise an error.
• NEW: Snippets: Add new experimental feature dedent_sections that will de-indent (remove any common leading whitespace from every line in text) from that block of text.
• NEW: MagicLink: Update GitLab links to match recent changes and to be more correct.
• NEW: MagicLink: Relax required hash length when performing link shortening.

9.10b5

• NEW: Blocks: Add type_multi and type_none validators.
• NEW: Blocks: Rename on_parse to on_validate and pass in parent element as context for validation.
• NEW: Blocks: When a block uses raw mode, allow content to be indented to avoid conflicts with HTML parser. raw blocks should be indented and are now documented as such. The results will be dedented up to Python Markdown's tab length, so intentional indentation is still possible. raw blocks with no indentation will still work, but may have conflicts with other extensions.
• FIX: Blocks: Commenting out all YAML options will not cause a block to invalidate.

9.10b4

• NEW: Blocks: Add on_inline_end event.

9.10b3

• NEW: Blocks: Ensure inline mode is handled properly.
• NEW: Blocks: When using raw mode, ensure HTML stashed content is extracted.
• NEW: HTML: The Blocks HTML extension should use inline specifier instead of span.

9.10b2

• NEW: Blocks: Add new experimental general purpose blocks that provide a framework for creating fenced block containers for specialized parsing. A number of extensions utilizing general purpose blocks are included and are meant

... (truncated)

• 5e75073 Update JS doc deps
• b7bb487 Merge pull request from GHSA-jh85-wwv9-24hv
• a8fb966 Update JS doc deps
• 75d17e3 Update changelog
• c3580c5 Update to use latest Twemoji release (#2004)
• 442011d Update bad links
• 5bda09f Update JS doc deps
• 61b4571 Ignore nested snippet sections (#2003)
• 07e4b90 Corrected a typo: "be" missing (#1991)
• 59efa28 Update JS doc deps
• Additional commits viewable in compare view

Sourced from jinja2's releases.

3.1.4

This is the Jinja 3.1.4 security release, which fixes security issues and bugs but does not otherwise change behavior and should not result in breaking changes.

PyPI: https://pypi.org/project/Jinja2/3.1.4/ Changes: https://jinja.palletsprojects.com/en/3.1.x/changes/#version-3-1-4

• The xmlattr filter does not allow keys with / solidus, > greater-than sign, or = equals sign, in addition to disallowing spaces. Regardless of any validation done by Jinja, user input should never be used as keys to this filter, or must be separately validated first. GHSA-h75v-3vvj-5mfj

3.1.3

This is a fix release for the 3.1.x feature branch.

• Fix for GHSA-h5c8-rqwp-cp95. You are affected if you are using xmlattr and passing user input as attribute keys.
• Changes: https://jinja.palletsprojects.com/en/3.1.x/changes/#version-3-1-3
• Milestone: https://github.com/pallets/jinja/milestone/15?closed=1

3.1.2

This is a fix release for the 3.1.0 feature release.

• Changes: https://jinja.palletsprojects.com/en/3.1.x/changes/#version-3-1-2
• Milestone: https://github.com/pallets/jinja/milestone/13?closed=1

3.1.1

• Changes: https://jinja.palletsprojects.com/en/3.1.x/changes/#version-3-1-1
• Milestone: https://github.com/pallets/jinja/milestone/12?closed=1

3.1.0

This is a feature release, which includes new features and removes previously deprecated features. The 3.1.x branch is now the supported bugfix branch, the 3.0.x branch has become a tag marking the end of support for that branch. We encourage everyone to upgrade, and to use a tool such as pip-tools to pin all dependencies and control upgrades. We also encourage upgrading to MarkupSafe 2.1.1, the latest version at this time.

• Changes: https://jinja.palletsprojects.com/en/3.1.x/changes/#version-3-1-0
• Milestone: https://github.com/pallets/jinja/milestone/8?closed=1
• MarkupSafe changes: https://markupsafe.palletsprojects.com/en/2.1.x/changes/#version-2-1-1

Sourced from jinja2's changelog.

Version 3.1.4

Released 2024-05-05

• The xmlattr filter does not allow keys with / solidus, > greater-than sign, or = equals sign, in addition to disallowing spaces. Regardless of any validation done by Jinja, user input should never be used as keys to this filter, or must be separately validated first. :ghsa:h75v-3vvj-5mfj

Version 3.1.3

Released 2024-01-10

• Fix compiler error when checking if required blocks in parent templates are empty. :pr:1858
• xmlattr filter does not allow keys with spaces. :ghsa:h5c8-rqwp-cp95
• Make error messages stemming from invalid nesting of {% trans %} blocks more helpful. :pr:1918

Version 3.1.2

Released 2022-04-28

• Add parameters to Environment.overlay to match __init__. :issue:1645
• Handle race condition in FileSystemBytecodeCache. :issue:1654

Version 3.1.1

Released 2022-03-25

• The template filename on Windows uses the primary path separator. :issue:1637

Version 3.1.0

Released 2022-03-24

• Drop support for Python 3.6. :pr:1534
• Remove previously deprecated code. :pr:1544

... (truncated)

• dd4a8b5 release version 3.1.4
• 0668239 Merge pull request from GHSA-h75v-3vvj-5mfj
• d655030 disallow invalid characters in keys to xmlattr filter
• a7863ba add ghsa links
• b5c98e7 start version 3.1.4
• da3a9f0 update project files (#1968)
• 0ee5eb4 satisfy formatter, linter, and strict mypy
• 20477c6 update project files (#5457)
• e491223 update pyyaml dev dependency
• 36f9885 fix pr link
• Additional commits viewable in compare view

Sourced from zipp's changelog.

v3.19.1

Bugfixes

• Improved handling of malformed zip files. (#119)

v3.19.0

Features

• Implement is_symlink. (#117)

v3.18.2

No significant changes.

v3.18.1

No significant changes.

v3.18.0

Features

• Bypass ZipFile.namelist in glob for better performance. (#106)
• Refactored glob functionality to support a more generalized solution with support for platform-specific path separators. (#108)

Bugfixes

• Add special accounting for pypy when computing the stack level for text encoding warnings. (#114)

v3.17.0

Features

... (truncated)

• 6d1cb72 Finalize
• fd604bd Merge pull request #120 from jaraco/bugfix/119-malformed-paths
• c18417e Add news fragment.
• 58115d2 Employ SanitizedNames in CompleteDirs. Fixes broken test.
• 564fcc1 Add SanitizedNames mixin.
• 79a309f Add some assertions about malformed paths.
• 2d015c2 Merge https://github.com/jaraco/skeleton
• a595a0f Rename extras to align with core metadata spec.
• 608f90a Finalize
• 3a22d72 Merge pull request #118 from jaraco/feature/is-symlink
• Additional commits viewable in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions
  You can disable automated security fix PRs for this repo from the Security Alerts page.