profile
viewpoint
If you are wondering where the data of this site comes from, please visit https://api.github.com/users/JLDaniel77/events. GitMemory does not store any data, but only uses NGINX to cache data for a period of time. The idea behind GitMemory is simply to give users a better reading experience.
Jeff Daniel JLDaniel77 Cleveland, Tennessee Jeff Daniel - Data Scientist

JLDaniel77/AB-Demo 0

Simple front-end A/B experiment

JLDaniel77/Algorithms 0

An introduction to algorithmic problem-solving and algorithmic paradigms.

JLDaniel77/atap 0

Code for Applied Text Analysis with Python

JLDaniel77/AudioBook 0

Convert any PDF file into an audiobook.

JLDaniel77/Computer-Architecture 0

Computer Architecture

JLDaniel77/Data-Analysis 0

Data Science Using Python

JLDaniel77/deep-learning-with-python-notebooks 0

Jupyter notebooks for the code samples of the book "Deep Learning with Python"

JLDaniel77/Demo 0

This is a demo repository.

PR opened cs25-bw-andrew/frontend

Bump ssri from 6.0.1 to 6.0.2 in /client

Bumps ssri from 6.0.1 to 6.0.2. <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/npm/ssri/blob/v6.0.2/CHANGELOG.md">ssri's changelog</a>.</em></p> <blockquote> <h2><a href="https://github.com/zkat/ssri/compare/v6.0.1...v6.0.2">6.0.2</a> (2021-04-07)</h2> <h3>Bug Fixes</h3> <ul> <li>backport regex change from 8.0.1 (<a href="https://github.com/zkat/ssri/commit/b30dfdb">b30dfdb</a>), closes <a href="https://github-redirect.dependabot.com/zkat/ssri/issues/19">#19</a></li> </ul> <p><!-- raw HTML omitted --><!-- raw HTML omitted --></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/npm/ssri/commit/b7c8c7c61db89aeb9fbf7596c0ef17071bc216ef"><code>b7c8c7c</code></a> chore(release): 6.0.2</li> <li><a href="https://github.com/npm/ssri/commit/b30dfdb00bb94ddc49a25a85a18fb27afafdfbb1"><code>b30dfdb</code></a> fix: backport regex change from 8.0.1</li> <li>See full diff in <a href="https://github.com/npm/ssri/compare/v6.0.1...v6.0.2">compare view</a></li> </ul> </details> <details> <summary>Maintainer changes</summary> <p>This version was pushed to npm by <a href="https://www.npmjs.com/~nlf">nlf</a>, a new releaser for ssri since your current version.</p> </details> <br />

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


<details> <summary>Dependabot commands and options</summary> <br />

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
  • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
  • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
  • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

</details>

+6 -6

0 comment

1 changed file

pr created time in 7 hours

PR opened JLDaniel77/my-plotly-dash-demo

Bump pygments from 2.4.2 to 2.7.4

Bumps pygments from 2.4.2 to 2.7.4. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/pygments/pygments/releases">pygments's releases</a>.</em></p> <blockquote> <h2>2.7.4</h2> <ul> <li> <p>Updated lexers:</p> <ul> <li> <p>Apache configurations: Improve handling of malformed tags (<a href="https://github-redirect.dependabot.com/pygments/pygments/issues/1656">#1656</a>)</p> </li> <li> <p>CSS: Add support for variables (<a href="https://github-redirect.dependabot.com/pygments/pygments/issues/1633">#1633</a>, <a href="https://github-redirect.dependabot.com/pygments/pygments/issues/1666">#1666</a>)</p> </li> <li> <p>Crystal (<a href="https://github-redirect.dependabot.com/pygments/pygments/issues/1650">#1650</a>, <a href="https://github-redirect.dependabot.com/pygments/pygments/issues/1670">#1670</a>)</p> </li> <li> <p>Coq (<a href="https://github-redirect.dependabot.com/pygments/pygments/issues/1648">#1648</a>)</p> </li> <li> <p>Fortran: Add missing keywords (<a href="https://github-redirect.dependabot.com/pygments/pygments/issues/1635">#1635</a>, <a href="https://github-redirect.dependabot.com/pygments/pygments/issues/1665">#1665</a>)</p> </li> <li> <p>Ini (<a href="https://github-redirect.dependabot.com/pygments/pygments/issues/1624">#1624</a>)</p> </li> <li> <p>JavaScript and variants (<a href="https://github-redirect.dependabot.com/pygments/pygments/issues/1647">#1647</a> -- missing regex flags, <a href="https://github-redirect.dependabot.com/pygments/pygments/issues/1651">#1651</a>)</p> </li> <li> <p>Markdown (<a href="https://github-redirect.dependabot.com/pygments/pygments/issues/1623">#1623</a>, <a href="https://github-redirect.dependabot.com/pygments/pygments/issues/1617">#1617</a>)</p> </li> <li> <p>Shell</p> <ul> <li>Lex trailing whitespace as part of the prompt (<a href="https://github-redirect.dependabot.com/pygments/pygments/issues/1645">#1645</a>)</li> <li>Add missing <code>in</code> keyword (<a href="https://github-redirect.dependabot.com/pygments/pygments/issues/1652">#1652</a>)</li> </ul> </li> <li> <p>SQL - Fix keywords (<a href="https://github-redirect.dependabot.com/pygments/pygments/issues/1668">#1668</a>)</p> </li> <li> <p>Typescript: Fix incorrect punctuation handling (<a href="https://github-redirect.dependabot.com/pygments/pygments/issues/1510">#1510</a>, <a href="https://github-redirect.dependabot.com/pygments/pygments/issues/1511">#1511</a>)</p> </li> </ul> </li> <li> <p>Fix infinite loop in SML lexer (<a href="https://github-redirect.dependabot.com/pygments/pygments/issues/1625">#1625</a>)</p> </li> <li> <p>Fix backtracking string regexes in JavaScript/TypeScript, Modula2 and many other lexers (<a href="https://github-redirect.dependabot.com/pygments/pygments/issues/1637">#1637</a>)</p> </li> <li> <p>Limit recursion with nesting Ruby heredocs (<a href="https://github-redirect.dependabot.com/pygments/pygments/issues/1638">#1638</a>)</p> </li> <li> <p>Fix a few inefficient regexes for guessing lexers</p> </li> <li> <p>Fix the raw token lexer handling of Unicode (<a href="https://github-redirect.dependabot.com/pygments/pygments/issues/1616">#1616</a>)</p> </li> <li> <p>Revert a private API change in the HTML formatter (<a href="https://github-redirect.dependabot.com/pygments/pygments/issues/1655">#1655</a>) -- please note that private APIs remain subject to change!</p> </li> <li> <p>Fix several exponential/cubic-complexity regexes found by Ben Caller/Doyensec (<a href="https://github-redirect.dependabot.com/pygments/pygments/issues/1675">#1675</a>)</p> </li> <li> <p>Fix incorrect MATLAB example (<a href="https://github-redirect.dependabot.com/pygments/pygments/issues/1582">#1582</a>)</p> </li> </ul> <p>Thanks to Google's OSS-Fuzz project for finding many of these bugs.</p> <h2>2.7.3</h2> <ul> <li> <p>Updated lexers:</p> <ul> <li>Ada (<a href="https://github-redirect.dependabot.com/pygments/pygments/issues/1581">#1581</a>)</li> <li>HTML (<a href="https://github-redirect.dependabot.com/pygments/pygments/issues/1615">#1615</a>, <a href="https://github-redirect.dependabot.com/pygments/pygments/issues/1614">#1614</a>)</li> <li>Java (<a href="https://github-redirect.dependabot.com/pygments/pygments/issues/1594">#1594</a>, <a href="https://github-redirect.dependabot.com/pygments/pygments/issues/1586">#1586</a>)</li> <li>JavaScript (<a href="https://github-redirect.dependabot.com/pygments/pygments/issues/1605">#1605</a>, <a href="https://github-redirect.dependabot.com/pygments/pygments/issues/1589">#1589</a>, <a href="https://github-redirect.dependabot.com/pygments/pygments/issues/1588">#1588</a>)</li> <li>JSON (<a href="https://github-redirect.dependabot.com/pygments/pygments/issues/1569">#1569</a> -- this is a complete rewrite)</li> <li>Lean (<a href="https://github-redirect.dependabot.com/pygments/pygments/issues/1601">#1601</a>)</li> <li>LLVM (<a href="https://github-redirect.dependabot.com/pygments/pygments/issues/1612">#1612</a>)</li> <li>Mason (<a href="https://github-redirect.dependabot.com/pygments/pygments/issues/1592">#1592</a>)</li> <li>MySQL (<a href="https://github-redirect.dependabot.com/pygments/pygments/issues/1555">#1555</a>, <a href="https://github-redirect.dependabot.com/pygments/pygments/issues/1551">#1551</a>)</li> <li>Rust (<a href="https://github-redirect.dependabot.com/pygments/pygments/issues/1608">#1608</a>)</li> <li>Turtle (<a href="https://github-redirect.dependabot.com/pygments/pygments/issues/1590">#1590</a>, <a href="https://github-redirect.dependabot.com/pygments/pygments/issues/1553">#1553</a>)</li> </ul> </li> <li> <p>Deprecated JsonBareObjectLexer, which is now identical to JsonLexer (<a href="https://github-redirect.dependabot.com/pygments/pygments/issues/1600">#1600</a>)</p> </li> <li> <p>The <code>ImgFormatter</code> now calculates the exact character width, which fixes some issues with overlapping text (<a href="https://github-redirect.dependabot.com/pygments/pygments/issues/1213">#1213</a>, <a href="https://github-redirect.dependabot.com/pygments/pygments/issues/1611">#1611</a>)</p> </li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/pygments/pygments/blob/master/CHANGES">pygments's changelog</a>.</em></p> <blockquote> <h2>Version 2.7.4</h2> <p>(released January 12, 2021)</p> <ul> <li> <p>Updated lexers:</p> <ul> <li> <p>Apache configurations: Improve handling of malformed tags (<a href="https://github-redirect.dependabot.com/pygments/pygments/issues/1656">#1656</a>)</p> </li> <li> <p>CSS: Add support for variables (<a href="https://github-redirect.dependabot.com/pygments/pygments/issues/1633">#1633</a>, <a href="https://github-redirect.dependabot.com/pygments/pygments/issues/1666">#1666</a>)</p> </li> <li> <p>Crystal (<a href="https://github-redirect.dependabot.com/pygments/pygments/issues/1650">#1650</a>, <a href="https://github-redirect.dependabot.com/pygments/pygments/issues/1670">#1670</a>)</p> </li> <li> <p>Coq (<a href="https://github-redirect.dependabot.com/pygments/pygments/issues/1648">#1648</a>)</p> </li> <li> <p>Fortran: Add missing keywords (<a href="https://github-redirect.dependabot.com/pygments/pygments/issues/1635">#1635</a>, <a href="https://github-redirect.dependabot.com/pygments/pygments/issues/1665">#1665</a>)</p> </li> <li> <p>Ini (<a href="https://github-redirect.dependabot.com/pygments/pygments/issues/1624">#1624</a>)</p> </li> <li> <p>JavaScript and variants (<a href="https://github-redirect.dependabot.com/pygments/pygments/issues/1647">#1647</a> -- missing regex flags, <a href="https://github-redirect.dependabot.com/pygments/pygments/issues/1651">#1651</a>)</p> </li> <li> <p>Markdown (<a href="https://github-redirect.dependabot.com/pygments/pygments/issues/1623">#1623</a>, <a href="https://github-redirect.dependabot.com/pygments/pygments/issues/1617">#1617</a>)</p> </li> <li> <p>Shell</p> <ul> <li>Lex trailing whitespace as part of the prompt (<a href="https://github-redirect.dependabot.com/pygments/pygments/issues/1645">#1645</a>)</li> <li>Add missing <code>in</code> keyword (<a href="https://github-redirect.dependabot.com/pygments/pygments/issues/1652">#1652</a>)</li> </ul> </li> <li> <p>SQL - Fix keywords (<a href="https://github-redirect.dependabot.com/pygments/pygments/issues/1668">#1668</a>)</p> </li> <li> <p>Typescript: Fix incorrect punctuation handling (<a href="https://github-redirect.dependabot.com/pygments/pygments/issues/1510">#1510</a>, <a href="https://github-redirect.dependabot.com/pygments/pygments/issues/1511">#1511</a>)</p> </li> </ul> </li> <li> <p>Fix infinite loop in SML lexer (<a href="https://github-redirect.dependabot.com/pygments/pygments/issues/1625">#1625</a>)</p> </li> <li> <p>Fix backtracking string regexes in JavaScript/TypeScript, Modula2 and many other lexers (<a href="https://github-redirect.dependabot.com/pygments/pygments/issues/1637">#1637</a>)</p> </li> <li> <p>Limit recursion with nesting Ruby heredocs (<a href="https://github-redirect.dependabot.com/pygments/pygments/issues/1638">#1638</a>)</p> </li> <li> <p>Fix a few inefficient regexes for guessing lexers</p> </li> <li> <p>Fix the raw token lexer handling of Unicode (<a href="https://github-redirect.dependabot.com/pygments/pygments/issues/1616">#1616</a>)</p> </li> <li> <p>Revert a private API change in the HTML formatter (<a href="https://github-redirect.dependabot.com/pygments/pygments/issues/1655">#1655</a>) -- please note that private APIs remain subject to change!</p> </li> <li> <p>Fix several exponential/cubic-complexity regexes found by Ben Caller/Doyensec (<a href="https://github-redirect.dependabot.com/pygments/pygments/issues/1675">#1675</a>)</p> </li> <li> <p>Fix incorrect MATLAB example (<a href="https://github-redirect.dependabot.com/pygments/pygments/issues/1582">#1582</a>)</p> </li> </ul> <p>Thanks to Google's OSS-Fuzz project for finding many of these bugs.</p> <h2>Version 2.7.3</h2> <p>(released December 6, 2020)</p> <ul> <li> <p>Updated lexers:</p> <ul> <li>Ada (<a href="https://github-redirect.dependabot.com/pygments/pygments/issues/1581">#1581</a>)</li> <li>HTML (<a href="https://github-redirect.dependabot.com/pygments/pygments/issues/1615">#1615</a>, <a href="https://github-redirect.dependabot.com/pygments/pygments/issues/1614">#1614</a>)</li> <li>Java (<a href="https://github-redirect.dependabot.com/pygments/pygments/issues/1594">#1594</a>, <a href="https://github-redirect.dependabot.com/pygments/pygments/issues/1586">#1586</a>)</li> <li>JavaScript (<a href="https://github-redirect.dependabot.com/pygments/pygments/issues/1605">#1605</a>, <a href="https://github-redirect.dependabot.com/pygments/pygments/issues/1589">#1589</a>, <a href="https://github-redirect.dependabot.com/pygments/pygments/issues/1588">#1588</a>)</li> <li>JSON (<a href="https://github-redirect.dependabot.com/pygments/pygments/issues/1569">#1569</a> -- this is a complete rewrite)</li> <li>Lean (<a href="https://github-redirect.dependabot.com/pygments/pygments/issues/1601">#1601</a>)</li> <li>LLVM (<a href="https://github-redirect.dependabot.com/pygments/pygments/issues/1612">#1612</a>)</li> <li>Mason (<a href="https://github-redirect.dependabot.com/pygments/pygments/issues/1592">#1592</a>)</li> </ul> </li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/pygments/pygments/commit/4d555d0fffc914a2a4ac9874416cdaaf8f8c9e74"><code>4d555d0</code></a> Bump version to 2.7.4.</li> <li><a href="https://github.com/pygments/pygments/commit/fc3b05ddf25933e45f670534f79fd1df870e142a"><code>fc3b05d</code></a> Update CHANGES.</li> <li><a href="https://github.com/pygments/pygments/commit/ad21935815ff6402d402b036e204f0333a77031b"><code>ad21935</code></a> Revert "Added dracula theme style (<a href="https://github-redirect.dependabot.com/pygments/pygments/issues/1636">#1636</a>)"</li> <li><a href="https://github.com/pygments/pygments/commit/e411506a23a39f4487ecc36afb616cc4715eb571"><code>e411506</code></a> Prepare for 2.7.4 release.</li> <li><a href="https://github.com/pygments/pygments/commit/275e34d8f0d265bd474f269471b41c635fe559ff"><code>275e34d</code></a> doc: remove Perl 6 ref</li> <li><a href="https://github.com/pygments/pygments/commit/2e7e8c4a7b318f4032493773732754e418279a14"><code>2e7e8c4</code></a> Fix several exponential/cubic complexity regexes found by Ben Caller/Doyensec</li> <li><a href="https://github.com/pygments/pygments/commit/eb39c43b6ef992abadb0d25f0504d0cf2f3ccd86"><code>eb39c43</code></a> xquery: fix pop from empty stack</li> <li><a href="https://github.com/pygments/pygments/commit/2738778c0b9c615bfcae68972fc656d351d676ca"><code>2738778</code></a> fix coding style in test_analyzer_lexer</li> <li><a href="https://github.com/pygments/pygments/commit/02e0f09d796cca5174181e7ae3971cdc010e39b0"><code>02e0f09</code></a> Added 'ERROR STOP' to fortran.py keywords. (<a href="https://github-redirect.dependabot.com/pygments/pygments/issues/1665">#1665</a>)</li> <li><a href="https://github.com/pygments/pygments/commit/c83fe4888868f79415b50f050c047dc7fe11fd3b"><code>c83fe48</code></a> support added for css variables (<a href="https://github-redirect.dependabot.com/pygments/pygments/issues/1633">#1633</a>)</li> <li>Additional commits viewable in <a href="https://github.com/pygments/pygments/compare/2.4.2...2.7.4">compare view</a></li> </ul> </details> <br />

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


<details> <summary>Dependabot commands and options</summary> <br />

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
  • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
  • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
  • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

</details>

+462 -187

0 comment

1 changed file

pr created time in 21 days

create barnchJLDaniel77/my-plotly-dash-demo

branch : dependabot/pip/pygments-2.7.4

created branch time in 21 days

PR opened JLDaniel77/lambdata

Bump pygments from 2.4.2 to 2.7.4

Bumps pygments from 2.4.2 to 2.7.4. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/pygments/pygments/releases">pygments's releases</a>.</em></p> <blockquote> <h2>2.7.4</h2> <ul> <li> <p>Updated lexers:</p> <ul> <li> <p>Apache configurations: Improve handling of malformed tags (<a href="https://github-redirect.dependabot.com/pygments/pygments/issues/1656">#1656</a>)</p> </li> <li> <p>CSS: Add support for variables (<a href="https://github-redirect.dependabot.com/pygments/pygments/issues/1633">#1633</a>, <a href="https://github-redirect.dependabot.com/pygments/pygments/issues/1666">#1666</a>)</p> </li> <li> <p>Crystal (<a href="https://github-redirect.dependabot.com/pygments/pygments/issues/1650">#1650</a>, <a href="https://github-redirect.dependabot.com/pygments/pygments/issues/1670">#1670</a>)</p> </li> <li> <p>Coq (<a href="https://github-redirect.dependabot.com/pygments/pygments/issues/1648">#1648</a>)</p> </li> <li> <p>Fortran: Add missing keywords (<a href="https://github-redirect.dependabot.com/pygments/pygments/issues/1635">#1635</a>, <a href="https://github-redirect.dependabot.com/pygments/pygments/issues/1665">#1665</a>)</p> </li> <li> <p>Ini (<a href="https://github-redirect.dependabot.com/pygments/pygments/issues/1624">#1624</a>)</p> </li> <li> <p>JavaScript and variants (<a href="https://github-redirect.dependabot.com/pygments/pygments/issues/1647">#1647</a> -- missing regex flags, <a href="https://github-redirect.dependabot.com/pygments/pygments/issues/1651">#1651</a>)</p> </li> <li> <p>Markdown (<a href="https://github-redirect.dependabot.com/pygments/pygments/issues/1623">#1623</a>, <a href="https://github-redirect.dependabot.com/pygments/pygments/issues/1617">#1617</a>)</p> </li> <li> <p>Shell</p> <ul> <li>Lex trailing whitespace as part of the prompt (<a href="https://github-redirect.dependabot.com/pygments/pygments/issues/1645">#1645</a>)</li> <li>Add missing <code>in</code> keyword (<a href="https://github-redirect.dependabot.com/pygments/pygments/issues/1652">#1652</a>)</li> </ul> </li> <li> <p>SQL - Fix keywords (<a href="https://github-redirect.dependabot.com/pygments/pygments/issues/1668">#1668</a>)</p> </li> <li> <p>Typescript: Fix incorrect punctuation handling (<a href="https://github-redirect.dependabot.com/pygments/pygments/issues/1510">#1510</a>, <a href="https://github-redirect.dependabot.com/pygments/pygments/issues/1511">#1511</a>)</p> </li> </ul> </li> <li> <p>Fix infinite loop in SML lexer (<a href="https://github-redirect.dependabot.com/pygments/pygments/issues/1625">#1625</a>)</p> </li> <li> <p>Fix backtracking string regexes in JavaScript/TypeScript, Modula2 and many other lexers (<a href="https://github-redirect.dependabot.com/pygments/pygments/issues/1637">#1637</a>)</p> </li> <li> <p>Limit recursion with nesting Ruby heredocs (<a href="https://github-redirect.dependabot.com/pygments/pygments/issues/1638">#1638</a>)</p> </li> <li> <p>Fix a few inefficient regexes for guessing lexers</p> </li> <li> <p>Fix the raw token lexer handling of Unicode (<a href="https://github-redirect.dependabot.com/pygments/pygments/issues/1616">#1616</a>)</p> </li> <li> <p>Revert a private API change in the HTML formatter (<a href="https://github-redirect.dependabot.com/pygments/pygments/issues/1655">#1655</a>) -- please note that private APIs remain subject to change!</p> </li> <li> <p>Fix several exponential/cubic-complexity regexes found by Ben Caller/Doyensec (<a href="https://github-redirect.dependabot.com/pygments/pygments/issues/1675">#1675</a>)</p> </li> <li> <p>Fix incorrect MATLAB example (<a href="https://github-redirect.dependabot.com/pygments/pygments/issues/1582">#1582</a>)</p> </li> </ul> <p>Thanks to Google's OSS-Fuzz project for finding many of these bugs.</p> <h2>2.7.3</h2> <ul> <li> <p>Updated lexers:</p> <ul> <li>Ada (<a href="https://github-redirect.dependabot.com/pygments/pygments/issues/1581">#1581</a>)</li> <li>HTML (<a href="https://github-redirect.dependabot.com/pygments/pygments/issues/1615">#1615</a>, <a href="https://github-redirect.dependabot.com/pygments/pygments/issues/1614">#1614</a>)</li> <li>Java (<a href="https://github-redirect.dependabot.com/pygments/pygments/issues/1594">#1594</a>, <a href="https://github-redirect.dependabot.com/pygments/pygments/issues/1586">#1586</a>)</li> <li>JavaScript (<a href="https://github-redirect.dependabot.com/pygments/pygments/issues/1605">#1605</a>, <a href="https://github-redirect.dependabot.com/pygments/pygments/issues/1589">#1589</a>, <a href="https://github-redirect.dependabot.com/pygments/pygments/issues/1588">#1588</a>)</li> <li>JSON (<a href="https://github-redirect.dependabot.com/pygments/pygments/issues/1569">#1569</a> -- this is a complete rewrite)</li> <li>Lean (<a href="https://github-redirect.dependabot.com/pygments/pygments/issues/1601">#1601</a>)</li> <li>LLVM (<a href="https://github-redirect.dependabot.com/pygments/pygments/issues/1612">#1612</a>)</li> <li>Mason (<a href="https://github-redirect.dependabot.com/pygments/pygments/issues/1592">#1592</a>)</li> <li>MySQL (<a href="https://github-redirect.dependabot.com/pygments/pygments/issues/1555">#1555</a>, <a href="https://github-redirect.dependabot.com/pygments/pygments/issues/1551">#1551</a>)</li> <li>Rust (<a href="https://github-redirect.dependabot.com/pygments/pygments/issues/1608">#1608</a>)</li> <li>Turtle (<a href="https://github-redirect.dependabot.com/pygments/pygments/issues/1590">#1590</a>, <a href="https://github-redirect.dependabot.com/pygments/pygments/issues/1553">#1553</a>)</li> </ul> </li> <li> <p>Deprecated JsonBareObjectLexer, which is now identical to JsonLexer (<a href="https://github-redirect.dependabot.com/pygments/pygments/issues/1600">#1600</a>)</p> </li> <li> <p>The <code>ImgFormatter</code> now calculates the exact character width, which fixes some issues with overlapping text (<a href="https://github-redirect.dependabot.com/pygments/pygments/issues/1213">#1213</a>, <a href="https://github-redirect.dependabot.com/pygments/pygments/issues/1611">#1611</a>)</p> </li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/pygments/pygments/blob/master/CHANGES">pygments's changelog</a>.</em></p> <blockquote> <h2>Version 2.7.4</h2> <p>(released January 12, 2021)</p> <ul> <li> <p>Updated lexers:</p> <ul> <li> <p>Apache configurations: Improve handling of malformed tags (<a href="https://github-redirect.dependabot.com/pygments/pygments/issues/1656">#1656</a>)</p> </li> <li> <p>CSS: Add support for variables (<a href="https://github-redirect.dependabot.com/pygments/pygments/issues/1633">#1633</a>, <a href="https://github-redirect.dependabot.com/pygments/pygments/issues/1666">#1666</a>)</p> </li> <li> <p>Crystal (<a href="https://github-redirect.dependabot.com/pygments/pygments/issues/1650">#1650</a>, <a href="https://github-redirect.dependabot.com/pygments/pygments/issues/1670">#1670</a>)</p> </li> <li> <p>Coq (<a href="https://github-redirect.dependabot.com/pygments/pygments/issues/1648">#1648</a>)</p> </li> <li> <p>Fortran: Add missing keywords (<a href="https://github-redirect.dependabot.com/pygments/pygments/issues/1635">#1635</a>, <a href="https://github-redirect.dependabot.com/pygments/pygments/issues/1665">#1665</a>)</p> </li> <li> <p>Ini (<a href="https://github-redirect.dependabot.com/pygments/pygments/issues/1624">#1624</a>)</p> </li> <li> <p>JavaScript and variants (<a href="https://github-redirect.dependabot.com/pygments/pygments/issues/1647">#1647</a> -- missing regex flags, <a href="https://github-redirect.dependabot.com/pygments/pygments/issues/1651">#1651</a>)</p> </li> <li> <p>Markdown (<a href="https://github-redirect.dependabot.com/pygments/pygments/issues/1623">#1623</a>, <a href="https://github-redirect.dependabot.com/pygments/pygments/issues/1617">#1617</a>)</p> </li> <li> <p>Shell</p> <ul> <li>Lex trailing whitespace as part of the prompt (<a href="https://github-redirect.dependabot.com/pygments/pygments/issues/1645">#1645</a>)</li> <li>Add missing <code>in</code> keyword (<a href="https://github-redirect.dependabot.com/pygments/pygments/issues/1652">#1652</a>)</li> </ul> </li> <li> <p>SQL - Fix keywords (<a href="https://github-redirect.dependabot.com/pygments/pygments/issues/1668">#1668</a>)</p> </li> <li> <p>Typescript: Fix incorrect punctuation handling (<a href="https://github-redirect.dependabot.com/pygments/pygments/issues/1510">#1510</a>, <a href="https://github-redirect.dependabot.com/pygments/pygments/issues/1511">#1511</a>)</p> </li> </ul> </li> <li> <p>Fix infinite loop in SML lexer (<a href="https://github-redirect.dependabot.com/pygments/pygments/issues/1625">#1625</a>)</p> </li> <li> <p>Fix backtracking string regexes in JavaScript/TypeScript, Modula2 and many other lexers (<a href="https://github-redirect.dependabot.com/pygments/pygments/issues/1637">#1637</a>)</p> </li> <li> <p>Limit recursion with nesting Ruby heredocs (<a href="https://github-redirect.dependabot.com/pygments/pygments/issues/1638">#1638</a>)</p> </li> <li> <p>Fix a few inefficient regexes for guessing lexers</p> </li> <li> <p>Fix the raw token lexer handling of Unicode (<a href="https://github-redirect.dependabot.com/pygments/pygments/issues/1616">#1616</a>)</p> </li> <li> <p>Revert a private API change in the HTML formatter (<a href="https://github-redirect.dependabot.com/pygments/pygments/issues/1655">#1655</a>) -- please note that private APIs remain subject to change!</p> </li> <li> <p>Fix several exponential/cubic-complexity regexes found by Ben Caller/Doyensec (<a href="https://github-redirect.dependabot.com/pygments/pygments/issues/1675">#1675</a>)</p> </li> <li> <p>Fix incorrect MATLAB example (<a href="https://github-redirect.dependabot.com/pygments/pygments/issues/1582">#1582</a>)</p> </li> </ul> <p>Thanks to Google's OSS-Fuzz project for finding many of these bugs.</p> <h2>Version 2.7.3</h2> <p>(released December 6, 2020)</p> <ul> <li> <p>Updated lexers:</p> <ul> <li>Ada (<a href="https://github-redirect.dependabot.com/pygments/pygments/issues/1581">#1581</a>)</li> <li>HTML (<a href="https://github-redirect.dependabot.com/pygments/pygments/issues/1615">#1615</a>, <a href="https://github-redirect.dependabot.com/pygments/pygments/issues/1614">#1614</a>)</li> <li>Java (<a href="https://github-redirect.dependabot.com/pygments/pygments/issues/1594">#1594</a>, <a href="https://github-redirect.dependabot.com/pygments/pygments/issues/1586">#1586</a>)</li> <li>JavaScript (<a href="https://github-redirect.dependabot.com/pygments/pygments/issues/1605">#1605</a>, <a href="https://github-redirect.dependabot.com/pygments/pygments/issues/1589">#1589</a>, <a href="https://github-redirect.dependabot.com/pygments/pygments/issues/1588">#1588</a>)</li> <li>JSON (<a href="https://github-redirect.dependabot.com/pygments/pygments/issues/1569">#1569</a> -- this is a complete rewrite)</li> <li>Lean (<a href="https://github-redirect.dependabot.com/pygments/pygments/issues/1601">#1601</a>)</li> <li>LLVM (<a href="https://github-redirect.dependabot.com/pygments/pygments/issues/1612">#1612</a>)</li> <li>Mason (<a href="https://github-redirect.dependabot.com/pygments/pygments/issues/1592">#1592</a>)</li> </ul> </li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/pygments/pygments/commit/4d555d0fffc914a2a4ac9874416cdaaf8f8c9e74"><code>4d555d0</code></a> Bump version to 2.7.4.</li> <li><a href="https://github.com/pygments/pygments/commit/fc3b05ddf25933e45f670534f79fd1df870e142a"><code>fc3b05d</code></a> Update CHANGES.</li> <li><a href="https://github.com/pygments/pygments/commit/ad21935815ff6402d402b036e204f0333a77031b"><code>ad21935</code></a> Revert "Added dracula theme style (<a href="https://github-redirect.dependabot.com/pygments/pygments/issues/1636">#1636</a>)"</li> <li><a href="https://github.com/pygments/pygments/commit/e411506a23a39f4487ecc36afb616cc4715eb571"><code>e411506</code></a> Prepare for 2.7.4 release.</li> <li><a href="https://github.com/pygments/pygments/commit/275e34d8f0d265bd474f269471b41c635fe559ff"><code>275e34d</code></a> doc: remove Perl 6 ref</li> <li><a href="https://github.com/pygments/pygments/commit/2e7e8c4a7b318f4032493773732754e418279a14"><code>2e7e8c4</code></a> Fix several exponential/cubic complexity regexes found by Ben Caller/Doyensec</li> <li><a href="https://github.com/pygments/pygments/commit/eb39c43b6ef992abadb0d25f0504d0cf2f3ccd86"><code>eb39c43</code></a> xquery: fix pop from empty stack</li> <li><a href="https://github.com/pygments/pygments/commit/2738778c0b9c615bfcae68972fc656d351d676ca"><code>2738778</code></a> fix coding style in test_analyzer_lexer</li> <li><a href="https://github.com/pygments/pygments/commit/02e0f09d796cca5174181e7ae3971cdc010e39b0"><code>02e0f09</code></a> Added 'ERROR STOP' to fortran.py keywords. (<a href="https://github-redirect.dependabot.com/pygments/pygments/issues/1665">#1665</a>)</li> <li><a href="https://github.com/pygments/pygments/commit/c83fe4888868f79415b50f050c047dc7fe11fd3b"><code>c83fe48</code></a> support added for css variables (<a href="https://github-redirect.dependabot.com/pygments/pygments/issues/1633">#1633</a>)</li> <li>Additional commits viewable in <a href="https://github.com/pygments/pygments/compare/2.4.2...2.7.4">compare view</a></li> </ul> </details> <br />

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


<details> <summary>Dependabot commands and options</summary> <br />

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
  • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
  • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
  • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

</details>

+111 -89

0 comment

1 changed file

pr created time in 21 days

create barnchJLDaniel77/lambdata

branch : dependabot/pip/pygments-2.7.4

created branch time in 21 days

PR opened JLDaniel77/my-plotly-dash-demo

Bump pyyaml from 5.1.1 to 5.4

Bumps pyyaml from 5.1.1 to 5.4. <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/yaml/pyyaml/blob/master/CHANGES">pyyaml's changelog</a>.</em></p> <blockquote> <p>5.4 (2021-01-19)</p> <ul> <li><a href="https://github-redirect.dependabot.com/yaml/pyyaml/pull/407">yaml/pyyaml#407</a> -- Build modernization, remove distutils, fix metadata, build wheels, CI to GHA</li> <li><a href="https://github-redirect.dependabot.com/yaml/pyyaml/pull/472">yaml/pyyaml#472</a> -- Fix for CVE-2020-14343, moves arbitrary python tags to UnsafeLoader</li> <li><a href="https://github-redirect.dependabot.com/yaml/pyyaml/pull/441">yaml/pyyaml#441</a> -- Fix memory leak in implicit resolver setup</li> <li><a href="https://github-redirect.dependabot.com/yaml/pyyaml/pull/392">yaml/pyyaml#392</a> -- Fix py2 copy support for timezone objects</li> <li><a href="https://github-redirect.dependabot.com/yaml/pyyaml/pull/378">yaml/pyyaml#378</a> -- Fix compatibility with Jython</li> </ul> <p>5.3.1 (2020-03-18)</p> <ul> <li><a href="https://github-redirect.dependabot.com/yaml/pyyaml/pull/386">yaml/pyyaml#386</a> -- Prevents arbitrary code execution during python/object/new constructor</li> </ul> <p>5.3 (2020-01-06)</p> <ul> <li><a href="https://github-redirect.dependabot.com/yaml/pyyaml/pull/290">yaml/pyyaml#290</a> -- Use <code>is</code> instead of equality for comparing with <code>None</code></li> <li><a href="https://github-redirect.dependabot.com/yaml/pyyaml/pull/270">yaml/pyyaml#270</a> -- Fix typos and stylistic nit</li> <li><a href="https://github-redirect.dependabot.com/yaml/pyyaml/pull/309">yaml/pyyaml#309</a> -- Fix up small typo</li> <li><a href="https://github-redirect.dependabot.com/yaml/pyyaml/pull/161">yaml/pyyaml#161</a> -- Fix handling of <strong>slots</strong></li> <li><a href="https://github-redirect.dependabot.com/yaml/pyyaml/pull/358">yaml/pyyaml#358</a> -- Allow calling add_multi_constructor with None</li> <li><a href="https://github-redirect.dependabot.com/yaml/pyyaml/pull/285">yaml/pyyaml#285</a> -- Add use of safe_load() function in README</li> <li><a href="https://github-redirect.dependabot.com/yaml/pyyaml/pull/351">yaml/pyyaml#351</a> -- Fix reader for Unicode code points over 0xFFFF</li> <li><a href="https://github-redirect.dependabot.com/yaml/pyyaml/pull/360">yaml/pyyaml#360</a> -- Enable certain unicode tests when maxunicode not > 0xffff</li> <li><a href="https://github-redirect.dependabot.com/yaml/pyyaml/pull/359">yaml/pyyaml#359</a> -- Use full_load in yaml-highlight example</li> <li><a href="https://github-redirect.dependabot.com/yaml/pyyaml/pull/244">yaml/pyyaml#244</a> -- Document that PyYAML is implemented with Cython</li> <li><a href="https://github-redirect.dependabot.com/yaml/pyyaml/pull/329">yaml/pyyaml#329</a> -- Fix for Python 3.10</li> <li><a href="https://github-redirect.dependabot.com/yaml/pyyaml/pull/310">yaml/pyyaml#310</a> -- Increase size of index, line, and column fields</li> <li><a href="https://github-redirect.dependabot.com/yaml/pyyaml/pull/260">yaml/pyyaml#260</a> -- Remove some unused imports</li> <li><a href="https://github-redirect.dependabot.com/yaml/pyyaml/pull/163">yaml/pyyaml#163</a> -- Create timezone-aware datetimes when parsed as such</li> <li><a href="https://github-redirect.dependabot.com/yaml/pyyaml/pull/363">yaml/pyyaml#363</a> -- Add tests for timezone</li> </ul> <h2>5.2 (2019-12-02)</h2> <ul> <li>Repair incompatibilities introduced with 5.1. The default Loader was changed, but several methods like add_constructor still used the old default <a href="https://github-redirect.dependabot.com/yaml/pyyaml/pull/279">yaml/pyyaml#279</a> -- A more flexible fix for custom tag constructors <a href="https://github-redirect.dependabot.com/yaml/pyyaml/pull/287">yaml/pyyaml#287</a> -- Change default loader for yaml.add_constructor <a href="https://github-redirect.dependabot.com/yaml/pyyaml/pull/305">yaml/pyyaml#305</a> -- Change default loader for add_implicit_resolver, add_path_resolver</li> <li>Make FullLoader safer by removing python/object/apply from the default FullLoader <a href="https://github-redirect.dependabot.com/yaml/pyyaml/pull/347">yaml/pyyaml#347</a> -- Move constructor for object/apply to UnsafeConstructor</li> <li>Fix bug introduced in 5.1 where quoting went wrong on systems with sys.maxunicode <= 0xffff <a href="https://github-redirect.dependabot.com/yaml/pyyaml/pull/276">yaml/pyyaml#276</a> -- Fix logic for quoting special characters</li> <li>Other PRs: <a href="https://github-redirect.dependabot.com/yaml/pyyaml/pull/280">yaml/pyyaml#280</a> -- Update CHANGES for 5.1</li> </ul> <h2>5.1.2 (2019-07-30)</h2> <ul> <li>Re-release of 5.1 with regenerated Cython sources to build properly for Python 3.8b2+</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/yaml/pyyaml/commit/58d0cb7ee09954c67fabfbd714c5673b03e7a9e1"><code>58d0cb7</code></a> 5.4 release</li> <li><a href="https://github.com/yaml/pyyaml/commit/a60f7a19c0b418fe95fcf2ec0957005ae39e1090"><code>a60f7a1</code></a> Fix compatibility with Jython</li> <li><a href="https://github.com/yaml/pyyaml/commit/ee98abd7d7bd2ca9c7b98aa19164fd0306a3f3d2"><code>ee98abd</code></a> Run CI on PR base branch changes</li> <li><a href="https://github.com/yaml/pyyaml/commit/ddf20330be1fae8813b8ce1789c48f244746d252"><code>ddf2033</code></a> constructor.timezone: _<em>copy</em> & <strong>deepcopy</strong></li> <li><a href="https://github.com/yaml/pyyaml/commit/fc914d52c43f499224f7fb4c2d4c47623adc5b33"><code>fc914d5</code></a> Avoid repeatedly appending to yaml_implicit_resolvers</li> <li><a href="https://github.com/yaml/pyyaml/commit/a001f2782501ad2d24986959f0239a354675f9dc"><code>a001f27</code></a> Fix for CVE-2020-14343</li> <li><a href="https://github.com/yaml/pyyaml/commit/fe150624146ee631bb0f95e45731e8b01281fed6"><code>fe15062</code></a> Add 3.9 to appveyor file for completeness sake</li> <li><a href="https://github.com/yaml/pyyaml/commit/1e1c7fb7c09e9149967c208a6fd07276a6140d57"><code>1e1c7fb</code></a> Add a newline character to end of pyproject.toml</li> <li><a href="https://github.com/yaml/pyyaml/commit/0b6b7d61719fbe0a11f0980489f1bf8ce746c164"><code>0b6b7d6</code></a> Start sentences and phrases for capital letters</li> <li><a href="https://github.com/yaml/pyyaml/commit/c97691596eec279ef9191a9b3bba583a17139d5a"><code>c976915</code></a> Shell code improvements</li> <li>Additional commits viewable in <a href="https://github.com/yaml/pyyaml/compare/5.1.1...5.4">compare view</a></li> </ul> </details> <br />

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


<details> <summary>Dependabot commands and options</summary> <br />

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
  • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
  • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
  • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

</details>

+453 -186

0 comment

1 changed file

pr created time in 25 days

create barnchJLDaniel77/my-plotly-dash-demo

branch : dependabot/pip/pyyaml-5.4

created branch time in 25 days

PR opened NBA-Career-Longevity-Predictor/DS

Bump jinja2 from 2.10.1 to 2.11.3

Bumps jinja2 from 2.10.1 to 2.11.3. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/pallets/jinja/releases">jinja2's releases</a>.</em></p> <blockquote> <h2>2.11.3</h2> <p>This contains a fix for a speed issue with the <code>urlize</code> filter. <code>urlize</code> is likely to be called on untrusted user input. For certain inputs some of the regular expressions used to parse the text could take a very long time due to backtracking. As part of the fix, the email matching became slightly stricter. The various speedups apply to <code>urlize</code> in general, not just the specific input cases.</p> <ul> <li>PyPI: <a href="https://pypi.org/project/Jinja2/2.11.3/">https://pypi.org/project/Jinja2/2.11.3/</a></li> <li>Changes: <a href="https://jinja.palletsprojects.com/en/2.11.x/changelog/#version-2-11-3">https://jinja.palletsprojects.com/en/2.11.x/changelog/#version-2-11-3</a></li> </ul> <h2>2.11.2</h2> <ul> <li>Changelog: <a href="https://jinja.palletsprojects.com/en/2.11.x/changelog/#version-2-11-2">https://jinja.palletsprojects.com/en/2.11.x/changelog/#version-2-11-2</a></li> </ul> <h2>2.11.1</h2> <p>This fixes an issue in async environment when indexing the result of an attribute lookup, like <code>{{ data.items[1:] }}</code>.</p> <ul> <li>Changes: <a href="https://jinja.palletsprojects.com/en/2.11.x/changelog/#version-2-11-1">https://jinja.palletsprojects.com/en/2.11.x/changelog/#version-2-11-1</a></li> </ul> <h2>2.11.0</h2> <ul> <li>Changes: <a href="https://jinja.palletsprojects.com/en/2.11.x/changelog/#version-2-11-0">https://jinja.palletsprojects.com/en/2.11.x/changelog/#version-2-11-0</a></li> <li>Blog: <a href="https://palletsprojects.com/blog/jinja-2-11-0-released/">https://palletsprojects.com/blog/jinja-2-11-0-released/</a></li> <li>Twitter: <a href="https://twitter.com/PalletsTeam/status/1221883554537230336">https://twitter.com/PalletsTeam/status/1221883554537230336</a></li> </ul> <p>This is the last version to support Python 2.7 and 3.5. The next version will be Jinja 3.0 and will support Python 3.6 and newer.</p> <h2>2.10.3</h2> <ul> <li>Changes: <a href="http://jinja.palletsprojects.com/en/2.10.x/changelog/#version-2-10-3">http://jinja.palletsprojects.com/en/2.10.x/changelog/#version-2-10-3</a></li> </ul> <h2>2.10.2</h2> <ul> <li>Changes: <a href="http://jinja.palletsprojects.com/en/2.10.x/changelog/#version-2-10-2">http://jinja.palletsprojects.com/en/2.10.x/changelog/#version-2-10-2</a></li> </ul> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/pallets/jinja/blob/master/CHANGES.rst">jinja2's changelog</a>.</em></p> <blockquote> <h2>Version 2.11.3</h2> <p>Released 2021-01-31</p> <ul> <li>Improve the speed of the <code>urlize</code> filter by reducing regex backtracking. Email matching requires a word character at the start of the domain part, and only word characters in the TLD. :pr:<code>1343</code></li> </ul> <h2>Version 2.11.2</h2> <p>Released 2020-04-13</p> <ul> <li>Fix a bug that caused callable objects with <code>getattr</code>, like :class:<code>~unittest.mock.Mock</code> to be treated as a :func:<code>contextfunction</code>. :issue:<code>1145</code></li> <li>Update <code>wordcount</code> filter to trigger :class:<code>Undefined</code> methods by wrapping the input in :func:<code>soft_str</code>. :pr:<code>1160</code></li> <li>Fix a hang when displaying tracebacks on Python 32-bit. :issue:<code>1162</code></li> <li>Showing an undefined error for an object that raises <code>AttributeError</code> on access doesn't cause a recursion error. :issue:<code>1177</code></li> <li>Revert changes to :class:<code>~loaders.PackageLoader</code> from 2.10 which removed the dependency on setuptools and pkg_resources, and added limited support for namespace packages. The changes caused issues when using Pytest. Due to the difficulty in supporting Python 2 and :pep:<code>451</code> simultaneously, the changes are reverted until 3.0. :pr:<code>1182</code></li> <li>Fix line numbers in error messages when newlines are stripped. :pr:<code>1178</code></li> <li>The special <code>namespace()</code> assignment object in templates works in async environments. :issue:<code>1180</code></li> <li>Fix whitespace being removed before tags in the middle of lines when <code>lstrip_blocks</code> is enabled. :issue:<code>1138</code></li> <li>:class:<code>~nativetypes.NativeEnvironment</code> doesn't evaluate intermediate strings during rendering. This prevents early evaluation which could change the value of an expression. :issue:<code>1186</code></li> </ul> <h2>Version 2.11.1</h2> <p>Released 2020-01-30</p> <ul> <li>Fix a bug that prevented looking up a key after an attribute (<code>{{ data.items[1:] }}</code>) in an async template. :issue:<code>1141</code></li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/pallets/jinja/commit/cf215390d4a4d6f0a4de27e2687eed176878f13d"><code>cf21539</code></a> release version 2.11.3</li> <li><a href="https://github.com/pallets/jinja/commit/15ef8f09b659f9100610583938005a7a10472d4d"><code>15ef8f0</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/pallets/jinja/issues/1343">#1343</a> from pallets/urlize-speedup</li> <li><a href="https://github.com/pallets/jinja/commit/ef658dc3b6389b091d608e710a810ce8b87995b3"><code>ef658dc</code></a> speed up urlize matching</li> <li><a href="https://github.com/pallets/jinja/commit/eeca0fecc3318d43f61bc340ad61db641b861ade"><code>eeca0fe</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/pallets/jinja/issues/1207">#1207</a> from mhansen/patch-1</li> <li><a href="https://github.com/pallets/jinja/commit/2dd769111cbb1a2637f805b3b4c652ec8096d371"><code>2dd7691</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/pallets/jinja/issues/1209">#1209</a> from mhansen/patch-3</li> <li><a href="https://github.com/pallets/jinja/commit/48929401db7228db04dfd8e88115dd5c30dc2d86"><code>4892940</code></a> do_dictsort: update example ready to copy/paste</li> <li><a href="https://github.com/pallets/jinja/commit/7db7d336ba12574e6205fdd929386fd529e3fad4"><code>7db7d33</code></a> api.rst: bugfix in docs, import PackageLoader</li> <li><a href="https://github.com/pallets/jinja/commit/9ec465baefe32e305bd4e61da49e6c39360c194e"><code>9ec465b</code></a> fix changelog header</li> <li><a href="https://github.com/pallets/jinja/commit/737a4cd41d09878e7e6c584a2062f5853dc30150"><code>737a4cd</code></a> release version 2.11.2</li> <li><a href="https://github.com/pallets/jinja/commit/179df6b54e87b3d420cabf65fc07b2605ffc05f8"><code>179df6b</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/pallets/jinja/issues/1190">#1190</a> from pallets/native-eval</li> <li>Additional commits viewable in <a href="https://github.com/pallets/jinja/compare/2.10.1...2.11.3">compare view</a></li> </ul> </details> <br />

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


<details> <summary>Dependabot commands and options</summary> <br />

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
  • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
  • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
  • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

</details>

+70 -42

0 comment

1 changed file

pr created time in a month

create barnchNBA-Career-Longevity-Predictor/DS

branch : dependabot/pip/jinja2-2.11.3

created branch time in a month

PR opened JLDaniel77/my-plotly-dash-demo

Bump jinja2 from 2.10.1 to 2.11.3

Bumps jinja2 from 2.10.1 to 2.11.3. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/pallets/jinja/releases">jinja2's releases</a>.</em></p> <blockquote> <h2>2.11.3</h2> <p>This contains a fix for a speed issue with the <code>urlize</code> filter. <code>urlize</code> is likely to be called on untrusted user input. For certain inputs some of the regular expressions used to parse the text could take a very long time due to backtracking. As part of the fix, the email matching became slightly stricter. The various speedups apply to <code>urlize</code> in general, not just the specific input cases.</p> <ul> <li>PyPI: <a href="https://pypi.org/project/Jinja2/2.11.3/">https://pypi.org/project/Jinja2/2.11.3/</a></li> <li>Changes: <a href="https://jinja.palletsprojects.com/en/2.11.x/changelog/#version-2-11-3">https://jinja.palletsprojects.com/en/2.11.x/changelog/#version-2-11-3</a></li> </ul> <h2>2.11.2</h2> <ul> <li>Changelog: <a href="https://jinja.palletsprojects.com/en/2.11.x/changelog/#version-2-11-2">https://jinja.palletsprojects.com/en/2.11.x/changelog/#version-2-11-2</a></li> </ul> <h2>2.11.1</h2> <p>This fixes an issue in async environment when indexing the result of an attribute lookup, like <code>{{ data.items[1:] }}</code>.</p> <ul> <li>Changes: <a href="https://jinja.palletsprojects.com/en/2.11.x/changelog/#version-2-11-1">https://jinja.palletsprojects.com/en/2.11.x/changelog/#version-2-11-1</a></li> </ul> <h2>2.11.0</h2> <ul> <li>Changes: <a href="https://jinja.palletsprojects.com/en/2.11.x/changelog/#version-2-11-0">https://jinja.palletsprojects.com/en/2.11.x/changelog/#version-2-11-0</a></li> <li>Blog: <a href="https://palletsprojects.com/blog/jinja-2-11-0-released/">https://palletsprojects.com/blog/jinja-2-11-0-released/</a></li> <li>Twitter: <a href="https://twitter.com/PalletsTeam/status/1221883554537230336">https://twitter.com/PalletsTeam/status/1221883554537230336</a></li> </ul> <p>This is the last version to support Python 2.7 and 3.5. The next version will be Jinja 3.0 and will support Python 3.6 and newer.</p> <h2>2.10.3</h2> <ul> <li>Changes: <a href="http://jinja.palletsprojects.com/en/2.10.x/changelog/#version-2-10-3">http://jinja.palletsprojects.com/en/2.10.x/changelog/#version-2-10-3</a></li> </ul> <h2>2.10.2</h2> <ul> <li>Changes: <a href="http://jinja.palletsprojects.com/en/2.10.x/changelog/#version-2-10-2">http://jinja.palletsprojects.com/en/2.10.x/changelog/#version-2-10-2</a></li> </ul> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/pallets/jinja/blob/master/CHANGES.rst">jinja2's changelog</a>.</em></p> <blockquote> <h2>Version 2.11.3</h2> <p>Released 2021-01-31</p> <ul> <li>Improve the speed of the <code>urlize</code> filter by reducing regex backtracking. Email matching requires a word character at the start of the domain part, and only word characters in the TLD. :pr:<code>1343</code></li> </ul> <h2>Version 2.11.2</h2> <p>Released 2020-04-13</p> <ul> <li>Fix a bug that caused callable objects with <code>getattr</code>, like :class:<code>~unittest.mock.Mock</code> to be treated as a :func:<code>contextfunction</code>. :issue:<code>1145</code></li> <li>Update <code>wordcount</code> filter to trigger :class:<code>Undefined</code> methods by wrapping the input in :func:<code>soft_str</code>. :pr:<code>1160</code></li> <li>Fix a hang when displaying tracebacks on Python 32-bit. :issue:<code>1162</code></li> <li>Showing an undefined error for an object that raises <code>AttributeError</code> on access doesn't cause a recursion error. :issue:<code>1177</code></li> <li>Revert changes to :class:<code>~loaders.PackageLoader</code> from 2.10 which removed the dependency on setuptools and pkg_resources, and added limited support for namespace packages. The changes caused issues when using Pytest. Due to the difficulty in supporting Python 2 and :pep:<code>451</code> simultaneously, the changes are reverted until 3.0. :pr:<code>1182</code></li> <li>Fix line numbers in error messages when newlines are stripped. :pr:<code>1178</code></li> <li>The special <code>namespace()</code> assignment object in templates works in async environments. :issue:<code>1180</code></li> <li>Fix whitespace being removed before tags in the middle of lines when <code>lstrip_blocks</code> is enabled. :issue:<code>1138</code></li> <li>:class:<code>~nativetypes.NativeEnvironment</code> doesn't evaluate intermediate strings during rendering. This prevents early evaluation which could change the value of an expression. :issue:<code>1186</code></li> </ul> <h2>Version 2.11.1</h2> <p>Released 2020-01-30</p> <ul> <li>Fix a bug that prevented looking up a key after an attribute (<code>{{ data.items[1:] }}</code>) in an async template. :issue:<code>1141</code></li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/pallets/jinja/commit/cf215390d4a4d6f0a4de27e2687eed176878f13d"><code>cf21539</code></a> release version 2.11.3</li> <li><a href="https://github.com/pallets/jinja/commit/15ef8f09b659f9100610583938005a7a10472d4d"><code>15ef8f0</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/pallets/jinja/issues/1343">#1343</a> from pallets/urlize-speedup</li> <li><a href="https://github.com/pallets/jinja/commit/ef658dc3b6389b091d608e710a810ce8b87995b3"><code>ef658dc</code></a> speed up urlize matching</li> <li><a href="https://github.com/pallets/jinja/commit/eeca0fecc3318d43f61bc340ad61db641b861ade"><code>eeca0fe</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/pallets/jinja/issues/1207">#1207</a> from mhansen/patch-1</li> <li><a href="https://github.com/pallets/jinja/commit/2dd769111cbb1a2637f805b3b4c652ec8096d371"><code>2dd7691</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/pallets/jinja/issues/1209">#1209</a> from mhansen/patch-3</li> <li><a href="https://github.com/pallets/jinja/commit/48929401db7228db04dfd8e88115dd5c30dc2d86"><code>4892940</code></a> do_dictsort: update example ready to copy/paste</li> <li><a href="https://github.com/pallets/jinja/commit/7db7d336ba12574e6205fdd929386fd529e3fad4"><code>7db7d33</code></a> api.rst: bugfix in docs, import PackageLoader</li> <li><a href="https://github.com/pallets/jinja/commit/9ec465baefe32e305bd4e61da49e6c39360c194e"><code>9ec465b</code></a> fix changelog header</li> <li><a href="https://github.com/pallets/jinja/commit/737a4cd41d09878e7e6c584a2062f5853dc30150"><code>737a4cd</code></a> release version 2.11.2</li> <li><a href="https://github.com/pallets/jinja/commit/179df6b54e87b3d420cabf65fc07b2605ffc05f8"><code>179df6b</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/pallets/jinja/issues/1190">#1190</a> from pallets/native-eval</li> <li>Additional commits viewable in <a href="https://github.com/pallets/jinja/compare/2.10.1...2.11.3">compare view</a></li> </ul> </details> <br />

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


<details> <summary>Dependabot commands and options</summary> <br />

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
  • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
  • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
  • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

</details>

+461 -187

0 comment

1 changed file

pr created time in a month

create barnchJLDaniel77/my-plotly-dash-demo

branch : dependabot/pip/jinja2-2.11.3

created branch time in a month

PR opened JLDaniel77/Simple-Flask-API

Bump jinja2 from 2.10.1 to 2.11.3

Bumps jinja2 from 2.10.1 to 2.11.3. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/pallets/jinja/releases">jinja2's releases</a>.</em></p> <blockquote> <h2>2.11.3</h2> <p>This contains a fix for a speed issue with the <code>urlize</code> filter. <code>urlize</code> is likely to be called on untrusted user input. For certain inputs some of the regular expressions used to parse the text could take a very long time due to backtracking. As part of the fix, the email matching became slightly stricter. The various speedups apply to <code>urlize</code> in general, not just the specific input cases.</p> <ul> <li>PyPI: <a href="https://pypi.org/project/Jinja2/2.11.3/">https://pypi.org/project/Jinja2/2.11.3/</a></li> <li>Changes: <a href="https://jinja.palletsprojects.com/en/2.11.x/changelog/#version-2-11-3">https://jinja.palletsprojects.com/en/2.11.x/changelog/#version-2-11-3</a></li> </ul> <h2>2.11.2</h2> <ul> <li>Changelog: <a href="https://jinja.palletsprojects.com/en/2.11.x/changelog/#version-2-11-2">https://jinja.palletsprojects.com/en/2.11.x/changelog/#version-2-11-2</a></li> </ul> <h2>2.11.1</h2> <p>This fixes an issue in async environment when indexing the result of an attribute lookup, like <code>{{ data.items[1:] }}</code>.</p> <ul> <li>Changes: <a href="https://jinja.palletsprojects.com/en/2.11.x/changelog/#version-2-11-1">https://jinja.palletsprojects.com/en/2.11.x/changelog/#version-2-11-1</a></li> </ul> <h2>2.11.0</h2> <ul> <li>Changes: <a href="https://jinja.palletsprojects.com/en/2.11.x/changelog/#version-2-11-0">https://jinja.palletsprojects.com/en/2.11.x/changelog/#version-2-11-0</a></li> <li>Blog: <a href="https://palletsprojects.com/blog/jinja-2-11-0-released/">https://palletsprojects.com/blog/jinja-2-11-0-released/</a></li> <li>Twitter: <a href="https://twitter.com/PalletsTeam/status/1221883554537230336">https://twitter.com/PalletsTeam/status/1221883554537230336</a></li> </ul> <p>This is the last version to support Python 2.7 and 3.5. The next version will be Jinja 3.0 and will support Python 3.6 and newer.</p> <h2>2.10.3</h2> <ul> <li>Changes: <a href="http://jinja.palletsprojects.com/en/2.10.x/changelog/#version-2-10-3">http://jinja.palletsprojects.com/en/2.10.x/changelog/#version-2-10-3</a></li> </ul> <h2>2.10.2</h2> <ul> <li>Changes: <a href="http://jinja.palletsprojects.com/en/2.10.x/changelog/#version-2-10-2">http://jinja.palletsprojects.com/en/2.10.x/changelog/#version-2-10-2</a></li> </ul> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/pallets/jinja/blob/master/CHANGES.rst">jinja2's changelog</a>.</em></p> <blockquote> <h2>Version 2.11.3</h2> <p>Released 2021-01-31</p> <ul> <li>Improve the speed of the <code>urlize</code> filter by reducing regex backtracking. Email matching requires a word character at the start of the domain part, and only word characters in the TLD. :pr:<code>1343</code></li> </ul> <h2>Version 2.11.2</h2> <p>Released 2020-04-13</p> <ul> <li>Fix a bug that caused callable objects with <code>getattr</code>, like :class:<code>~unittest.mock.Mock</code> to be treated as a :func:<code>contextfunction</code>. :issue:<code>1145</code></li> <li>Update <code>wordcount</code> filter to trigger :class:<code>Undefined</code> methods by wrapping the input in :func:<code>soft_str</code>. :pr:<code>1160</code></li> <li>Fix a hang when displaying tracebacks on Python 32-bit. :issue:<code>1162</code></li> <li>Showing an undefined error for an object that raises <code>AttributeError</code> on access doesn't cause a recursion error. :issue:<code>1177</code></li> <li>Revert changes to :class:<code>~loaders.PackageLoader</code> from 2.10 which removed the dependency on setuptools and pkg_resources, and added limited support for namespace packages. The changes caused issues when using Pytest. Due to the difficulty in supporting Python 2 and :pep:<code>451</code> simultaneously, the changes are reverted until 3.0. :pr:<code>1182</code></li> <li>Fix line numbers in error messages when newlines are stripped. :pr:<code>1178</code></li> <li>The special <code>namespace()</code> assignment object in templates works in async environments. :issue:<code>1180</code></li> <li>Fix whitespace being removed before tags in the middle of lines when <code>lstrip_blocks</code> is enabled. :issue:<code>1138</code></li> <li>:class:<code>~nativetypes.NativeEnvironment</code> doesn't evaluate intermediate strings during rendering. This prevents early evaluation which could change the value of an expression. :issue:<code>1186</code></li> </ul> <h2>Version 2.11.1</h2> <p>Released 2020-01-30</p> <ul> <li>Fix a bug that prevented looking up a key after an attribute (<code>{{ data.items[1:] }}</code>) in an async template. :issue:<code>1141</code></li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/pallets/jinja/commit/cf215390d4a4d6f0a4de27e2687eed176878f13d"><code>cf21539</code></a> release version 2.11.3</li> <li><a href="https://github.com/pallets/jinja/commit/15ef8f09b659f9100610583938005a7a10472d4d"><code>15ef8f0</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/pallets/jinja/issues/1343">#1343</a> from pallets/urlize-speedup</li> <li><a href="https://github.com/pallets/jinja/commit/ef658dc3b6389b091d608e710a810ce8b87995b3"><code>ef658dc</code></a> speed up urlize matching</li> <li><a href="https://github.com/pallets/jinja/commit/eeca0fecc3318d43f61bc340ad61db641b861ade"><code>eeca0fe</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/pallets/jinja/issues/1207">#1207</a> from mhansen/patch-1</li> <li><a href="https://github.com/pallets/jinja/commit/2dd769111cbb1a2637f805b3b4c652ec8096d371"><code>2dd7691</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/pallets/jinja/issues/1209">#1209</a> from mhansen/patch-3</li> <li><a href="https://github.com/pallets/jinja/commit/48929401db7228db04dfd8e88115dd5c30dc2d86"><code>4892940</code></a> do_dictsort: update example ready to copy/paste</li> <li><a href="https://github.com/pallets/jinja/commit/7db7d336ba12574e6205fdd929386fd529e3fad4"><code>7db7d33</code></a> api.rst: bugfix in docs, import PackageLoader</li> <li><a href="https://github.com/pallets/jinja/commit/9ec465baefe32e305bd4e61da49e6c39360c194e"><code>9ec465b</code></a> fix changelog header</li> <li><a href="https://github.com/pallets/jinja/commit/737a4cd41d09878e7e6c584a2062f5853dc30150"><code>737a4cd</code></a> release version 2.11.2</li> <li><a href="https://github.com/pallets/jinja/commit/179df6b54e87b3d420cabf65fc07b2605ffc05f8"><code>179df6b</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/pallets/jinja/issues/1190">#1190</a> from pallets/native-eval</li> <li>Additional commits viewable in <a href="https://github.com/pallets/jinja/compare/2.10.1...2.11.3">compare view</a></li> </ul> </details> <br />

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


<details> <summary>Dependabot commands and options</summary> <br />

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
  • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
  • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
  • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

</details>

+1 -1

0 comment

1 changed file

pr created time in a month

create barnchJLDaniel77/Simple-Flask-API

branch : dependabot/pip/jinja2-2.11.3

created branch time in a month

delete branch cs25-bw-andrew/frontend

delete branch : dependabot/npm_and_yarn/client/elliptic-6.5.3

delete time in a month

PR closed cs25-bw-andrew/frontend

Bump elliptic from 6.5.2 to 6.5.3 in /client dependencies

Bumps elliptic from 6.5.2 to 6.5.3. <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/indutny/elliptic/commit/8647803dc3d90506aa03021737f7b061ba959ae1"><code>8647803</code></a> 6.5.3</li> <li><a href="https://github.com/indutny/elliptic/commit/856fe4d99fe7b6200556e6400b3bf585b1721bec"><code>856fe4d</code></a> signature: prevent malleability and overflows</li> <li>See full diff in <a href="https://github.com/indutny/elliptic/compare/v6.5.2...v6.5.3">compare view</a></li> </ul> </details> <br />

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


<details> <summary>Dependabot commands and options</summary> <br />

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
  • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
  • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
  • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

</details>

+6 -6

1 comment

1 changed file

dependabot[bot]

pr closed time in a month

pull request commentcs25-bw-andrew/frontend

Bump elliptic from 6.5.2 to 6.5.3 in /client

Superseded by #18.

dependabot[bot]

comment created time in a month

PR opened cs25-bw-andrew/frontend

Bump elliptic from 6.5.2 to 6.5.4 in /client

Bumps elliptic from 6.5.2 to 6.5.4. <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/indutny/elliptic/commit/43ac7f230069bd1575e1e4a58394a512303ba803"><code>43ac7f2</code></a> 6.5.4</li> <li><a href="https://github.com/indutny/elliptic/commit/f4bc72be11b0a508fb790f445c43534307c9255b"><code>f4bc72b</code></a> package: bump deps</li> <li><a href="https://github.com/indutny/elliptic/commit/441b7428b0e8f6636c42118ad2aaa186d3c34c3f"><code>441b742</code></a> ec: validate that a point before deriving keys</li> <li><a href="https://github.com/indutny/elliptic/commit/e71b2d9359c5fe9437fbf46f1f05096de447de57"><code>e71b2d9</code></a> lib: relint using eslint</li> <li><a href="https://github.com/indutny/elliptic/commit/8421a01aa3ff789c79f91eaf8845558a7be2b9fa"><code>8421a01</code></a> build(deps): bump elliptic from 6.4.1 to 6.5.3 (<a href="https://github-redirect.dependabot.com/indutny/elliptic/issues/231">#231</a>)</li> <li><a href="https://github.com/indutny/elliptic/commit/8647803dc3d90506aa03021737f7b061ba959ae1"><code>8647803</code></a> 6.5.3</li> <li><a href="https://github.com/indutny/elliptic/commit/856fe4d99fe7b6200556e6400b3bf585b1721bec"><code>856fe4d</code></a> signature: prevent malleability and overflows</li> <li>See full diff in <a href="https://github.com/indutny/elliptic/compare/v6.5.2...v6.5.4">compare view</a></li> </ul> </details> <br />

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


<details> <summary>Dependabot commands and options</summary> <br />

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
  • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
  • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
  • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

</details>

+17 -17

0 comment

1 changed file

pr created time in a month

delete branch JLDaniel77/my-plotly-dash-demo

delete branch : dependabot/pip/bleach-3.1.4

delete time in 3 months

PR closed JLDaniel77/my-plotly-dash-demo

Bump bleach from 3.1.0 to 3.1.4 dependencies

Bumps bleach from 3.1.0 to 3.1.4. <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/mozilla/bleach/blob/master/CHANGES">bleach's changelog</a>.</em></p> <blockquote> <h2>Version 3.1.4 (March 24th, 2020)</h2> <p><strong>Security fixes</strong></p> <ul> <li> <p><code>bleach.clean</code> behavior parsing style attributes could result in a regular expression denial of service (ReDoS).</p> <p>Calls to <code>bleach.clean</code> with an allowed tag with an allowed <code>style</code> attribute were vulnerable to ReDoS. For example, <code>bleach.clean(..., attributes={'a': ['style']})</code>.</p> <p>This issue was confirmed in Bleach versions v3.1.3, v3.1.2, v3.1.1, v3.1.0, v3.0.0, v2.1.4, and v2.1.3. Earlier versions used a similar regular expression and should be considered vulnerable too.</p> <p>Anyone using Bleach <=v3.1.3 is encouraged to upgrade.</p> <p><a href="https://bugzilla.mozilla.org/show_bug.cgi?id=1623633">https://bugzilla.mozilla.org/show_bug.cgi?id=1623633</a></p> </li> </ul> <p><strong>Backwards incompatible changes</strong></p> <ul> <li>Style attributes with dashes, or single or double quoted values are cleaned instead of passed through.</li> </ul> <p><strong>Features</strong></p> <p>None</p> <p><strong>Bug fixes</strong></p> <p>None</p> <h2>Version 3.1.3 (March 17th, 2020)</h2> <p><strong>Security fixes</strong></p> <p>None</p> <p><strong>Backwards incompatible changes</strong></p> <p>None</p> <p><strong>Features</strong></p> <ul> <li> <p>Add relative link to code of conduct. (<a href="https://github-redirect.dependabot.com/mozilla/bleach/issues/442">#442</a>)</p> </li> <li> <p>Drop deprecated 'setup.py test' support. (<a href="https://github-redirect.dependabot.com/mozilla/bleach/issues/507">#507</a>)</p> </li> </ul> </tr></table> ... (truncated) </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/mozilla/bleach/commit/6e74a5027b57055cdaeb040343d32934121392a7"><code>6e74a50</code></a> Update for v3.1.4 release</li> <li><a href="https://github.com/mozilla/bleach/commit/d6018f2539d271963c3e7f54f36ef11900363c69"><code>d6018f2</code></a> fix bug 1623633</li> <li><a href="https://github.com/mozilla/bleach/commit/fc77027e67cc04aff6f4d4885358705f98ad20f4"><code>fc77027</code></a> Merge branch 'v3.1.0-branch'</li> <li><a href="https://github.com/mozilla/bleach/commit/e4b1c50e098c33f82c862a34bb2a40f9c4458f46"><code>e4b1c50</code></a> Update for v3.1.3 release</li> <li><a href="https://github.com/mozilla/bleach/commit/59cc502cee44bd18adc78619e6baed7a108c3ba1"><code>59cc502</code></a> Update for v3.1.2 release</li> <li><a href="https://github.com/mozilla/bleach/commit/3f39d489ab7a1b38df8c245e9bd66217c1698369"><code>3f39d48</code></a> add wheel to requirements-dev</li> <li><a href="https://github.com/mozilla/bleach/commit/175f67740e7951e1d80cefb7831e6c3e4efeb986"><code>175f677</code></a> fix bug 1621692</li> <li><a href="https://github.com/mozilla/bleach/commit/78a06726dd6c72a42c90c1f7a8fa5d21ebcfa587"><code>78a0672</code></a> Update for v3.1.2 release</li> <li><a href="https://github.com/mozilla/bleach/commit/7b625ff9f6888a08037700269fb23e3ef863b8a7"><code>7b625ff</code></a> add wheel to requirements-dev</li> <li><a href="https://github.com/mozilla/bleach/commit/e4e9e21e7aebff40c88fafa4319bba4636a602d9"><code>e4e9e21</code></a> fix bug 1621692</li> <li>Additional commits viewable in <a href="https://github.com/mozilla/bleach/compare/v3.1.0...v3.1.4">compare view</a></li> </ul> </details> <br />

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


<details> <summary>Dependabot commands and options</summary> <br />

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
  • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
  • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
  • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

</details>

+196 -167

1 comment

1 changed file

dependabot[bot]

pr closed time in 3 months

pull request commentJLDaniel77/my-plotly-dash-demo

Bump bleach from 3.1.0 to 3.1.4

Superseded by #5.

dependabot[bot]

comment created time in 3 months

PR opened JLDaniel77/my-plotly-dash-demo

Bump bleach from 3.1.0 to 3.3.0

Bumps bleach from 3.1.0 to 3.3.0. <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/mozilla/bleach/blob/master/CHANGES">bleach's changelog</a>.</em></p> <blockquote> <h2>Version 3.3.0 (February 1st, 2021)</h2> <p><strong>Backwards incompatible changes</strong></p> <ul> <li>clean escapes HTML comments even when strip_comments=False</li> </ul> <p><strong>Security fixes</strong></p> <ul> <li>Fix bug 1621692 / GHSA-m6xf-fq7q-8743. See the advisory for details.</li> </ul> <p><strong>Features</strong></p> <p>None</p> <p><strong>Bug fixes</strong></p> <p>None</p> <h2>Version 3.2.3 (January 26th, 2021)</h2> <p><strong>Security fixes</strong></p> <p>None</p> <p><strong>Features</strong></p> <p>None</p> <p><strong>Bug fixes</strong></p> <ul> <li>fix clean and linkify raising ValueErrors for certain inputs. Thank you <a href="https://github.com/Google-Autofuzz"><code>@Google-Autofuzz</code></a>.</li> </ul> <h2>Version 3.2.2 (January 20th, 2021)</h2> <p><strong>Security fixes</strong></p> <p>None</p> <p><strong>Features</strong></p> <ul> <li>Migrate CI to Github Actions. Thank you <a href="https://github.com/hugovk"><code>@hugovk</code></a>.</li> </ul> <p><strong>Bug fixes</strong></p> <ul> <li>fix linkify raising an IndexError on certain inputs. Thank you <a href="https://github.com/Google-Autofuzz"><code>@Google-Autofuzz</code></a>.</li> </ul> <p>Version 3.2.1 (September 18th, 2020)</p> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/mozilla/bleach/commit/79b7a3c5e56a09d1d323a5006afa59b56162eb13"><code>79b7a3c</code></a> Merge pull request from GHSA-vv2x-vrpj-qqpq</li> <li><a href="https://github.com/mozilla/bleach/commit/842fcb4a05e59d9a22dafb8c51865ee79d753c03"><code>842fcb4</code></a> Update for v3.3.0 release</li> <li><a href="https://github.com/mozilla/bleach/commit/1334134d34397966a7f7cfebd38639e9ba2c680e"><code>1334134</code></a> sanitizer: escape HTML comments</li> <li><a href="https://github.com/mozilla/bleach/commit/c045a8b2a02bfb77bb9cacd5d3e5926c056074d2"><code>c045a8b</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/mozilla/bleach/issues/581">#581</a> from mozilla/nit-fixes</li> <li><a href="https://github.com/mozilla/bleach/commit/491abb06ce89012d852f4c5ab3aff8f572532611"><code>491abb0</code></a> fix typo s/vnedoring/vendoring/</li> <li><a href="https://github.com/mozilla/bleach/commit/10b1c5dda8ebceffce1d8f7d66d4b309b4f8c0cf"><code>10b1c5d</code></a> vendor: add html5lib-1.1.dist-info/REQUESTED</li> <li><a href="https://github.com/mozilla/bleach/commit/cd838c3b527021f2780d77718488fa03d81f08e3"><code>cd838c3</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/mozilla/bleach/issues/579">#579</a> from mozilla/validate-convert-entity-code-points</li> <li><a href="https://github.com/mozilla/bleach/commit/612b8080ada0fba45f0575bfcd4f3a0bda7bfaca"><code>612b808</code></a> Update for v3.2.3 release</li> <li><a href="https://github.com/mozilla/bleach/commit/6879f6a67058c0d5977a8aa580b6338c9d34ff0e"><code>6879f6a</code></a> html5lib_shim: validate unicode points for convert_entity</li> <li><a href="https://github.com/mozilla/bleach/commit/90cb80be961aaf650ebc65b2ba2b789a2e9b129f"><code>90cb80b</code></a> Update for v3.2.2 release</li> <li>Additional commits viewable in <a href="https://github.com/mozilla/bleach/compare/v3.1.0...v3.3.0">compare view</a></li> </ul> </details> <br />

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


<details> <summary>Dependabot commands and options</summary> <br />

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
  • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
  • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
  • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

</details>

+450 -183

0 comment

1 changed file

pr created time in 3 months

create barnchJLDaniel77/my-plotly-dash-demo

branch : dependabot/pip/bleach-3.3.0

created branch time in 3 months

delete branch JLDaniel77/lambdata

delete branch : dependabot/pip/bleach-3.1.4

delete time in 3 months

PR closed JLDaniel77/lambdata

Bump bleach from 3.1.0 to 3.1.4 dependencies

Bumps bleach from 3.1.0 to 3.1.4. <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/mozilla/bleach/blob/master/CHANGES">bleach's changelog</a>.</em></p> <blockquote> <h2>Version 3.1.4 (March 24th, 2020)</h2> <p><strong>Security fixes</strong></p> <ul> <li> <p><code>bleach.clean</code> behavior parsing style attributes could result in a regular expression denial of service (ReDoS).</p> <p>Calls to <code>bleach.clean</code> with an allowed tag with an allowed <code>style</code> attribute were vulnerable to ReDoS. For example, <code>bleach.clean(..., attributes={'a': ['style']})</code>.</p> <p>This issue was confirmed in Bleach versions v3.1.3, v3.1.2, v3.1.1, v3.1.0, v3.0.0, v2.1.4, and v2.1.3. Earlier versions used a similar regular expression and should be considered vulnerable too.</p> <p>Anyone using Bleach <=v3.1.3 is encouraged to upgrade.</p> <p><a href="https://bugzilla.mozilla.org/show_bug.cgi?id=1623633">https://bugzilla.mozilla.org/show_bug.cgi?id=1623633</a></p> </li> </ul> <p><strong>Backwards incompatible changes</strong></p> <ul> <li>Style attributes with dashes, or single or double quoted values are cleaned instead of passed through.</li> </ul> <p><strong>Features</strong></p> <p>None</p> <p><strong>Bug fixes</strong></p> <p>None</p> <h2>Version 3.1.3 (March 17th, 2020)</h2> <p><strong>Security fixes</strong></p> <p>None</p> <p><strong>Backwards incompatible changes</strong></p> <p>None</p> <p><strong>Features</strong></p> <ul> <li> <p>Add relative link to code of conduct. (<a href="https://github-redirect.dependabot.com/mozilla/bleach/issues/442">#442</a>)</p> </li> <li> <p>Drop deprecated 'setup.py test' support. (<a href="https://github-redirect.dependabot.com/mozilla/bleach/issues/507">#507</a>)</p> </li> </ul> </tr></table> ... (truncated) </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/mozilla/bleach/commit/6e74a5027b57055cdaeb040343d32934121392a7"><code>6e74a50</code></a> Update for v3.1.4 release</li> <li><a href="https://github.com/mozilla/bleach/commit/d6018f2539d271963c3e7f54f36ef11900363c69"><code>d6018f2</code></a> fix bug 1623633</li> <li><a href="https://github.com/mozilla/bleach/commit/fc77027e67cc04aff6f4d4885358705f98ad20f4"><code>fc77027</code></a> Merge branch 'v3.1.0-branch'</li> <li><a href="https://github.com/mozilla/bleach/commit/e4b1c50e098c33f82c862a34bb2a40f9c4458f46"><code>e4b1c50</code></a> Update for v3.1.3 release</li> <li><a href="https://github.com/mozilla/bleach/commit/59cc502cee44bd18adc78619e6baed7a108c3ba1"><code>59cc502</code></a> Update for v3.1.2 release</li> <li><a href="https://github.com/mozilla/bleach/commit/3f39d489ab7a1b38df8c245e9bd66217c1698369"><code>3f39d48</code></a> add wheel to requirements-dev</li> <li><a href="https://github.com/mozilla/bleach/commit/175f67740e7951e1d80cefb7831e6c3e4efeb986"><code>175f677</code></a> fix bug 1621692</li> <li><a href="https://github.com/mozilla/bleach/commit/78a06726dd6c72a42c90c1f7a8fa5d21ebcfa587"><code>78a0672</code></a> Update for v3.1.2 release</li> <li><a href="https://github.com/mozilla/bleach/commit/7b625ff9f6888a08037700269fb23e3ef863b8a7"><code>7b625ff</code></a> add wheel to requirements-dev</li> <li><a href="https://github.com/mozilla/bleach/commit/e4e9e21e7aebff40c88fafa4319bba4636a602d9"><code>e4e9e21</code></a> fix bug 1621692</li> <li>Additional commits viewable in <a href="https://github.com/mozilla/bleach/compare/v3.1.0...v3.1.4">compare view</a></li> </ul> </details> <br />

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


<details> <summary>Dependabot commands and options</summary> <br />

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
  • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
  • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
  • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

</details>

+87 -83

1 comment

1 changed file

dependabot[bot]

pr closed time in 3 months

pull request commentJLDaniel77/lambdata

Bump bleach from 3.1.0 to 3.1.4

Superseded by #4.

dependabot[bot]

comment created time in 3 months

PR opened JLDaniel77/lambdata

Bump bleach from 3.1.0 to 3.3.0

Bumps bleach from 3.1.0 to 3.3.0. <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/mozilla/bleach/blob/master/CHANGES">bleach's changelog</a>.</em></p> <blockquote> <h2>Version 3.3.0 (February 1st, 2021)</h2> <p><strong>Backwards incompatible changes</strong></p> <ul> <li>clean escapes HTML comments even when strip_comments=False</li> </ul> <p><strong>Security fixes</strong></p> <ul> <li>Fix bug 1621692 / GHSA-m6xf-fq7q-8743. See the advisory for details.</li> </ul> <p><strong>Features</strong></p> <p>None</p> <p><strong>Bug fixes</strong></p> <p>None</p> <h2>Version 3.2.3 (January 26th, 2021)</h2> <p><strong>Security fixes</strong></p> <p>None</p> <p><strong>Features</strong></p> <p>None</p> <p><strong>Bug fixes</strong></p> <ul> <li>fix clean and linkify raising ValueErrors for certain inputs. Thank you <a href="https://github.com/Google-Autofuzz"><code>@Google-Autofuzz</code></a>.</li> </ul> <h2>Version 3.2.2 (January 20th, 2021)</h2> <p><strong>Security fixes</strong></p> <p>None</p> <p><strong>Features</strong></p> <ul> <li>Migrate CI to Github Actions. Thank you <a href="https://github.com/hugovk"><code>@hugovk</code></a>.</li> </ul> <p><strong>Bug fixes</strong></p> <ul> <li>fix linkify raising an IndexError on certain inputs. Thank you <a href="https://github.com/Google-Autofuzz"><code>@Google-Autofuzz</code></a>.</li> </ul> <p>Version 3.2.1 (September 18th, 2020)</p> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/mozilla/bleach/commit/79b7a3c5e56a09d1d323a5006afa59b56162eb13"><code>79b7a3c</code></a> Merge pull request from GHSA-vv2x-vrpj-qqpq</li> <li><a href="https://github.com/mozilla/bleach/commit/842fcb4a05e59d9a22dafb8c51865ee79d753c03"><code>842fcb4</code></a> Update for v3.3.0 release</li> <li><a href="https://github.com/mozilla/bleach/commit/1334134d34397966a7f7cfebd38639e9ba2c680e"><code>1334134</code></a> sanitizer: escape HTML comments</li> <li><a href="https://github.com/mozilla/bleach/commit/c045a8b2a02bfb77bb9cacd5d3e5926c056074d2"><code>c045a8b</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/mozilla/bleach/issues/581">#581</a> from mozilla/nit-fixes</li> <li><a href="https://github.com/mozilla/bleach/commit/491abb06ce89012d852f4c5ab3aff8f572532611"><code>491abb0</code></a> fix typo s/vnedoring/vendoring/</li> <li><a href="https://github.com/mozilla/bleach/commit/10b1c5dda8ebceffce1d8f7d66d4b309b4f8c0cf"><code>10b1c5d</code></a> vendor: add html5lib-1.1.dist-info/REQUESTED</li> <li><a href="https://github.com/mozilla/bleach/commit/cd838c3b527021f2780d77718488fa03d81f08e3"><code>cd838c3</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/mozilla/bleach/issues/579">#579</a> from mozilla/validate-convert-entity-code-points</li> <li><a href="https://github.com/mozilla/bleach/commit/612b8080ada0fba45f0575bfcd4f3a0bda7bfaca"><code>612b808</code></a> Update for v3.2.3 release</li> <li><a href="https://github.com/mozilla/bleach/commit/6879f6a67058c0d5977a8aa580b6338c9d34ff0e"><code>6879f6a</code></a> html5lib_shim: validate unicode points for convert_entity</li> <li><a href="https://github.com/mozilla/bleach/commit/90cb80be961aaf650ebc65b2ba2b789a2e9b129f"><code>90cb80b</code></a> Update for v3.2.2 release</li> <li>Additional commits viewable in <a href="https://github.com/mozilla/bleach/compare/v3.1.0...v3.3.0">compare view</a></li> </ul> </details> <br />

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


<details> <summary>Dependabot commands and options</summary> <br />

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
  • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
  • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
  • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

</details>

+111 -89

0 comment

1 changed file

pr created time in 3 months

create barnchJLDaniel77/lambdata

branch : dependabot/pip/bleach-3.3.0

created branch time in 3 months