Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR contains the following updates:
==2.10.3
->==3.1.4
By merging this PR, the below vulnerabilities will be automatically resolved:
Release Notes
pallets/jinja (Jinja2)
v3.1.4
Compare Source
Released 2024-05-05
xmlattr
filter does not allow keys with/
solidus,>
greater-than sign, or
=
equals sign, in addition to disallowing spaces.Regardless of any validation done by Jinja, user input should never be used
as keys to this filter, or must be separately validated first.
:ghsa:
h75v-3vvj-5mfj
v3.1.3
Compare Source
Released 2024-01-10
empty. :pr:
1858
xmlattr
filter does not allow keys with spaces. :ghsa:h5c8-rqwp-cp95
{% trans %}
blocksmore helpful. :pr:
1918
v3.1.2
Compare Source
Released 2022-04-28
Environment.overlay
to match__init__
.:issue:
1645
FileSystemBytecodeCache
. :issue:1654
v3.1.1
Compare Source
Released 2022-03-25
:issue:
1637
v3.1.0
Compare Source
Released 2022-03-24
Drop support for Python 3.6. :pr:
1534
Remove previously deprecated code. :pr:
1544
WithExtension
andAutoEscapeExtension
are built-in now.contextfilter
andcontextfunction
are replaced bypass_context
.evalcontextfilter
andevalcontextfunction
are replaced bypass_eval_context
.environmentfilter
andenvironmentfunction
are replacedby
pass_environment
.Markup
andescape
should be imported from MarkupSafe.recompiled.
Context
subclasses is no longersupported. Override
resolve_or_missing
instead ofresolve
.unicode_urlencode
is renamed tourl_quote
.Add support for native types in macros. :issue:
1510
The
{% trans %}
tag can usepgettext
andnpgettext
bypassing a context string as the first token in the tag, like
{% trans "title" %}
. :issue:1430
Update valid identifier characters from Python 3.6 to 3.7.
:pr:
1571
Filters and tests decorated with
@async_variant
are pickleable.:pr:
1612
Add
items
filter. :issue:1561
Subscriptions (
[0]
, etc.) can be used after filters, tests, andcalls when the environment is in async mode. :issue:
1573
The
groupby
filter is case-insensitive by default, matchingother comparison filters. Added the
case_sensitive
parameter tocontrol this. :issue:
1463
Windows drive-relative path segments in template names will not
result in
FileSystemLoader
andPackageLoader
loading fromdrive-relative paths. :pr:
1621
v3.0.3
Compare Source
Released 2021-11-09
:issue:
1535
when parsing values on Python 3.10. :pr:
1537
:issue:
1514
hash(Node)
behavior. Nodes are hashed by idagain :issue:
1521
PackageLoader
works when the package is a single module file.:issue:
1512
v3.0.2
Compare Source
Released 2021-10-04
to still be referenced outside of it. :issue:
1427
compile_templates
deterministic for filter and importnames. :issue:
1452, 1453
Undefined
to act likeStrictUndefined
for thein
operator. :issue:1448
environments. :issue:
1494
PackageLoader
will not include a current directory (.) pathsegment. This allows loading templates from the root of a zip
import. :issue:
1467
v3.0.1
Compare Source
Released 2021-05-18
1418
imports in user projects. :issue:
1426
1433
autoescape
andwith_
extensions shows more relevant context. :issue:
1429
jinja2.Markup
without an argument.Use
markupsafe.Markup
instead. :issue:1438
render
for an async template usesasyncio.new_event_loop
This fixes a deprecation that Python 3.10 introduces. :issue:
1443
v3.0.0
Compare Source
Released 2021-05-11
Drop support for Python 2.7 and 3.5.
Bump MarkupSafe dependency to >=1.1.
Bump Babel optional dependency to >=2.1.
Remove code that was marked deprecated.
Add type hinting. :pr:
1412
Use :pep:
451
API to load templates with:class:
~loaders.PackageLoader
. :issue:1168
Fix a bug that caused imported macros to not have access to the
current template's globals. :issue:
688
Add ability to ignore
trim_blocks
using+%}
. :issue:1036
Fix a bug that caused custom async-only filters to fail with
constant input. :issue:
1279
Fix UndefinedError incorrectly being thrown on an undefined variable
instead of
Undefined
being returned onNativeEnvironment
on Python 3.10. :issue:1335
Blocks can be marked as
required
. They must be overridden atsome point, but not necessarily by the direct child. :issue:
1147
Deprecate the
autoescape
andwith
extensions, they arebuilt-in to the compiler. :issue:
1203
The
urlize
filter recognizesmailto:
links and takesextra_schemes
(orenv.policies["urlize.extra_schemes"]
) torecognize other schemes. It tries to balance parentheses within a
URL instead of ignoring trailing characters. The parsing in general
has been updated to be more efficient and match more cases. URLs
without a scheme are linked as
https://
instead ofhttp://
.:issue:
522, 827, 1172
, :pr:1195
Filters that get attributes, such as
map
andgroupby
, canuse a false or empty value as a default. :issue:
1331
Fix a bug that prevented variables set in blocks or loops from
being accessed in custom context functions. :issue:
768
Fix a bug that caused scoped blocks from accessing special loop
variables. :issue:
1088
Update the template globals when calling
Environment.get_template(globals=...)
even if the template wasalready loaded. :issue:
295
Do not raise an error for undefined filters in unexecuted
if-statements and conditional expressions. :issue:
842
Add
is filter
andis test
tests to test if a name is aregistered filter or test. This allows checking if a filter is
available in a template before using it. Test functions can be
decorated with
@pass_environment
,@pass_eval_context
,or
@pass_context
. :issue:842
, :pr:1248
Support
pgettext
andnpgettext
(message contexts) in i18nextension. :issue:
441
The
|indent
filter'swidth
argument can be a string toindent by. :pr:
1167
The parser understands hex, octal, and binary integer literals.
:issue:
1170
Undefined.__contains__
(in
) raises anUndefinedError
instead of a
TypeError
. :issue:1198
Undefined
is iterable in an async environment. :issue:1294
NativeEnvironment
supports async mode. :issue:1362
Template rendering only treats
\n
,\r\n
and\r
as linebreaks. Other characters are left unchanged. :issue:
769, 952, 1313
|groupby
filter takes an optionaldefault
argument.:issue:
1359
The function and filter decorators have been renamed and unified.
The old names are deprecated. :issue:
1381
pass_context
replacescontextfunction
andcontextfilter
.pass_eval_context
replacesevalcontextfunction
andevalcontextfilter
pass_environment
replacesenvironmentfunction
andenvironmentfilter
.Async support no longer requires Jinja to patch itself. It must
still be enabled with
Environment(enable_async=True)
.:issue:
1390
Overriding
Context.resolve
is deprecated, overrideresolve_or_missing
instead. :issue:1380
v2.11.3
Compare Source
Released 2021-01-31
urlize
filter by reducing regexbacktracking. Email matching requires a word character at the start
of the domain part, and only word characters in the TLD. :pr:
1343
v2.11.2
Compare Source
Released 2020-04-13
__getattr__
, like:class:
~unittest.mock.Mock
to be treated as a:func:
contextfunction
. :issue:1145
wordcount
filter to trigger :class:Undefined
methodsby wrapping the input in :func:
soft_str
. :pr:1160
:issue:
1162
AttributeError
on access doesn't cause a recursion error.:issue:
1177
~loaders.PackageLoader
from 2.10 whichremoved the dependency on setuptools and pkg_resources, and added
limited support for namespace packages. The changes caused issues
when using Pytest. Due to the difficulty in supporting Python 2 and
:pep:
451
simultaneously, the changes are reverted until 3.0.:pr:
1182
:pr:
1178
namespace()
assignment object in templates works inasync environments. :issue:
1180
lstrip_blocks
is enabled. :issue:1138
~nativetypes.NativeEnvironment
doesn't evaluateintermediate strings during rendering. This prevents early
evaluation which could change the value of an expression.
:issue:
1186
v2.11.1
Compare Source
Released 2020-01-30
(
{{ data.items[1:] }}
) in an async template. :issue:1141
v2.11.0
Compare Source
Released 2020-01-27
version to support Python 2.7 and 3.5.
ChainableUndefined
class to support getitem andgetattr on an undefined object. :issue:
977
{%+
syntax (with NOP behavior) whenlstrip_blocks
isdisabled. :issue:
748
default
parameter for themap
filter. :issue:557
:func:
meta.find_undeclared_variables
. :issue:931
2.56e-3. :issue:
912
, :pr:922
legibility, like 12_345. :pr:
923
LRUCache.setdefault
. :pr:1000
trim
filter takes an optional string of characters to trim.:pr:
828
jinja2.ext.debug
extension adds a{% debug %}
tag toquickly dump the current context and available filters and tests.
:issue:
174
, :pr:798, 983
:issue:
857
, :pr:858
{{ 2 * (3 < 5) }}
outputs "2" instead of "False".:issue:
755
, :pr:938
boolean
,false
,true
,integer
andfloat
tests. :pr:
824
finalize
function is only applied to theoutput of expressions (constant or not), not static template data.
:issue:
63
FileSystemLoader
, a templatecan have the same name as a directory. :issue:
821
Undefined
when omitting theelse
clausein a
{{ 'foo' if bar }}
expression, regardless of theenvironment's
undefined
class. Omitting theelse
clause is avalid shortcut and should not raise an error when using
:class:
StrictUndefined
. :issue:710
, :pr:1079
loop
control variables such aslength
andrevindex0
when looping over a generator. :issue:459, 751, 794
,:pr:
993
it, in order to avoid a slow initial import. :issue:
765
|map
filter will await the filtercall if needed. :pr:
913
loop
attributes, the iterator is notadvanced ahead of the current iteration unless
length
,revindex
,nextitem
, orlast
are accessed. This makes itless likely to break
groupby
results. :issue:555
, :pr:1101
loop
attributeslength
andrevindex
work for async iterators. :pr:1101
be awaited if needed. :pr:
1101
~loader.PackageLoader
doesn't depend on setuptools orpkg_resources. :issue:
970
PackageLoader
has limited support for :pep:420
namespacepackages. :issue:
1097
os.PathLike
objects in:class:
~loader.FileSystemLoader
and :class:~loader.ModuleLoader
.:issue:
870
~nativetypes.NativeTemplate
correctly handles quotesbetween expressions.
"'{{ a }}', '{{ b }}'"
renders as the tuple('1', '2')
rather than the string'1, 2'
. :issue:1020
~nativetypes.NativeTemplate
directly creates a:class:
~nativetypes.NativeEnvironment
instead of a default:class:
Environment
. :issue:1091
LRUCache.copy()
, the copy's queue methods point tothe correct queue. :issue:
843
system encoding. :issue:
889
|wordwrap
filter treats existing newlines as separate paragraphsto be wrapped individually, rather than creating short intermediate
lines. :issue:
175
break_on_hyphens
parameter to|wordwrap
filter.:issue:
550
passed the context. :pr:
1108
the result follows Python's behavior of returning
False
if anycomparison returns
False
, rather than only the last one.:issue:
1102
and source for Python >= 3.7. :issue:
1104
internal compiler frames. :issue:
763
DerivedContextReference
node that can be used byextensions to get the current context and local variables such as
loop
. :issue:860
that were previously overlooked. :issue:
733
TemplateSyntaxError.source
is not empty when raised from anincluded template. :issue:
457
Undefined
value toget_template
(such as throughextends
,import
, orinclude
), raises anUndefinedError
consistently.select_template
will show theundefined message in the list of attempts rather than the empty
string. :issue:
1037
TemplateSyntaxError
can be pickled. :pr:1117