Sourced from jinja2's\nreleases.
\n\n\n3.1.4
\nThis is the Jinja 3.1.4 security release, which fixes security issues\nand bugs but does not otherwise change behavior and should not result in\nbreaking changes.
\nPyPI: https://pypi.org/project/Jinja2/3.1.4/\nChanges: https://jinja.palletsprojects.com/en/3.1.x/changes/#version-3-1-4
\n\n
\n- The
\nxmlattr
filter does not allow keys with\n/
solidus,>
greater-than sign, or\n=
equals sign, in addition to disallowing spaces.\nRegardless of any validation done by Jinja, user input should never be\nused as keys to this filter, or must be separately validated first.\nGHSA-h75v-3vvj-5mfj
Sourced from jinja2's\nchangelog.
\n\n\nVersion 3.1.4
\nReleased 2024-05-05
\n\n
\n- The
\nxmlattr
filter does not allow keys with\n/
solidus,>
\ngreater-than sign, or=
equals sign, in addition to\ndisallowing spaces.\nRegardless of any validation done by Jinja, user input should never be\nused\nas keys to this filter, or must be separately validated first.\n:ghsa:h75v-3vvj-5mfj
dd4a8b5
\nrelease version 3.1.40668239
\nMerge pull request from GHSA-h75v-3vvj-5mfjd655030
\ndisallow invalid characters in keys to xmlattr filtera7863ba
\nadd ghsa linksb5c98e7
\nstart version 3.1.4da3a9f0
\nupdate project files (#1968)0ee5eb4
\nsatisfy formatter, linter, and strict mypy20477c6
\nupdate project files (#5457)e491223
\nupdate pyyaml dev dependency36f9885
\nfix pr linkSourced from jinja2's\nreleases.
\n\n\n3.1.4
\nThis is the Jinja 3.1.4 security release, which fixes security issues\nand bugs but does not otherwise change behavior and should not result in\nbreaking changes.
\nPyPI: https://pypi.org/project/Jinja2/3.1.4/\nChanges: https://jinja.palletsprojects.com/en/3.1.x/changes/#version-3-1-4
\n\n
\n- The
\nxmlattr
filter does not allow keys with\n/
solidus,>
greater-than sign, or\n=
equals sign, in addition to disallowing spaces.\nRegardless of any validation done by Jinja, user input should never be\nused as keys to this filter, or must be separately validated first.\nGHSA-h75v-3vvj-5mfj
Sourced from jinja2's\nchangelog.
\n\n\nVersion 3.1.4
\nReleased 2024-05-05
\n\n
\n- The
\nxmlattr
filter does not allow keys with\n/
solidus,>
\ngreater-than sign, or=
equals sign, in addition to\ndisallowing spaces.\nRegardless of any validation done by Jinja, user input should never be\nused\nas keys to this filter, or must be separately validated first.\n:ghsa:h75v-3vvj-5mfj
dd4a8b5
\nrelease version 3.1.40668239
\nMerge pull request from GHSA-h75v-3vvj-5mfjd655030
\ndisallow invalid characters in keys to xmlattr filtera7863ba
\nadd ghsa linksb5c98e7
\nstart version 3.1.4da3a9f0
\nupdate project files (#1968)0ee5eb4
\nsatisfy formatter, linter, and strict mypy20477c6
\nupdate project files (#5457)e491223
\nupdate pyyaml dev dependency36f9885
\nfix pr linkSourced from idna's\nreleases.
\n\n\nv3.7
\nWhat's Changed
\n\n
\n- Fix issue where specially crafted inputs to encode() could take\nexceptionally long amount of time to process. [CVE-2024-3651]
\nThanks to Guido Vranken for reporting the issue.
\nFull Changelog: https://github.com/kjd/idna/compare/v3.6...v3.7
\n
Sourced from idna's\nchangelog.
\n\n\n3.7 (2024-04-11)\n++++++++++++++++
\n\n
\n- Fix issue where specially crafted inputs to encode() could\ntake exceptionally long amount of time to process. [CVE-2024-3651]
\nThanks to Guido Vranken for reporting the issue.
\n
1d365e1
\nRelease v3.7c1b3154
\nMerge pull request #172 from\nkjd/optimize-contextj0394ec7
\nMerge branch 'master' into optimize-contextjcd58a23
\nMerge pull request #152 from\nelliotwutingfeng/dev5beb28b
\nMore efficient resolution of joiner contexts1b12148
\nUpdate ossf/scorecard-action to v2.3.1d516b87
\nUpdate Github actions/checkout to v4c095c75
\nMerge branch 'master' into dev60a0a4c
\nFix typo in GitHub Actions workflow key5918a0e
\nMerge branch 'master' into devSourced from idna's\nreleases.
\n\n\nv3.7
\nWhat's Changed
\n\n
\n- Fix issue where specially crafted inputs to encode() could take\nexceptionally long amount of time to process. [CVE-2024-3651]
\nThanks to Guido Vranken for reporting the issue.
\nFull Changelog: https://github.com/kjd/idna/compare/v3.6...v3.7
\n
Sourced from idna's\nchangelog.
\n\n\n3.7 (2024-04-11)\n++++++++++++++++
\n\n
\n- Fix issue where specially crafted inputs to encode() could\ntake exceptionally long amount of time to process. [CVE-2024-3651]
\nThanks to Guido Vranken for reporting the issue.
\n3.6 (2023-11-25)\n++++++++++++++++
\n\n
\n- Fix regression to include tests in source distribution.
\n3.5 (2023-11-24)\n++++++++++++++++
\n\n
\n- Update to Unicode 15.1.0
\n- String codec name is now "idna2008" as overriding the\nsystem codec\n"idna" was not working.
\n- Fix typing error for codec encoding
\n- "setup.cfg" has been added for this release due to some\ndownstream\nlack of adherence to PEP 517. Should be removed in a future release\nso please prepare accordingly.
\n- Removed reliance on a symlink for the "idna-data" tool to\ncomport\nwith PEP 517 and the Python Packaging User Guide for sdist\narchives.
\n- Added security reporting protocol for project
\nThanks Jon Ribbens, Diogo Teles Sant'Anna, Wu Tingfeng for\ncontributions\nto this release.
\n3.4 (2022-09-14)\n++++++++++++++++
\n\n
\n- Update to Unicode 15.0.0
\n- Migrate to pyproject.toml for build information (PEP 621)
\n- Correct another instance where generic exception was raised instead\nof\nIDNAError for malformed input
\n- Source distribution uses zeroized file ownership for improved\nreproducibility
\nThanks to Seth Michael Larson for contributions to this release.
\n
1d365e1
\nRelease v3.7c1b3154
\nMerge pull request #172 from\nkjd/optimize-contextj0394ec7
\nMerge branch 'master' into optimize-contextjcd58a23
\nMerge pull request #152 from\nelliotwutingfeng/dev5beb28b
\nMore efficient resolution of joiner contexts1b12148
\nUpdate ossf/scorecard-action to v2.3.1d516b87
\nUpdate Github actions/checkout to v4c095c75
\nMerge branch 'master' into dev60a0a4c
\nFix typo in GitHub Actions workflow key5918a0e
\nMerge branch 'master' into dev