Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Bump markdown from 3.5.2 to 3.6 (#437)
Bumps [markdown](https://github.com/Python-Markdown/markdown) from 3.5.2 to 3.6. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/Python-Markdown/markdown/releases">markdown's releases</a>.</em></p> <blockquote> <h2>Release 3.6</h2> <h3>Changed</h3> <h4>Refactor TOC Sanitation</h4> <ul> <li>All postprocessors are now run on heading content.</li> <li>Footnote references are now stripped from heading content. Fixes <a href="https://redirect.github.com/Python-Markdown/markdown/issues/660">#660</a>.</li> <li>A more robust <code>striptags</code> is provided to convert headings to plain text. Unlike, the <code>markupsafe</code> implementation, HTML entities are not unescaped.</li> <li>The plain text <code>name</code>, rich <code>html</code>, and unescaped raw <code>data-toc-label</code> are saved to <code>toc_tokens</code>, allowing users to access the full rich text content of the headings directly from <code>toc_tokens</code>.</li> <li>The value of <code>data-toc-label</code> is sanitized separate from heading content before being written to <code>name</code>. This fixes a bug which allowed markup through in certain circumstances. To access the raw unsanitized data, retrieve the value from <code>token['data-toc-label']</code> directly.</li> <li>An <code>html.unescape</code> call is made just prior to calling <code>slugify</code> so that <code>slugify</code> only operates on Unicode characters. Note that <code>html.unescape</code> is not run on <code>name</code>, <code>html</code>, or <code>data-toc-label</code>.</li> <li>The functions <code>get_name</code> and <code>stashedHTML2text</code> defined in the <code>toc</code> extension are both <strong>deprecated</strong>. Instead, third party extensions should use some combination of the new functions <code>run_postprocessors</code>, <code>render_inner_html</code> and <code>striptags</code>.</li> </ul> <h3>Fixed</h3> <ul> <li>Include <code>scripts/*.py</code> in the generated source tarballs (<a href="https://redirect.github.com/Python-Markdown/markdown/issues/1430">#1430</a>).</li> <li>Ensure lines after heading in loose list are properly detabbed (<a href="https://redirect.github.com/Python-Markdown/markdown/issues/1443">#1443</a>).</li> <li>Give smarty tree processor higher priority than toc (<a href="https://redirect.github.com/Python-Markdown/markdown/issues/1440">#1440</a>).</li> <li>Permit carets (<code>^</code>) and square brackets (<code>]</code>) but explicitly exclude backslashes (<code>\</code>) from abbreviations (<a href="https://redirect.github.com/Python-Markdown/markdown/issues/1444">#1444</a>).</li> <li>In attribute lists (<code>attr_list</code>, <code>fenced_code</code>), quoted attribute values are now allowed to contain curly braces (<code>}</code>) (<a href="https://redirect.github.com/Python-Markdown/markdown/issues/1414">#1414</a>).</li> </ul> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/Python-Markdown/markdown/blob/master/docs/changelog.md">markdown's changelog</a>.</em></p> <blockquote> <h2>[3.6] -- 2024-03-14</h2> <h3>Changed</h3> <h4>Refactor TOC Sanitation</h4> <ul> <li>All postprocessors are now run on heading content.</li> <li>Footnote references are now stripped from heading content. Fixes <a href="https://redirect.github.com/Python-Markdown/markdown/issues/660">#660</a>.</li> <li>A more robust <code>striptags</code> is provided to convert headings to plain text. Unlike, the <code>markupsafe</code> implementation, HTML entities are not unescaped.</li> <li>The plain text <code>name</code>, rich <code>html</code>, and unescaped raw <code>data-toc-label</code> are saved to <code>toc_tokens</code>, allowing users to access the full rich text content of the headings directly from <code>toc_tokens</code>.</li> <li>The value of <code>data-toc-label</code> is sanitized separate from heading content before being written to <code>name</code>. This fixes a bug which allowed markup through in certain circumstances. To access the raw unsanitized data, retrieve the value from <code>token['data-toc-label']</code> directly.</li> <li>An <code>html.unescape</code> call is made just prior to calling <code>slugify</code> so that <code>slugify</code> only operates on Unicode characters. Note that <code>html.unescape</code> is not run on <code>name</code>, <code>html</code>, or <code>data-toc-label</code>.</li> <li>The functions <code>get_name</code> and <code>stashedHTML2text</code> defined in the <code>toc</code> extension are both <strong>deprecated</strong>. Instead, third party extensions should use some combination of the new functions <code>run_postprocessors</code>, <code>render_inner_html</code> and <code>striptags</code>.</li> </ul> <h3>Fixed</h3> <ul> <li>Include <code>scripts/*.py</code> in the generated source tarballs (<a href="https://redirect.github.com/Python-Markdown/markdown/issues/1430">#1430</a>).</li> <li>Ensure lines after heading in loose list are properly detabbed (<a href="https://redirect.github.com/Python-Markdown/markdown/issues/1443">#1443</a>).</li> <li>Give smarty tree processor higher priority than toc (<a href="https://redirect.github.com/Python-Markdown/markdown/issues/1440">#1440</a>).</li> <li>Permit carets (<code>^</code>) and square brackets (<code>]</code>) but explicitly exclude backslashes (<code>\</code>) from abbreviations (<a href="https://redirect.github.com/Python-Markdown/markdown/issues/1444">#1444</a>).</li> <li>In attribute lists (<code>attr_list</code>, <code>fenced_code</code>), quoted attribute values are now allowed to contain curly braces (<code>}</code>) (<a href="https://redirect.github.com/Python-Markdown/markdown/issues/1414">#1414</a>).</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/Python-Markdown/markdown/commit/e524b8fe938738cb4492411a34cce89051cb9695"><code>e524b8f</code></a> Bump version to 3.6</li> <li><a href="https://github.com/Python-Markdown/markdown/commit/3d8afc6f89e169522f44c1bbec15f66dc359eccb"><code>3d8afc6</code></a> Allow attr_list quoted values to contain curly braces</li> <li><a href="https://github.com/Python-Markdown/markdown/commit/9edba85fc14f034b7109534220702bf60178ff15"><code>9edba85</code></a> Refactor abbr escaping</li> <li><a href="https://github.com/Python-Markdown/markdown/commit/e4ab4a610edc6332ce81a53aa4ae6f97516ce461"><code>e4ab4a6</code></a> Refactor TOC sanitation</li> <li><a href="https://github.com/Python-Markdown/markdown/commit/a18765c25cccab23f400edeac94d20f4be00492b"><code>a18765c</code></a> Explicitly omit carot and backslash from abbr</li> <li><a href="https://github.com/Python-Markdown/markdown/commit/421f1e88ff4661b4433b97ec57b040a2a74e5aed"><code>421f1e8</code></a> Give smarty tree processor higher priority than toc</li> <li><a href="https://github.com/Python-Markdown/markdown/commit/c334a3e47e6565469344154f966cf0eb9aca0de3"><code>c334a3e</code></a> Ensure lines after heading in loose list are properly detabbed</li> <li><a href="https://github.com/Python-Markdown/markdown/commit/ea92856855a6314488acb121f21f8fa02860e008"><code>ea92856</code></a> Update the license template so GitHub can detect it</li> <li><a href="https://github.com/Python-Markdown/markdown/commit/a2effd6d5191808c8b2e347965f6fcf4aa709e78"><code>a2effd6</code></a> Disable mkdocstrings show_symbol_type_toc option to work around searching iss...</li> <li><a href="https://github.com/Python-Markdown/markdown/commit/91f9a1205d32f3bc6a27ca5f993409c3b97c1931"><code>91f9a12</code></a> Restore Attribute symbol type in mkdocstrings template</li> <li>Additional commits viewable in <a href="https://github.com/Python-Markdown/markdown/compare/3.5.2...3.6">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
- Loading branch information
1 parent
267afce
commit edabeb9