Bump the llvm-docs-requirements group across 1 directory with 29 updates

[dependabot]

Bumps the llvm-docs-requirements group with 29 updates in the /llvm/docs directory:

Package	From	To
alabaster	0.7.13	1.0.0
babel	2.14.0	2.18.0
beautifulsoup4	4.12.2	4.14.3
certifi	2023.11.17	2026.2.25
charset-normalizer	3.3.2	3.4.6
docutils	0.20.1	0.22.4
furo	2024.1.29	2025.12.19
idna	3.6	3.11
imagesize	1.4.1	2.0.0
jinja2	3.1.2	3.1.6
markdown	3.5.1	3.10.2
markdown-it-py	3.0.0	4.0.0
markupsafe	2.1.3	3.0.3
mdit-py-plugins	0.4.0	0.5.0
myst-parser	2.0.0	5.0.0
packaging	23.2	26.0
pygments	2.17.2	2.20.0
pyyaml	6.0.1	6.0.3
requests	2.31.0	2.33.1
snowballstemmer	2.2.0	3.0.1
soupsieve	2.5	2.8.3
sphinx	7.2.6	9.1.0
sphinx-automodapi	0.17.0	0.22.0
sphinxcontrib-applehelp	1.0.8	2.0.0
sphinxcontrib-devhelp	1.0.5	2.0.0
sphinxcontrib-htmlhelp	2.0.4	2.1.0
sphinxcontrib-qthelp	1.0.6	2.0.0
sphinxcontrib-serializinghtml	1.1.9	2.0.0
urllib3	2.1.0	2.6.3

Updates alabaster from 0.7.13 to 1.0.0

Release notes

Sourced from alabaster's releases.

Alabaster 1.0.0

Changelog: https://alabaster.readthedocs.io/en/latest/changelog.html

Alabaster 0.7.16

Changelog: https://alabaster.readthedocs.io/en/latest/changelog.html

Alabaster 0.7.15

Changelog: https://alabaster.readthedocs.io/en/latest/changelog.html

Alabaster 0.7.14

Changelog: https://alabaster.readthedocs.io/en/latest/changelog.html

Changelog

Sourced from alabaster's changelog.

:git_tag:1.0.0 -- 2024-07-26

• Dropped support for Python 3.9 and earlier.
• Dropped support for Sphinx 6.1 and earlier.
• Use a new SVG image for the GitHub banner.
• :feature:217 Use the new searchfield component for the search box. Patch by Tim Hoffmann.
• :feature:104 Allow translating strings in relations.html.
• 🐛125 Do not underline linked images. Patch by Joshua Bronson.
• 🐛169 Do not ignore the Pygments background colour. Patch by Matthias Geier.
• 🐛174 Fix clipping caused by incorrect CSS breakpoints.

:git_tag:0.7.16 -- 2024-01-10

• 🐛215 Do not display logo_name if it is set to False.

:git_tag:0.7.15 -- 2024-01-08

• :feature:213 Allow an arbitrary string in the logo_name option.
• :feature:114 Improved sidebar CSS styles.
• :issue:178 Deprecated canonical_url in favor of html_baseurl.
• 🐛200 Removed duplicate <meta name="viewport" ... /> tag.
• 🐛188 Removed underline from whitespace.
• 🐛164 Removed type="text/javascript" from elements.
• 🐛161 Replaced © with unicode decimal code entity [#169](https://github.com/sphinx-doc/alabaster/issues/169);.

:git_tag:0.7.14 -- 2024-01-08

• Dropped support for Python 3.8 and earlier.
• Dropped support for Sphinx 3.3 and earlier.
• :issue:198 Fix horizontal scrolling on mobile.
• :issue:206 Properly support the html_support_sphinx config value.
• :issue:211 Fix the GitHub 'forkme' banner.
• Added alabaster_version_info to the HTML template context.
• Declare support for Python 3.13.
• Adopt the Ruff linter and formatter.
• Migrate from CircleCI to GitHub Actions.

Commits

• fba58a4 Bump to 1.0.0
• 7d5c318 Update project maintainers
• d25c4bc List basic.css in theme.conf (#219)
• 97235d1 Fix incorrect breakpoints that cause clipping around 875px (#174)
• 5bb4411 Remove explicit width for search field input (#218)
• 9fdb57c Update references to searchbox
• a35a1df Don't ignore the Pygments background (#169)
• 17e55e5 Fix for "Don't put an underline on linked images" (#125)
• 73be878 Allow translations for strings in relations.html (#104)
• eb522b8 Use searchfield instead of searchbox component in sidebar (#217)
• Additional commits viewable in compare view

Updates babel from 2.14.0 to 2.18.0

Release notes

Sourced from babel's releases.

v2.18.0

Happy 2026! Like last year's release (ahem...), this one too is being made from FOSDEM 2026, in Brussels, Belgium. 🇧🇪 We'll aspire for a less glacial release cycle for 2.19. 😁

Please see CHANGELOG.rst for the detailed change log.

Full Changelog: python-babel/babel@v2.17.0...v2.18.0

v2.17.0

Happy 2025! This release is being made from FOSDEM 2025, in Brussels, Belgium. 🇧🇪

Thank you to all contributors, new and old, and here's to another great year of internationalization and localization!

---

The changelog below is auto-generated by GitHub.

Please see CHANGELOG.rst for additional details.

---

What's Changed

• Fix deprecation warnings for datetime.utcnow() by @​tomasr8 in python-babel/babel#1119
• Enclose white spaces in references by @​Dunedan in python-babel/babel#1105
• Replace str.index with str.find by @​tomasr8 in python-babel/babel#1130
• Replace more alternate characters in format_skeleton by @​tomasr8 in python-babel/babel#1122
• Fix extracted lineno with nested calls by @​dylankiss in python-babel/babel#1126
• "Deleted duplicate code in test" by @​mattdiaz007 in python-babel/babel#1138
• Fix of list index out of range error in PoFileParser.add_message when translations is empty by @​gabe-sherman in python-babel/babel#1135
• Make seconds optional in parse_time time formats by @​tomasr8 in python-babel/babel#1141
• Mark wraptext deprecated; use TextWrapper directly in write_po by @​akx in python-babel/babel#1140
• Fix the way obsolete messages are stored by @​tomasr8 in python-babel/babel#1132
• Replace OrderedDict with just dict by @​tomasr8 in python-babel/babel#1149
• Use CLDR 46 by @​tomasr8 in python-babel/babel#1145
• Update CI to use python 3.13 and Ubuntu 24.04 by @​tomasr8 in python-babel/babel#1153
• Adjust docs/conf.py to add compatibility with sphinx 8 by @​hrnciar in python-babel/babel#1155
• Allow specifying an explicit format in parse_date/parse_time by @​tomasr8 in python-babel/babel#1131
• Simplify read_mo logic regarding catalog.charset by @​tomasr8 in python-babel/babel#1148
• Bump CI/tool versions by @​akx in python-babel/babel#1160
• fix: check_and_call_extract_file uses the first matching method and options, instead of the first matching method and last matching options by @​jpmckinney in python-babel/babel#1121
• Prevent wrapping file locations containing white space by @​tomasr8 in python-babel/babel#1120
• Add tzdata as dev dependency and sync with tox.ini by @​wandrew004 in python-babel/babel#1159
• Support short and narrow formats for format_timedelta when using add_direction by @​akx in python-babel/babel#1163
• Improve handling for locale=None by @​akx in python-babel/babel#1164
• Use pytest.raises(match=...) by @​akx in python-babel/babel#1166
• Strip extra leading slashes in /etc/localtime by @​akx in python-babel/babel#1165
• Remove redundant assignment in Catalog.__setitem__ by @​tomasr8 in python-babel/babel#1167
• Small cleanups by @​akx in python-babel/babel#1170
• Small test cleanup by @​akx in python-babel/babel#1172
• Add Message.python_brace_format by @​tomasr8 in python-babel/babel#1169

... (truncated)

Changelog

Sourced from babel's changelog.

Version 2.18.0

Happy 2026! This release is, coincidentally, also being made from FOSDEM.

We will aspire for a slightly less glacial release cadence in this year; there are interesting features in the pipeline.

Features

* Core: Add `babel.core.get_cldr_version()` by @akx in :gh:`1242`
* Core: Use CLDR 47 by @tomasr8 in :gh:`1210`
* Core: Use canonical IANA zone names in zone_territories by @akx in :gh:`1220`
* Messages: Improve extract performance via ignoring directories early during os.walk by @akx in :gh:`968`
* Messages: Merge in per-format keywords and auto_comments by @akx in :gh:`1243`
* Messages: Update keywords for extraction of dpgettext and dnpgettext by @mardiros in :gh:`1235`
* Messages: Validate all plurals in Python format checker by @tomasr8 in :gh:`1188`
* Time: Use standard library `timezone` instead of `FixedOffsetTimezone` by @akx in :gh:`1203`
Bugfixes

• Core: Fix formatting for "Empty locale identifier" exception added in #1164 by @​akx in :gh:1184
• Core: Improve handling of no-inheritance-marker in timezone data by @​akx in :gh:1194
• Core: Make the number pattern regular expression more efficient by @​akx in :gh:1213
• Messages: Keep translator comments next to the translation function call by @​akx in :gh:1196
• Numbers: Fix KeyError that occurred when formatting compact currencies of exactly one thousand in several locales by @​bartbroere in :gh:1246

Other improvements

* Core: Avoid unnecessary uses of `map()` by @akx in :gh:`1180`
* Messages: Have init-catalog create directories too by @akx in :gh:`1244`
* Messages: Optimizations for read_po by @akx in :gh:`1200`
* Messages: Use pathlib.Path() in catalog frontend; improve test coverage by @akx in :gh:`1204`
Infrastructure and documentation

• CI: Renovate CI & lint tools by @​akx in :gh:1228
• CI: Tighten up CI with Zizmor by @​akx in :gh:1230
• CI: make job permissions explicit by @​akx in :gh:1227
• Docs: Add SECURITY.md by @​akx in :gh:1229
• Docs: Remove u string prefix from docs by @​verhovsky in :gh:1174
• Docs: Update dates.rst with current unicode.org tr35 link by @​clach04 in :gh:1189
• General: Add some PyPI classifiers by @​tomasr8 in :gh:1186
• General: Apply reformatting by hand and with Ruff by @​akx in :gh:1202
• General: Test on and declare support for Python 3.14 by @​akx in :gh:1233

... (truncated)

Commits

• 56c63ca Prepare for 2.18.0 (#1248)
• 73015a1 Add user-agent to CLDR downloader (#1247)
• 29bd362 Fix formatting compact currencies of exactly one thousand in several locales ...
• 851db43 Reuse InitCatalog's guts in UpdateCatalog (#1244)
• fd00e60 Extract: Merge in per-format keywords and auto_comments (#1243)
• 12a14b6 Add dpgettext and dnpgettext support (#1235)
• 7110e62 Use canonical IANA zone names in zone_territories (#1220)
• e91c346 Improve extract performance via ignoring directories early during os.walk (#968)
• 0c4f378 Convert Unittest testcases with setup/teardown to fixtures (#1240)
• 218c96e Add babel.core.get_cldr_version() (#1242)
• Additional commits viewable in compare view

Updates beautifulsoup4 from 4.12.2 to 4.14.3

Updates certifi from 2023.11.17 to 2026.2.25

Commits

• 8571a4b 2026.02.25 (#395)
• 6f7de00 Bump peter-evans/create-pull-request from 8.0.0 to 8.1.0 (#390)
• a1de59b Bump actions/checkout from 6.0.1 to 6.0.2 (#391)
• 7f5ade5 Bump actions/setup-python from 6.1.0 to 6.2.0 (#392)
• c64d9f3 2026.01.04 (#389)
• 4ac232f Bump actions/download-artifact from 6.0.0 to 7.0.0 (#387)
• 95ae4b2 Update CI workflow to use Ubuntu 24.04 and Python 3.14 stable (#386)
• b72a7b1 Bump dessant/lock-threads from 5.0.1 to 6.0.0 (#385)
• ecc2672 Bump actions/upload-artifact from 5.0.0 to 6.0.0 (#384)
• 6a897db Bump peter-evans/create-pull-request from 7.0.11 to 8.0.0 (#383)
• Additional commits viewable in compare view

Updates charset-normalizer from 3.3.2 to 3.4.6

Release notes

Sourced from charset-normalizer's releases.

Version 3.4.6

3.4.6 (2026-03-15)

Changed

• Flattened the logic in charset_normalizer.md for higher performance. Removed eligible(..) and feed(...) in favor of feed_info(...).
• Raised upper bound for mypy[c] to 1.20, for our optimized version.
• Updated UNICODE_RANGES_COMBINED using Unicode blocks v17.

Fixed

• Edge case where noise difference between two candidates can be almost insignificant. (#672)
• CLI --normalize writing to wrong path when passing multiple files in. (#702)

Misc

• Freethreaded pre-built wheels now shipped in PyPI starting with 3.14t. (#616)

Version 3.4.5

3.4.5 (2026-03-06)

Changed

• Update setuptools constraint to setuptools>=68,<=82.
• Raised upper bound of mypyc for the optional pre-built extension to v1.19.1

Fixed

• Add explicit link to lib math in our optimized build. (#692)
• Logger level not restored correctly for empty byte sequences. (#701)
• TypeError when passing bytearray to from_bytes. (#703)

Misc

• Applied safe micro-optimizations in both our noise detector and language detector.
• Rewrote the query_yes_no function (inside CLI) to avoid using ambiguous licensed code.
• Added cd.py submodule into mypyc optional compilation to reduce further the performance impact.

[!WARNING]
mypyc changed the usual binary output for the optimized wheel. Beware, especially if using PyInstaller or alike. See jawah/charset_normalizer#714

Version 3.4.4

3.4.4 (2025-10-13)

Changed

• Bound setuptools to a specific constraint setuptools>=68,<=81.
• Raised upper bound of mypyc for the optional pre-built extension to v1.18.2

Removed

• setuptools-scm as a build dependency.

Misc

• Enforced hashes in dev-requirements.txt and created ci-requirements.txt for security purposes.
• Additional pre-built wheels for riscv64, s390x, and armv7l architectures.
• Restore multiple.intoto.jsonl in GitHub releases in addition to individual attestation file per wheel.

... (truncated)

Changelog

Sourced from charset-normalizer's changelog.

3.4.6 (2026-03-15)

Changed

• Flattened the logic in charset_normalizer.md for higher performance. Removed eligible(..) and feed(...) in favor of feed_info(...).
• Raised upper bound for mypy[c] to 1.20, for our optimized version.
• Updated UNICODE_RANGES_COMBINED using Unicode blocks v17.

Fixed

• Edge case where noise difference between two candidates can be almost insignificant. (#672)
• CLI --normalize writing to wrong path when passing multiple files in. (#702)

Misc

• Freethreaded pre-built wheels now shipped in PyPI starting with 3.14t. (#616)

3.4.5 (2026-03-06)

Changed

• Update setuptools constraint to setuptools>=68,<=82.
• Raised upper bound of mypyc for the optional pre-built extension to v1.19.1

Fixed

• Add explicit link to lib math in our optimized build. (#692)
• Logger level not restored correctly for empty byte sequences. (#701)
• TypeError when passing bytearray to from_bytes. (#703)

Misc

• Applied safe micro-optimizations in both our noise detector and language detector.
• Rewrote the query_yes_no function (inside CLI) to avoid using ambiguous licensed code.
• Added cd.py submodule into mypyc optional compilation to reduce further the performance impact.

3.4.4 (2025-10-13)

Changed

• Bound setuptools to a specific constraint setuptools>=68,<=81.
• Raised upper bound of mypyc for the optional pre-built extension to v1.18.2

Removed

• setuptools-scm as a build dependency.

Misc

• Enforced hashes in dev-requirements.txt and created ci-requirements.txt for security purposes.
• Additional pre-built wheels for riscv64, s390x, and armv7l architectures.
• Restore multiple.intoto.jsonl in GitHub releases in addition to individual attestation file per wheel.

3.4.3 (2025-08-09)

Changed

• mypy(c) is no longer a required dependency at build time if CHARSET_NORMALIZER_USE_MYPYC isn't set to 1. (#595) (#583)
• automatically lower confidence on small bytes samples that are not Unicode in detect output legacy function. (#391)

... (truncated)

Commits

• 5478b84 Merge pull request #715 from jawah/release-3.4.6
• 5c0a09e ✔️ add confidence for threading usage, mostly due to lru_cach...
• ef826b2 📝 update changelog
• 5564f1a 📝 update docs accordingly
• 0f2cf7d 📝 update changelog
• 54a1894 🐛 fix --normalize writing to wrong path with multiple files
• 2177e28 📝 update changelog
• b2497a5 🐛 edge case where noise difference between two candidates can be almost i...
• 13a5d0b 🔧 upgrade ci requirements
• b9ffbd4 🔧 enable 3.14t nox mypyc session
• Additional commits viewable in compare view

Updates docutils from 0.20.1 to 0.22.4

Commits

• See full diff in compare view

Updates furo from 2024.1.29 to 2025.12.19

Release notes

Sourced from furo's releases.

2025.12.19

• Bump the supported Sphinx version range

Full Changelog: pradyunsg/furo@2025.09.25...2025.12.19

2025.09.25

What's Changed

• page.html: fix invalid HTML5 by @​haampie in pradyunsg/furo#894
• base.html: fix trailing slash on void elements by @​haampie in pradyunsg/furo#895
• _scaffold.sass: remove old scrollbar selectors by @​haampie in pradyunsg/furo#892
• Add Blender to "used by" section by @​struffel in pradyunsg/furo#898

New Contributors

• @​haampie made their first contribution in pradyunsg/furo#894
• @​struffel made their first contribution in pradyunsg/furo#898

Full Changelog: pradyunsg/furo@2025.07.19...2025.09.25

2025.07.19

What's Changed

• Remove "debug printf" for headerTop value by @​ferdnyc in pradyunsg/furo#847
• [pre-commit.ci] pre-commit autoupdate by @​pre-commit-ci[bot] in pradyunsg/furo#826
• [pre-commit.ci] pre-commit autoupdate by @​pre-commit-ci[bot] in pradyunsg/furo#861
• [pre-commit.ci] pre-commit autoupdate by @​pre-commit-ci[bot] in pradyunsg/furo#873
• Add rel=edit attribute to "Edit this page" link/icon by @​capjamesg in pradyunsg/furo#880
• [pre-commit.ci] pre-commit autoupdate by @​pre-commit-ci[bot] in pradyunsg/furo#879
• Fix flickering header drop shadow by @​holesch in pradyunsg/furo#884
• Make current page section detection resilient to sticky elements above header by @​Eric-Arellano in pradyunsg/furo#664

New Contributors

• @​capjamesg made their first contribution in pradyunsg/furo#880
• @​holesch made their first contribution in pradyunsg/furo#884

Full Changelog: pradyunsg/furo@2024.08.06...2025.07.19

2024.08.06

What's Changed

• [pre-commit.ci] pre-commit autoupdate by @​pre-commit-ci[bot] in pradyunsg/furo#810
• [pre-commit.ci] pre-commit autoupdate by @​pre-commit-ci[bot] in pradyunsg/furo#821

Full Changelog: pradyunsg/furo@2024.07.18...2024.08.06

2024.07.18

What's Changed

• Fix close tag on pencil icon by @​kberzinch in pradyunsg/furo#807
• [pre-commit.ci] pre-commit autoupdate by @​pre-commit-ci[bot] in pradyunsg/furo#796
• Bump the npm group with 3 updates by @​dependabot[bot] in pradyunsg/furo#806
• Bump the npm group with 2 updates by @​dependabot[bot] in pradyunsg/furo#809
• Move a 'type: ignore' comment, for mypy by @​ferdnyc in pradyunsg/furo#812

... (truncated)

Changelog

Sourced from furo's changelog.

2025.12.19 -- Harmonious Honeydew

• ✨ Add support for Sphinx 9.
• Drop support for Sphinx 6.

2025.09.25 -- Gleaming Green

• Change the dark mode code back to native.

2025.07.19 -- Frozen Flame

• ✨ Switch to accessible-pygments themes
• ✨ Prefetch the sidebar logos
• ✨ Fix flickering header drop shadow on Safari
• Add rel=edit attribute to "Edit this page" link/icon
• Bump NodeJS and npm dependency versions
• Bump Saas & Webpack major versions
• Improve current page detection to be resilient to sticky elements above header
• Modernise Sass and use @use + @forward
• Remove top of code border-radius with captions
• Remove "debug printf" for headerTop value
• Use distinct images for light and dark mode in the documentation
• Use the modern Saas Modules

2024.08.06 -- Energetic Eminence

• ✨ Add support for Sphinx 8
• ✨ Add smoother transitions between breakpoints
• Increase specificity of table-wrapper selector
• Avoid page breaks inside paragraphs

2024.07.18 -- Dull Denim

• Improve how icons are handled and aligned.
• Improve scroll event handler.
• Hide the copybutton by default.
• Fix source_view_link configuration handling.
• Fix close tag on pencil icon.

2024.05.06 -- Cheerful Cerulean

• ✨ Add new custom icons for auto mode, reflecting the currently active theme.
• ✨ Add a view this page button.
• ✨ Add colours and highlighting to "version modified" API helpers.
• ✨ Add release information to various customisation knobs.
• Make all icons bigger and use a thinner stroke with them.

2024.04.27 -- Bold Burgundy

• Add a skip to content link.

... (truncated)

Commits

• dd9e9f9 Prepare release: 2025.12.19
• d43f7e9 Update changelog
• d27cab5 Bump the supported Sphinx version range
• 12f288e Back to development
• 7c5f8fa Prepare release: 2025.09.25
• 8bfdc54 Update changelog
• d92b62f Switch the dark mode theme back to native
• 83c3446 Add Blender to "used by" section (#898)
• 426ea05 Remove old scrollbar selectors (#892)
• d22d31c Remove trailing slash on void elements (#895)
• Additional commits viewable in compare view

Updates idna from 3.6 to 3.11

Release notes

Sourced from idna's releases.

v3.11

No release notes provided.

v3.10

No release notes provided.

v3.9

No release notes provided.

v3.8

What's Changed

• Fix regression where IDNAError exception was not being produced for certain inputs.
• Add support for Python 3.13, drop support for Python 3.5 as it is no longer testable.
• Documentation improvements
• Updates to package testing using Github actions

Thanks to Hugo van Kemenade for contributions to this release.

Full Changelog: kjd/idna@v3.7...v3.8

v3.7

What's Changed

• Fix issue where specially crafted inputs to encode() could take exceptionally long amount of time to process. [CVE-2024-3651]

Thanks to Guido Vranken for reporting the issue.

Full Changelog: kjd/idna@v3.6...v3.7

Changelog

Sourced from idna's changelog.

3.11 (2025-10-12)

• Update to Unicode 16.0.0, including significant changes to UTS46 processing. As a result of Unicode ending support for it, transitional processing no longer has an effect and returns the same result.
• Add support for Python 3.14, lowest supported version is Python 3.8.
• Various updates to packaging, including PEP 740 support.

3.10 (2024-09-15) +++++++++++++++++

• Reverted to Unicode 15.1.0 data. Unicode 16 has some significant changes to UTS46 processing that will require more work to properly implement.

3.9 (2024-09-13) ++++++++++++++++

• Update to Unicode 16.0.0
• Deprecate setup.cfg in favour of pyproject.toml
• Use ruff for code formatting

Thanks to Waket Zheng for contributions to this release.

3.8 (2024-08-23) ++++++++++++++++

• Fix regression where IDNAError exception was not being produced for certain inputs.
• Add support for Python 3.13, drop support for Python 3.5 as it is no longer testable.
• Documentation improvements
• Updates to package testing using Github actions

Thanks to Hugo van Kemenade for contributions to this release.

3.7 (2024-04-11) ++++++++++++++++

• Fix issue where specially crafted inputs to encode() could take exceptionally long amount of time to process. [CVE-2024-3651]

Thanks to Guido Vranken for reporting the issue.

Commits

• ad949ee Release v3.11
• cae4ba7 Second release candidate for 3.11
• 8adb305 Add space in RST link
• 74cb2b6 Release candidate for 3.11
• 05dab09 Format idna-data with ruff
• 90eac78 Apply ruff formatting
• a31ce7e Remove errant test vectors
• 81f0333 Omit vectors known to be broken in test suite
• a0f3257 Merge branch 'master' into unicode-16-uts46-changes
• 38d9886 Remove extra UTS46 test vector
• Additional commits viewable in compare view

Updates imagesize from 1.4.1 to 2.0.0

Commits

• 5ab28d4 bump module version to 2.0
• 63d6afb Merge pull request #82 from shibukawa/codex/update-readme-and-setup-instructi...
• 2946066 docs: clarify EXIF orientation formats in v2.0 notes
• 53eff2e Merge pull request #81 from shibukawa/codex/refactor-code-to-reduce-duplication
• ac14f2a Refactor duplicated JPEG segment parsing logic
• 48ab954 Merge pull request #80 from shibukawa/codex/add-avif-exif-rotation-support
• 5cada10 Add AVIF EXIF rotation support
• 232c6d5 Merge pull request #79 from shibukawa/codex/add-heic/heif-support-and-rotation
• 324c970 Add HEIC/HEIF size and rotation support
• 7b7bb5f Merge pull request #78 from shibukawa/codex/add-pypi-link-and-python-version-...
• Additional commits viewable in compare view

Updates jinja2 from 3.1.2 to 3.1.6

Release notes

Sourced from jinja2's releases.

3.1.6

This is the Jinja 3.1.6 security release, which fixes security issues but does not otherwise change behavior and should not result in breaking changes compared to the latest feature release.

PyPI: https://pypi.org/project/Jinja2/3.1.6/ Changes: https://jinja.palletsprojects.com/en/stable/changes/#version-3-1-6

• The |attr filter does not bypass the environment's attribute lookup, allowing the sandbox to apply its checks. GHSA-cpwx-vrp4-4pq7

3.1.5

This is the Jinja 3.1.5 security fix release, which fixes security issues and bugs but does not otherwise change behavior and should not result in breaking changes compared to the latest feature release.

PyPI: https://pypi.org/project/Jinja2/3.1.5/ Changes: https://jinja.palletsprojects.com/changes/#version-3-1-5 Milestone: https://github.com/pallets/jinja/milestone/16?closed=1

• The sandboxed environment handles indirect calls to str.format, such as by passing a stored reference to a filter that calls its argument. GHSA-q2x7-8rv6-6q7h
• Escape template name before formatting it into error messages, to avoid issues with names that contain f-string syntax. #1792, GHSA-gmj6-6f8f-6699
• Sandbox does not allow clear and pop on known mutable sequence types. #2032
• Calling sync render for an async template uses asyncio.run. #1952
• Avoid unclosed auto_aiter warnings. #1960
• Return an aclose-able AsyncGenerator from Template.generate_async. #1960
• Avoid leaving root_render_func() unclosed in Template.generate_async. #1960
• Avoid leaving async generators unclosed in blocks, includes and extends. #1960
• The runtime uses the correct concat function for the current environment when calling block references. #1701
• Make |unique async-aware, allowing it to be used after another async-aware filter. #1781
• |int filter handles OverflowError from scientific notation. #1921
• Make compiling deterministic for tuple unpacking in a {% set ... %} call. #2021
• Fix dunder protocol (copy/pickle/etc) interaction with Undefined objects. #2025
• Fix copy/pickle support for the internal missing object. #2027
• Environment.overlay(enable_async) is applied correctly. #2061
• The error message from FileSystemLoader includes the paths that were searched. #1661
• PackageLoader shows a clearer error message when the package does not contain the templates directory. #1705
• Improve annotations for methods returning copies. #1880
• urlize does not add mailto: to values like @a@b. #1870
• Tests decorated with @pass_context can be used with the |select filter. #1624
• Using set for multiple assignment (a, b = 1, 2) does not fail when the target is a namespace attribute. #1413
• Using set in all branches of {% if %}{% elif %}{% else %} blocks does not cause the variable to be considered initially undefined. #1253

3.1.4

This is the Jinja 3.1.4 security release, which fixes security issues and bugs but does not otherwise change behavior and should not result in breaking changes.

PyPI: https://pypi.org/project/Jinja2/3.1.4/ Changes: https://jinja.palletsprojects.com/en/3.1.x/changes/#version-3-1-4

• The xmlattr filter does not allow keys with / solidus, > greater-than sign, or = equals sign, in addition to disallowing spaces. Regardless of any validation done by Jinja, user input should never be used as keys to this filter, or must be separately validated first. GHSA-h75v-3vvj-5mfj

3.1.3

This is a fix release for the 3.1.x feature branch.

• Fix for GHSA-h5c8-rqwp-cp95. You are affected if you are using xmlattr and passing user input as attribute keys.

... (truncated)

Changelog

Sourced from jinja2's changelog.

Version 3.1.6

Released 2025-03-05

• The |attr filter does not bypass the environment's attribute lookup, allowing the sandbox to apply its checks. :ghsa:cpwx-vrp4-4pq7

Version 3.1.5

Released 2024-12-21

• The sandboxed environment handles indirect calls to str.format, such as by passing a stored reference to a filter that calls its argument. :ghsa:q2x7-8rv6-6q7h
• Escape template name before formatting it into error messages, to avoid issues with names that contain f-string syntax. :issue:1792, :ghsa:gmj6-6f8f-6699
• Sandbox does not allow clear and pop on known mutable sequence types. :issue:2032
• Calling sync render for an async template uses asyncio.run. :pr:1952
• Avoid unclosed auto_aiter warnings. :pr:1960
• Return an aclose-able AsyncGenerator from Template.generate_async. :pr:1960
• Avoid leaving root_render_func() unclosed in Template.generate_async. :pr:1960
• Avoid leaving async generators unclosed in blocks, includes and extends. :pr:1960
• The runtime uses the correct concat function for the current environment when calling block references. :issue:1701
• Make |unique async-aware, allowing it to be used after another async-aware filter. :issue:1781
• |int filter handles OverflowError from scientific notation. :issue:1921
• Make compiling deterministic for tuple unpacking in a {% set ... %} call. :issue:2021
• Fix dunder protocol (copy/pickle/etc) interaction with Undefined objects. :issue:2025
• Fix copy/pickle support for the internal missing object. :issue:2027
• Environment.overlay(enable_async) is applied correctly. :pr:2061
• The error message from FileSystemLoader includes the paths that were searched. :issue:1661
• PackageLoader shows a clearer error message when the package does not contain the templates directory. :issue:1705
• Improve annotations for methods returning copies. :pr:1880
• urlize does not add mailto: to values like @a@b. :pr:1870

... (truncated)

Commits

• 1520688 release version 3.1.6
• 90457bb Merge commit from fork
• 065334d attr filter uses env.getattr
• 033c200 start version 3.1.6
• bc68d4e use global contributing guide (#2070)
• 247de5e use global contributing guide
• ab8218c use project advisory link instead of global
• b4ffc8f release version 3.1.5 (#2066)
• 877f6e5 release version 3.1.5
• 8d58859 remove test pypi
• Additional commits viewable in compare view

Updates markdown from 3.5.1 to 3.10.2

Release notes

Sourced from markdown's releases.

Release 3.10.2

Fixed

• Fix a regression related to comment handling (#1590).
• More reliable fix for </ (