Skip to content

Update dependency MarkupSafe to v3 #7

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

Update dependency MarkupSafe to v3 #7

wants to merge 1 commit into from

Conversation

@renovate
Copy link

@renovate renovate bot commented Aug 16, 2025

This PR contains the following updates:

Package Change Age Adoption Passing Confidence
MarkupSafe (changelog) ==1.1.1 -> ==3.0.2 age adoption passing confidence

Release Notes

pallets/markupsafe (MarkupSafe)

v3.0.2

Compare Source

Released 2024-10-18

  • Fix compatibility when __str__ returns a str subclass. :issue:472
  • Build requires setuptools >= 70.1. :issue:475

v3.0.1

Compare Source

Released 2024-10-08

  • Address compiler warnings that became errors in GCC 14. :issue:466
  • Fix compatibility with proxy objects. :issue:467

v3.0.0

Compare Source

Released 2024-10-07

  • Support Python 3.13 and its experimental free-threaded build. :pr:461
  • Drop support for Python 3.7 and 3.8.
  • Use modern packaging metadata with pyproject.toml instead of setup.cfg.
    :pr:348
  • Change distutils imports to setuptools. :pr:399
  • Use deferred evaluation of annotations. :pr:400
  • Update signatures for Markup methods to match str signatures. Use
    positional-only arguments. :pr:400
  • Some str methods on Markup no longer escape their argument:
    strip, lstrip, rstrip, removeprefix, removesuffix,
    partition, and rpartition; replace only escapes its new
    argument. These methods are conceptually linked to search methods such as
    in, find, and index, which already do not escape their argument.
    :issue:401
  • The __version__ attribute is deprecated. Use feature detection, or
    importlib.metadata.version("markupsafe"), instead. :pr:402
  • Speed up escaping plain strings by 40%. :pr:434
  • Simplify speedups implementation. :pr:437

v2.1.5

Compare Source

Released 2024-02-02

  • Fix striptags not collapsing spaces. :issue:417

v2.1.4

Compare Source

Released 2024-01-19

  • Don't use regular expressions for striptags, avoiding a performance
    issue. :pr:413

v2.1.3

Compare Source

Released 2023-06-02

  • Implement format_map, casefold, removeprefix, and removesuffix
    methods. :issue:370
  • Fix static typing for basic str methods on Markup. :issue:358
  • Use Self for annotating return types. :pr:379

v2.1.2

Compare Source

Released 2023-01-17

  • Fix striptags not stripping tags containing newlines.
    :issue:310

v2.1.1

Compare Source

Released 2022-03-14

  • Avoid ambiguous regex matches in striptags. :pr:293

v2.1.0

Compare Source

Released 2022-02-17

  • Drop support for Python 3.6. :pr:262
  • Remove soft_unicode, which was previously deprecated. Use
    soft_str instead. :pr:261
  • Raise error on missing single placeholder during string
    interpolation. :issue:225
  • Disable speedups module for GraalPython. :issue:277

v2.0.1

Compare Source

Released 2021-05-18

  • Mark top-level names as exported so type checking understands
    imports in user projects. :pr:215
  • Fix some types that weren't available in Python 3.6.0. :pr:215

v2.0.0

Compare Source

Released 2021-05-11

  • Drop Python 2.7, 3.4, and 3.5 support.
  • Markup.unescape uses :func:html.unescape to support HTML5
    character references. :pr:117
  • Add type annotations for static typing tools. :pr:149

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@secure-code-warrior-for-github
Copy link

Micro-Learning Topic: SQL injection (Detected by phrase)

Matched on "sqli"

What is this? (2min video)

This is probably one of the two most exploited vulnerabilities in web applications and has led to a number of high profile company breaches. It occurs when an application fails to sanitize or validate input before using it to dynamically construct a statement. An attacker that exploits this vulnerability will be able to gain access to the underlying database and view or modify data without permission.

Try a challenge in Secure Code Warrior

Helpful references

@renovate renovate bot force-pushed the renovate/markupsafe-3.x branch from e936ad4 to dcce6c5 Compare August 21, 2025 10:31
@github-actions
Copy link

github-actions bot commented Aug 21, 2025
edited
Loading

🔐 Secure Code Review (AI)

No eligible code changes.

Models can make mistakes. Verify before merging.

@renovate renovate bot force-pushed the renovate/markupsafe-3.x branch 12 times, most recently from ee55f8f to 9e9d362 Compare August 22, 2025 07:14
@renovate renovate bot force-pushed the renovate/markupsafe-3.x branch from 9e9d362 to fef115c Compare August 22, 2025 07:15
@sonarqubecloud
Copy link

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant