Bump the pip group across 2 directories with 13 updates

[dependabot]

Bumps the pip group with 8 updates in the / directory:

Package	From	To
cryptography	3.4.6	42.0.4
ipython	7.20.0	8.10.0
jupyter-core	4.7.1	4.11.2
notebook	6.2.0	6.4.12
py	1.10.0	1.11.0
tornado	6.1	6.3.3
tqdm	4.57.0	4.66.3
wheel	0.36.2	0.38.1

Bumps the pip group with 5 updates in the /docs directory:

Package	From	To
babel	2.9.0	2.9.1
certifi	2020.12.5	2023.7.22
jinja2	2.11.3	3.1.4
requests	2.25.1	2.31.0
urllib3	1.26.3	1.26.18

Updates cryptography from 3.4.6 to 42.0.4

Changelog

Sourced from cryptography's changelog.

42.0.4 - 2024-02-20

* Fixed a null-pointer-dereference and segfault that could occur when creating
  a PKCS#12 bundle. Credit to **Alexander-Programming** for reporting the
  issue. **CVE-2024-26130**
* Fixed ASN.1 encoding for PKCS7/SMIME signed messages. The fields ``SMIMECapabilities``
  and ``SignatureAlgorithmIdentifier`` should now be correctly encoded according to the
  definitions in :rfc:`2633` :rfc:`3370`.
.. _v42-0-3:
42.0.3 - 2024-02-15

• Fixed an initialization issue that caused key loading failures for some users.

.. _v42-0-2:

42.0.2 - 2024-01-30

* Updated Windows, macOS, and Linux wheels to be compiled with OpenSSL 3.2.1.
* Fixed an issue that prevented the use of Python buffer protocol objects in
  ``sign`` and ``verify`` methods on asymmetric keys.
* Fixed an issue with incorrect keyword-argument naming with ``EllipticCurvePrivateKey``
  :meth:`~cryptography.hazmat.primitives.asymmetric.ec.EllipticCurvePrivateKey.exchange`,
  ``X25519PrivateKey``
  :meth:`~cryptography.hazmat.primitives.asymmetric.x25519.X25519PrivateKey.exchange`,
  ``X448PrivateKey``
  :meth:`~cryptography.hazmat.primitives.asymmetric.x448.X448PrivateKey.exchange`,
  and ``DHPrivateKey``
  :meth:`~cryptography.hazmat.primitives.asymmetric.dh.DHPrivateKey.exchange`.
.. _v42-0-1:
42.0.1 - 2024-01-24

• Fixed an issue with incorrect keyword-argument naming with EllipticCurvePrivateKey :meth:~cryptography.hazmat.primitives.asymmetric.ec.EllipticCurvePrivateKey.sign.
• Resolved compatibility issue with loading certain RSA public keys in :func:~cryptography.hazmat.primitives.serialization.load_pem_public_key.

.. _v42-0-0:

42.0.0 - 2024-01-22

</tr></table> 

... (truncated)

Commits

• fe18470 Bump for 42.0.4 release (#10445)
• aaa2dd0 Fix ASN.1 issues in PKCS#7 and S/MIME signing (#10373) (#10442)
• 7a4d012 Fixes #10422 -- don't crash when a PKCS#12 key and cert don't match (#10423) ...
• df314bb backport actions m1 switch to 42.0.x (#10415)
• c49a7a5 changelog and version bump for 42.0.3 (#10396)
• 396bcf6 fix provider loading take two (#10390) (#10395)
• 0e0e46f backport: initialize openssl's legacy provider in rust (#10323) (#10333)
• 2202123 changelog and version bump 42.0.2 (#10268)
• f7032bd bump openssl in CI (#10298) (#10299)
• 002e886 Fixes #10294 -- correct accidental change to exchange kwarg (#10295) (#10296)
• Additional commits viewable in compare view

Updates ipython from 7.20.0 to 8.10.0

Commits

• 15ea1ed release 8.10.0
• 560ad10 DOC: Update what's new for 8.10 (#13939)
• 7557ade DOC: Update what's new for 8.10
• 385d693 Merge pull request from GHSA-29gw-9793-fvw7
• e548ee2 Swallow potential exceptions from showtraceback() (#13934)
• 0694b08 MAINT: mock slowest test. (#13885)
• 8655912 MAINT: mock slowest test.
• a011765 Isolate the attack tests with setUp and tearDown methods
• c7a9470 Add some regression tests for this change
• fd34cf5 Swallow potential exceptions from showtraceback()
• Additional commits viewable in compare view

Updates jupyter-core from 4.7.1 to 4.11.2

Release notes

Sourced from jupyter-core's releases.

4.11.1

What's Changed

• Fix inclusion of jupyter file and check in CI by @​blink1073 in jupyter/jupyter_core#276

Full Changelog: jupyter/jupyter_core@4.11.0...4.11.1

4.11.0

What's Changed

• Use hatch backend by @​blink1073 in jupyter/jupyter_core#265
• is_hidden: Use normalized paths by @​martinRenou in jupyter/jupyter_core#271

New Contributors

• @​martinRenou made their first contribution in jupyter/jupyter_core#271

Full Changelog: jupyter/jupyter_core@4.10.0...4.11.0

4.10.0

What's Changed

• Update changelog for 4.9.2 by @​blink1073 in jupyter/jupyter_core#252
• Include all files from jupyter_core by @​jonringer in jupyter/jupyter_core#253
• Add project URLs to setup.cfg by @​tlinhart in jupyter/jupyter_core#254
• Set up pre-commit by @​blink1073 in jupyter/jupyter_core#255
• [pre-commit.ci] pre-commit autoupdate by @​pre-commit-ci in jupyter/jupyter_core#257
• Add flake8 and mypy settings by @​blink1073 in jupyter/jupyter_core#256
• Clean up CI by @​blink1073 in jupyter/jupyter_core#258
• Update changelog for 4.10 Release by @​blink1073 in jupyter/jupyter_core#259

New Contributors

• @​jonringer made their first contribution in jupyter/jupyter_core#253
• @​tlinhart made their first contribution in jupyter/jupyter_core#254
• @​pre-commit-ci made their first contribution in jupyter/jupyter_core#257

Full Changelog: jupyter/jupyter_core@4.9.2...4.10.0

4.9.2

What's Changed

• set proper sys.argv[0] for subcommand by @​bnavigator in jupyter/jupyter_core#248
• Add explicit encoding in open calls by @​dlukes in jupyter/jupyter_core#249
• jupyter_config_dir - reorder home_dir initialization by @​dharmaquark in jupyter/jupyter_core#251

New Contributors

• @​bnavigator made their first contribution in jupyter/jupyter_core#248
• @​dlukes made their first contribution in jupyter/jupyter_core#249
• @​dharmaquark made their first contribution in jupyter/jupyter_core#251

Full Changelog: jupyter/jupyter_core@4.9.1...4.9.2

Changelog

Sourced from jupyter-core's changelog.

Changes in jupyter-core

5.7.2

(Full Changelog)

Maintenance and upkeep improvements

• Update Release Scripts #396 (@​blink1073)
• Enforce pytest 7 #393 (@​blink1073)
• chore: update pre-commit hooks #392 (@​pre-commit-ci)

Contributors to this release

(GitHub contributors page for this release)

@​blink1073 | @​pre-commit-ci

5.7.1

(Full Changelog)

Bugs fixed

• Derive JupyterAsyncApp from JupyterApp #389 (@​blink1073)

Contributors to this release

(GitHub contributors page for this release)

@​blink1073

5.7.0

(Full Changelog)

Enhancements made

• Modernize event loop behavior #387 (@​blink1073)

Maintenance and upkeep improvements

• chore: update pre-commit hooks #388 (@​pre-commit-ci)

Contributors to this release

... (truncated)

Commits

• a8eac8c Release 4.11.2
• 1118c8c Merge pull request from GHSA-m678-f26j-3hrp
• d3f61f3 Release 4.11.1
• e7eeb9e Fix inclusion of jupyter file and check in CI (#276)
• 035bf11 Release 4.11.0
• 45aa28b [pre-commit.ci] pre-commit autoupdate (#273)
• 73401cc [pre-commit.ci] pre-commit autoupdate (#272)
• bc6b771 is_hidden: Use normalized paths (#271)
• be38e52 [pre-commit.ci] pre-commit autoupdate (#270)
• 7b790d8 [pre-commit.ci] pre-commit autoupdate (#269)
• Additional commits viewable in compare view

Updates notebook from 6.2.0 to 6.4.12

Release notes

Sourced from notebook's releases.

6.4.12

What's Changed

• Address security advisory GHSA-v7vq-3x77-87vg

Full Changelog: jupyter/notebook@v6.4.11...6.4.12

v6.4.11

6.4.11

(Full Changelog)

Bugs fixed

• Update further to ipykernel comm refactoring #6358 (@​echarles)

Maintenance and upkeep improvements

• Add testpath to the test dependencies. #6357 (@​echarles)
• Temporary workaround to fix js-tests related to sanitizer js loading by phantomjs #6356 (@​echarles)
• Use place-hold.it instead of plaecehold.it to create image placeholders #6320 (@​echarles)
• Migrate to python 3.7+ #6260 - Fixes #6256 (@​penguinolog)

Contributors to this release

(GitHub contributors page for this release)

@​blink1073 | @​echarles | @​fcollonval | @​github-actions | @​jtpio | @​penguinolog

v6.4.8

6.4.8

(Full Changelog)

Bugs fixed

• Fix to remove potential memory leak on Jupyter Notebooks ZMQChannelHandler code #6251 (@​Vishwajeet0510)

Contributors to this release

(GitHub contributors page for this release)

@​Vishwajeet0510

v6.4.7

... (truncated)

Changelog

Sourced from notebook's changelog.

Changelog

A summary of changes in the Jupyter notebook. For more detailed information, see GitHub.

Use pip install notebook --upgrade or conda upgrade notebook to upgrade to the latest release.

We strongly recommend that you upgrade pip to version 9+ of pip before upgrading notebook.

Use pip install pip --upgrade to upgrade pip. Check pip version with pip --version.

v7.1

Jupyter Notebook 7.1 is based on JupyterLab 4.1, and includes a number of new features, bug fixes, and enhancements for extension developers. This release is compatible with extensions supporting JupyterLab 4.0. Extension authors are recommended to consult the Extension Migration Guide which lists deprecations and changes to the public API.

Below are a few highlights for this new release. Most of the new features and improvements come from the update to JupyterLab 4.1, although they are not all supported in Notebook 7.1.

For reference you may have a look at the JupyterLab 4.1 changelog to learn more: https://jupyterlab.readthedocs.io/en/latest/getting_started/changelog.html#v4-1

Diagrams in Markdown

Matching GitHub-Flavoured Markdown, JupyterLab 4.1 now supports Mermaid diagrams. To create a mermaid diagram use the mermaid language specifier for a code block in a markdown cell or document, for example:

```mermaid
flowchart LR
A[Hard] -->|Text| B(Round)
B --> C{Decision}
C -->|One| D[Result 1]
C -->|Two| E[Result 2]
</code></pre>
<p>which renders as:</p>
<!-- raw HTML omitted -->
<h3>Inline completer</h3>
<p>JupyterLab now supports completion presented as ghost text in the cell and file editors,
allowing generative AI models to provide multi-line completions. This can now also be leveraged in Jupyter Notebook.</p>
<p>The suggestions are provided by plugins implementing the <code>IInlineCompletionProvider</code> API;
by default a single provider which uses kernel history is available.</p>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>

<li><a href="https://github.com/jupyter/notebook/commit/aee45355b568650cf650f4e2d3d551570655f844&quot;&gt;&lt;code&gt;aee4535&lt;/code&gt;&lt;/a> Release 6.4.12</li>

<li><a href="https://github.com/jupyter/notebook/commit/a161ffac6bfff2491fe5c4e9f6111256b8b57f08&quot;&gt;&lt;code&gt;a161ffa&lt;/code&gt;&lt;/a> Merge pull request from GHSA-v7vq-3x77-87vg</li>

<li><a href="https://github.com/jupyter/notebook/commit/b79702ccdbc40a1fda5a87a3f73854e8267529e6&quot;&gt;&lt;code&gt;b79702c&lt;/code&gt;&lt;/a> updated error messages to not mention hidden files</li>

<li><a href="https://github.com/jupyter/notebook/commit/cb3dc22f0f152c1dcbcdb1aa3514748758f432a8&quot;&gt;&lt;code&gt;cb3dc22&lt;/code&gt;&lt;/a> Update notebook/services/contents/filemanager.py</li>

<li><a href="https://github.com/jupyter/notebook/commit/1c3d7a60cd16deddba5b1344f5c94f967ba682d8&quot;&gt;&lt;code&gt;1c3d7a6&lt;/code&gt;&lt;/a> added hidden checks on handlers.py and accompanying tests</li>

<li><a href="https://github.com/jupyter/notebook/commit/f69eb96cff7149b38bca068f4b7faaa7baf55902&quot;&gt;&lt;code&gt;f69eb96&lt;/code&gt;&lt;/a> added hidden checks on FileContentsManager and accompanying tests</li>

<li><a href="https://github.com/jupyter/notebook/commit/2a76184f46ed6a7afcdd01e9ba660010abb9c977&quot;&gt;&lt;code&gt;2a76184&lt;/code&gt;&lt;/a> add checks for hidden file or path on file get</li>

<li><a href="https://github.com/jupyter/notebook/commit/920c5cc3745cebceed8e77380164d126d7f92ca9&quot;&gt;&lt;code&gt;920c5cc&lt;/code&gt;&lt;/a> Merge pull request <a href="https://redirect.github.com/jupyter/notebook/issues/6421&quot;&gt;#6421&lt;/a> from RRosio/update-version</li>

<li><a href="https://github.com/jupyter/notebook/commit/d4eb85d0f9e2845d0889ef8a19486b96c850cba9&quot;&gt;&lt;code&gt;d4eb85d&lt;/code&gt;&lt;/a> updating version to show dev</li>

<li><a href="https://github.com/jupyter/notebook/commit/8109251477fd813c1b94c6b0c7fbb9e051512b44&quot;&gt;&lt;code&gt;8109251&lt;/code&gt;&lt;/a> Publish 6.4.11</li>

<li>Additional commits viewable in <a href="https://github.com/jupyter/notebook/compare/6.2.0...6.4.12&quot;&gt;compare view</a></li>

</ul>

</details>
<br />


Updates py from 1.10.0 to 1.11.0

Changelog
Sourced from py's changelog.

1.11.0 (2021-11-04)

Support Python 3.11
Support NO_COLOR environment variable
Update vendored apipkg: 1.5 => 2.0




Commits

447bac5 Update CHANGELOG.rst
6d003d9 Update CHANGELOG.rst
9cf613f Declare support for Python 3.8-3.10
d831150 Update python_requires: Python 3.4 was already dropped
e68532e Update CHANGELOG for 1.11.0
2f03e5a Merge pull request #258 from blueyed/NO_COLOR
e116b2b Merge pull request #275 from pytest-dev/upgrade-vendor-libs
f3a1a59 remove build pin again
f6cbf28 try to use pipx tox
3fe9ad7 try to use preinstalled tox
Additional commits viewable in compare view




Updates tornado from 6.1 to 6.3.3

Changelog
Sourced from tornado's changelog.

Release notes
.. toctree::
:maxdepth: 2
releases/v6.4.0
releases/v6.3.3
releases/v6.3.2
releases/v6.3.1
releases/v6.3.0
releases/v6.2.0
releases/v6.1.0
releases/v6.0.4
releases/v6.0.3
releases/v6.0.2
releases/v6.0.1
releases/v6.0.0
releases/v5.1.1
releases/v5.1.0
releases/v5.0.2
releases/v5.0.1
releases/v5.0.0
releases/v4.5.3
releases/v4.5.2
releases/v4.5.1
releases/v4.5.0
releases/v4.4.3
releases/v4.4.2
releases/v4.4.1
releases/v4.4.0
releases/v4.3.0
releases/v4.2.1
releases/v4.2.0
releases/v4.1.0
releases/v4.0.2
releases/v4.0.1
releases/v4.0.0
releases/v3.2.2
releases/v3.2.1
releases/v3.2.0
releases/v3.1.1
releases/v3.1.0
releases/v3.0.2
releases/v3.0.1
releases/v3.0.0
releases/v2.4.1
releases/v2.4.0
releases/v2.3.0
releases/v2.2.1


... (truncated)


Commits

e4d6984 Merge pull request #3307 from bdarnell/branch6.3
6a9e6fb ci: Don't test py312 in branch6.3
5c8a9a4 Set version to 6.3.3
7dfe8b5 httpserver_test: Add ExpectLog to fix CI
217295b http1connection: Make content-length parsing more strict
e3aa6c5 Merge pull request #3267 from bdarnell/branch6.3
34f5c1c Version 6.3.2
32ad07c web: Fix an open redirect in StaticFileHandler
e0fa53e Merge pull request #3257 from bdarnell/build-workflow-wstest-warning
f5a1d5c ci: Only run pypi actions from the main repo
Additional commits viewable in compare view




Updates tqdm from 4.57.0 to 4.66.3

Release notes
Sourced from tqdm's releases.

tqdm v4.66.3 stable

cli: eval safety (fixes CVE-2024-34062, GHSA-g7vv-2v7x-gj9p)

tqdm v4.66.2 stable

pandas: add DataFrame.progress_map (#1549)
notebook: fix HTML padding (#1506)
keras: fix resuming training when verbose>=2 (#1508)
fix format_num negative fractions missing leading zero (#1548)
fix Python 3.12 DeprecationWarning on import (#1519)
linting: use f-strings (#1549)
update tests (#1549)

fix pandas warnings
fix asv (airspeed-velocity/asv#1323)
fix macos notebook docstring indentation


CI: bump actions (#1549)

tqdm v4.66.1 stable

fix utils.envwrap types (#1493 <- #1491, #1320 <- #966, #1319)

e.g. cloudwatch & kubernetes workaround: export TQDM_POSITION=-1


drop mentions of unsupported Python versions

tqdm v4.66.0 stable

environment variables to override defaults (TQDM_*) (#1491 <- #1061, #950 <- #614, #1318, #619, #612, #370)

e.g. in CI jobs, export TQDM_MININTERVAL=5 to avoid log spam
add tests & docs for tqdm.utils.envwrap


fix & update CLI completion
fix & update API docs
minor code tidy: replace os.path => pathlib.Path
fix docs image hosting
release with CI bot account again (cli/cli#6680)

tqdm v4.65.2 stable

exclude examples from distributed wheel (#1492)

tqdm v4.65.1 stable

migrate setup.{cfg,py} => pyproject.toml (#1490)

fix asv benchmarks
update docs


fix snap build (#1490)
fix & update tests (#1490)

fix flaky notebook tests
bump pre-commit
bump workflow actions



tqdm v4.65.0 stable

add Python 3.11 and drop Python 3.6 support (#1439, #1419, #502 <- #720, #620)
misc code & docs tidy
fix & update CI workflows & tests

tqdm v4.64.1 stable


... (truncated)


Commits

4e613f8 Merge pull request from GHSA-g7vv-2v7x-gj9p
b53348c cli: eval safety
cc372d0 bump version, merge pull request #1549 from tqdm/devel
e9f0c05 use PyPI trusted publishing
7323d5b slight makefile clean
5306125 tests: bump pre-commit
4a6fd4f fix datetime.utcfromtimestamp py3.12 warning (#1519)
6f13759 tests: fix macos notebook indentation
3abcd2a tests: fix asv
a4d15c8 tests: fix pandas warnings
Additional commits viewable in compare view




Updates wheel from 0.36.2 to 0.38.1

Changelog
Sourced from wheel's changelog.

Release Notes
UNRELEASED

Canonicalize requirements in METADATA file (PR by Wim Jeantine-Glenn)

0.43.0 (2024-03-11)

Dropped support for Python 3.7
Updated vendored packaging to 24.0

0.42.0 (2023-11-26)

Allowed removing build tag with wheel tags --build ""
Fixed wheel pack and wheel tags writing updated WHEEL fields after a
blank line, causing other tools to ignore them
Fixed wheel pack and wheel tags writing WHEEL with CRLF line endings or
a mix of CRLF and LF
Fixed wheel pack --build-number "" not removing build tag from WHEEL
(above changes by Benjamin Gilbert)

0.41.3 (2023-10-30)

Updated vendored packaging to 23.2
Fixed ABI tag generation for CPython 3.13a1 on Windows (PR by Sam Gross)

0.41.2 (2023-08-22)

Fixed platform tag detection for GraalPy and 32-bit python running on an aarch64
kernel (PR by Matthieu Darbois)
Fixed wheel tags to not list directories in RECORD files
(PR by Mike Taves)
Fixed ABI tag generation for GraalPy (PR by Michael Simacek)

0.41.1 (2023-08-05)

Fixed naming of the data_dir directory in the presence of local version segment
given via egg_info.tag_build (PR by Anderson Bravalheri)
Fixed version specifiers in Requires-Dist being wrapped in parentheses

0.41.0 (2023-07-22)

Added full support of the build tag syntax to wheel tags (you can now set a build
tag like 123mytag)
Fixed warning on Python 3.12 about onerror deprecation. (PR by Henry Schreiner)
Support testing on Python 3.12 betas (PR by Ewout ter Hoeven)

0.40.0 (2023-03-14)


... (truncated)


Commits

6f1608d Created a new release
cf8f5ef Moved news item from PR #484 to its proper place
9ec2016 Removed install dependency on setuptools (#483)
747e1f6 Fixed PyPy SOABI parsing (#484)
7627548 [pre-commit.ci] pre-commit autoupdate (#480)
7b9e8e1 Test on Python 3.11 final
a04dfef Updated the pypi-publish action
94bb62c Fixed docs not building due to code style changes
d635664 Updated the codecov action to the latest version
fcb94cd Updated version to match the release
Additional commits viewable in compare view




Updates babel from 2.9.0 to 2.9.1

Release notes
Sourced from babel's releases.

Version 2.9.1
Bugfixes

The internal locale-data loading functions now validate the name of the locale file to be loaded and only allow files within Babel's data directory.  Thank you to Chris Lyne of Tenable, Inc. for discovering the issue!




Changelog
Sourced from babel's changelog.

Version 2.9.1
Bugfixes

* The internal locale-data loading functions now validate the name of the locale file to be loaded and only
  allow files within Babel's data directory.  Thank you to Chris Lyne of Tenable, Inc. for discovering the issue!




Commits

a99fa24 Use 2.9.0's setup.py for 2.9.1
60b33e0 Become 2.9.1
412015e Merge pull request #782 from python-babel/locale-basename
5caf717 Disallow special filenames on Windows
3a700b5 Run locale identifiers through os.path.basename()
5afe2b2 Merge pull request #754 from python-babel/github-ci
58de834 Replace Travis + Appveyor with GitHub Actions (WIP)
d1bbc08 import_cldr: use logging; add -q option
156b7fb Quiesce CLDR download progress bar if requested (or not a TTY)
613dc17 Make the import warnings about unsupported number systems less verbose
Additional commits viewable in compare view




Updates certifi from 2020.12.5 to 2023.7.22

Commits

8fb96ed 2023.07.22
afe7722 Bump actions/setup-python from 4.6.1 to 4.7.0 (#230)
2038739 Bump dessant/lock-threads from 3.0.0 to 4.0.1 (#229)
44df761 Hash pin Actions and enable dependabot (#228)
8b3d7ba 2023.05.07
53da240 ci: Add Python 3.12-dev to the testing (#224)
c2fc3b1 Create a Security Policy (#222)
c211ef4 Set up permissions to github workflows (#218)
2087de5 Don't let deprecation warning fail CI (#219)
e0b9fc5 remove paragraphs about 1024-bit roots from README
Additional commits viewable in compare view




Updates jinja2 from 2.11.3 to 3.1.4

Release notes
Sourced from jinja2's releases.

3.1.4
This is the Jinja 3.1.4 security release, which fixes security issues and bugs but does not otherwise change behavior and should not result in breaking changes.
PyPI: https://pypi.org/project/Jinja2/3.1.4/
Changes: https://jinja.palletsprojects.com/en/3.1.x/changes/#version-3-1-4

The xmlattr filter does not allow keys with / solidus, > greater-than sign, or = equals sign, in addition to disallowing spaces. Regardless of any validation done by Jinja, user input should never be used as keys to this filter, or must be separately validated first. GHSA-h75v-3vvj-5mfj

3.1.3
This is a fix release for the 3.1.x feature branch.

Fix for GHSA-h5c8-rqwp-cp95. You are affected if you are using xmlattr and passing user input as attribute keys.
Changes: https://jinja.palletsprojects.com/en/3.1.x/changes/#version-3-1-3
Milestone: https://github.com/pallets/jinja/milestone/15?closed=1

3.1.2
This is a fix release for the 3.1.0 feature release.

Changes: https://jinja.palletsprojects.com/en/3.1.x/changes/#version-3-1-2
Milestone: https://github.com/pallets/jinja/milestone/13?closed=1

3.1.1

Changes: https://jinja.palletsprojects.com/en/3.1.x/changes/#version-3-1-1
Milestone: https://github.com/pallets/jinja/milestone/12?closed=1

3.1.0
This is a feature release, which includes new features and removes previously deprecated features. The 3.1.x branch is now the supported bugfix branch, the 3.0.x branch has become a tag marking the end of support for that branch. We encourage everyone to upgrade, and to use a tool such as pip-tools to pin all dependencies and control upgrades. We also encourage upgrading to MarkupSafe 2.1.1, the latest version at this time.

Changes: https://jinja.palletsprojects.com/en/3.1.x/changes/#version-3-1-0
Milestone: https://github.com/pallets/jinja/milestone/8?closed=1
MarkupSafe changes: https://markupsafe.palletsprojects.com/en/2.1.x/changes/#version-2-1-1

3.0.3

Changes: https://jinja.palletsprojects.com/en/3.0.x/changes/#version-3-0-3

3.0.2

Changes: https://jinja.palletsprojects.com/en/3.0.x/changes/#version-3-0-2

3.0.1

Changes: https://jinja.palletsprojects.com/en/3.0.x/changes/#version-3-0-1

3.0.0
New major versions of all the core Pallets libraries, including Jinja 3.0, have been released! :tada:

Read the announcement on our blog: https://palletsprojects.com/blog/flask-2-0-released/
Read the full list of changes: https://jinja.palletsprojects.com/changes/#version-3-0-0
Retweet the announcement on Twitter: https://twitter.com/PalletsTeam/status/1392266507296514048
Follow our blog, Twitter, or GitHub to see future announcements.

This represents a significant amount of work, and there are quite a few changes. Be sure to carefully read the changelog, and use tools such as pip-compile and Dependabot to pin your dependencies and control your updates.


... (truncated)


Changelog
Sourced from jinja2's changelog.

Version 3.1.4
Released 2024-05-05

The xmlattr filter does not allow keys with / solidus, >
greater-than sign, or = equals sign, in addition to disallowing spaces.
Regardless of any validation done by Jinja, user input should never be used
as keys to this filter, or must be separately validated first.
:ghsa:h75v-3vvj-5mfj

Version 3.1.3
Released 2024-01-10

Fix compiler error when checking if required blocks in parent templates are
empty. :pr:1858
xmlattr filter does not allow keys with spaces. :ghsa:h5c8-rqwp-cp95
Make error messages stemming from invalid nesting of {% trans %} blocks
more helpful. :pr:1918

Version 3.1.2
Released 2022-04-28

Add parameters to Environment.overlay to match __init__.
:issue:1645
Handle race condition in FileSystemBytecodeCache. :issue:1654

Version 3.1.1
Released 2022-03-25

The template filename on Windows uses the primary path separator.
:issue:1637

Version 3.1.0
Released 2022-03-24

Drop support for Python 3.6. :pr:1534
Remove previously deprecated code. :pr:1544



... (truncated)


Commits

dd4a8b5 release version 3.1.4
0668239 Merge pull request from GHSA-h75v-3vvj-5mfj
d655030 disallow invalid characters in keys to xmlattr filter
a7863ba add ghsa links
b5c98e7 start version 3.1.4
da3a9f0 update project files (#1968)
0ee5eb4 satisfy formatter, linter, and strict mypy
20477c6 update project files (#5457)
e491223 update pyyaml dev dependency
36f9885 fix pr link
Additional commits viewable in compare view




Updates requests from 2.25.1 to 2.31.0

Release notes
Sourced from requests's releases.

v2.31.0
2.31.0 (2023-05-22)
Security


Versions of Requests between v2.3.0 and v2.30.0 are vulnerable to potential
forwarding of Proxy-Authorization headers to destination servers when
following HTTPS redirects.
When proxies are defined with user info (https://user:pass@proxy:8080), Requests
will construct a Proxy-Authorization header that is attached to the request to
authenticate with the proxy.
In cases where Requests receives a redirect response, it previously reattached
the Proxy-Authorization header incorrectly, resulting in the value being
sent through the tunneled connection to the destination server. Users who rely on
defining their proxy credentials in the URL are strongly encouraged to upgrade
to Requests 2.31.0+ to prevent unintentional leakage and rotate their proxy
credentials once the change has been fully deployed.
Users who do not use a proxy or do not supply their proxy credentials through
the user information portion of their proxy URL are not subject to this
vulnerability.
Full details can be read in our Github Security Advisory
and CVE-2023-32681.


v2.30.0
2.30.0 (2023-05-03)
Dependencies


⚠️ Added support for urllib3 2.0. ⚠️
This may contain minor breaking changes so we advise careful testing and
reviewing https://urllib3.readthedocs.io/en/latest/v2-migration-guide.html
prior to upgrading.
Users who wish to stay on urllib3 1.x can pin to urllib3<2.


v2.29.0
2.29.0 (2023-04-26)
Improvements

Requests now defers chunked requests to the urllib3 implementation to improve
standardization. (#6226)
Requests relaxes header component requirements to support bytes/str subclasses. (#6356)



... (truncated)


Changelog
Sourced from requests's changelog.

2.31.0 (2023-05-22)
Security


Versions of Requests between v2.3.0 and v2.30.0 are vulnerable to potential
forwarding of Proxy-Authorization headers to destination servers when
following HTTPS redirects.
When proxies are defined with user info (https://user:pass@proxy:8080), Requests
will construct a Proxy-Authorization header that is attached to the request to
authenticate with the proxy.
In cases where Requests receives a redirect response, it previously reattached
the Proxy-Authorization header incorrectly, resulting in the value being
sent through the tunneled connection to the destination server. Users who rely on
defining their proxy credentials in the URL are strongly encouraged to upgrade
to Requests 2.31.0+ to prevent unintentional leakage and rotate their proxy
credentials once the change has been fully deployed.
Users who do not use a proxy or do not supply their proxy credentials through
the user information portion of their proxy URL are not subject to this
vulnerability.
Full details can be read in our Github Security Advisory
and CVE-2023-32681.


2.30.0 (2023-05-03)
Dependencies


⚠️ Added support for urllib3 2.0. ⚠️
This may contain minor breaking changes so we advise careful testing and
reviewing https://urllib3.readthedocs.io/en/latest/v2-migration-guide.html
prior to upgrading.
Users who wish to stay on urllib3 1.x can pin to urllib3<2.


2.29.0 (2023-04-26)
Improvements

Requests now defers chunked requests to the urllib3 implementation to improve
standardization. (#6226)
Requests relaxes header component requirements to support bytes/str subclasses. (#6356)

2.28.2 (2023-01-12)


... (truncated)


Commits

147c851 v2.31.0

[dependabot]

Superseded by #91.