Data

Tools

Indexes

Applications

Experiments

Open Source Science

Recent Releases of jinja2

jinja2 -

This is the Jinja 3.1.6 security release, which fixes security issues but does not otherwise change behavior and should not result in breaking changes compared to the latest feature release.

PyPI: https://pypi.org/project/Jinja2/3.1.6/ Changes: https://jinja.palletsprojects.com/en/stable/changes/#version-3-1-6

  • The |attr filter does not bypass the environment's attribute lookup, allowing the sandbox to apply its checks. https://github.com/pallets/jinja/security/advisories/GHSA-cpwx-vrp4-4pq7

- Python
Published by github-actions[bot] 12 months ago

jinja2 -

This is the Jinja 3.1.5 security fix release, which fixes security issues and bugs but does not otherwise change behavior and should not result in breaking changes compared to the latest feature release.

PyPI: https://pypi.org/project/Jinja2/3.1.5/ Changes: https://jinja.palletsprojects.com/changes/#version-3-1-5 Milestone: https://github.com/pallets/jinja/milestone/16?closed=1

  • The sandboxed environment handles indirect calls to str.format, such as by passing a stored reference to a filter that calls its argument. GHSA-q2x7-8rv6-6q7h
  • Escape template name before formatting it into error messages, to avoid issues with names that contain f-string syntax. #1792, GHSA-gmj6-6f8f-6699
  • Sandbox does not allow clear and pop on known mutable sequence types. #2032
  • Calling sync render for an async template uses asyncio.run. #1952
  • Avoid unclosed auto_aiter warnings. #1960
  • Return an aclose-able AsyncGenerator from Template.generate_async. #1960
  • Avoid leaving root_render_func() unclosed in Template.generate_async. #1960
  • Avoid leaving async generators unclosed in blocks, includes and extends. #1960
  • The runtime uses the correct concat function for the current environment when calling block references. #1701
  • Make |unique async-aware, allowing it to be used after another async-aware filter. #1781
  • |int filter handles OverflowError from scientific notation. #1921
  • Make compiling deterministic for tuple unpacking in a {% set ... %} call. #2021
  • Fix dunder protocol (copy/pickle/etc) interaction with Undefined objects. #2025
  • Fix copy/pickle support for the internal missing object. #2027
  • Environment.overlay(enable_async) is applied correctly. #2061
  • The error message from FileSystemLoader includes the paths that were searched. #1661
  • PackageLoader shows a clearer error message when the package does not contain the templates directory. #1705
  • Improve annotations for methods returning copies. #1880
  • urlize does not add mailto: to values like @a@b. #1870
  • Tests decorated with @pass_context can be used with the |select filter. #1624
  • Using set for multiple assignment (a, b = 1, 2) does not fail when the target is a namespace attribute. #1413
  • Using set in all branches of {% if %}{% elif %}{% else %} blocks does not cause the variable to be considered initially undefined. #1253

- Python
Published by github-actions[bot] about 1 year ago

jinja2 -

This is the Jinja 3.1.4 security release, which fixes security issues and bugs but does not otherwise change behavior and should not result in breaking changes.

PyPI: https://pypi.org/project/Jinja2/3.1.4/ Changes: https://jinja.palletsprojects.com/en/3.1.x/changes/#version-3-1-4

  • The xmlattr filter does not allow keys with / solidus, > greater-than sign, or = equals sign, in addition to disallowing spaces. Regardless of any validation done by Jinja, user input should never be used as keys to this filter, or must be separately validated first. GHSA-h75v-3vvj-5mfj

- Python
Published by github-actions[bot] almost 2 years ago

jinja2 -

This is a fix release for the 3.1.x feature branch.

  • Fix for GHSA-h5c8-rqwp-cp95. You are affected if you are using xmlattr and passing user input as attribute keys.
  • Changes: https://jinja.palletsprojects.com/en/3.1.x/changes/#version-3-1-3
  • Milestone: https://github.com/pallets/jinja/milestone/15?closed=1

- Python
Published by github-actions[bot] about 2 years ago

jinja2 -

This is a fix release for the 3.1.0 feature release.

  • Changes: https://jinja.palletsprojects.com/en/3.1.x/changes/#version-3-1-2
  • Milestone: https://github.com/pallets/jinja/milestone/13?closed=1

- Python
Published by davidism almost 4 years ago

jinja2 -

  • Changes: https://jinja.palletsprojects.com/en/3.1.x/changes/#version-3-1-1
  • Milestone: https://github.com/pallets/jinja/milestone/12?closed=1

- Python
Published by davidism almost 4 years ago

jinja2 -

This is a feature release, which includes new features and removes previously deprecated features. The 3.1.x branch is now the supported bugfix branch, the 3.0.x branch has become a tag marking the end of support for that branch. We encourage everyone to upgrade, and to use a tool such as pip-tools to pin all dependencies and control upgrades. We also encourage upgrading to MarkupSafe 2.1.1, the latest version at this time.

  • Changes: https://jinja.palletsprojects.com/en/3.1.x/changes/#version-3-1-0
  • Milestone: https://github.com/pallets/jinja/milestone/8?closed=1
  • MarkupSafe changes: https://markupsafe.palletsprojects.com/en/2.1.x/changes/#version-2-1-1

- Python
Published by davidism almost 4 years ago

jinja2 -

  • Changes: https://jinja.palletsprojects.com/en/3.0.x/changes/#version-3-0-3

- Python
Published by davidism over 4 years ago

jinja2 -

  • Changes: https://jinja.palletsprojects.com/en/3.0.x/changes/#version-3-0-2

- Python
Published by davidism over 4 years ago

jinja2 -

  • Changes: https://jinja.palletsprojects.com/en/3.0.x/changes/#version-3-0-1

- Python
Published by davidism almost 5 years ago

jinja2 -

New major versions of all the core Pallets libraries, including Jinja 3.0, have been released! :tada:

  • Read the announcement on our blog: https://palletsprojects.com/blog/flask-2-0-released/
  • Read the full list of changes: https://jinja.palletsprojects.com/changes/#version-3-0-0
  • Retweet the announcement on Twitter: https://twitter.com/PalletsTeam/status/1392266507296514048
  • Follow our blog, Twitter, or GitHub to see future announcements.

This represents a significant amount of work, and there are quite a few changes. Be sure to carefully read the changelog, and use tools such as pip-compile and Dependabot to pin your dependencies and control your updates.

- Python
Published by davidism almost 5 years ago

jinja2 -

Fixes an issue with the deprecated Markup subclass, #1401.

  • Changes: https://jinja.palletsprojects.com/en/master/changes/#version-3-0-0

- Python
Published by davidism almost 5 years ago

jinja2 -

  • Changes: https://jinja.palletsprojects.com/en/master/changes/#version-3-0-0

- Python
Published by davidism almost 5 years ago

jinja2 -

This contains a fix for a speed issue with the urlize filter. urlize is likely to be called on untrusted user input. For certain inputs some of the regular expressions used to parse the text could take a very long time due to backtracking. As part of the fix, the email matching became slightly stricter. The various speedups apply to urlize in general, not just the specific input cases.

  • PyPI: https://pypi.org/project/Jinja2/2.11.3/
  • Changes: https://jinja.palletsprojects.com/en/2.11.x/changelog/#version-2-11-3

- Python
Published by davidism about 5 years ago

jinja2 -

  • Changelog: https://jinja.palletsprojects.com/en/2.11.x/changelog/#version-2-11-2

- Python
Published by davidism almost 6 years ago

jinja2 -

This fixes an issue in async environment when indexing the result of an attribute lookup, like {{ data.items[1:] }}.

  • Changes: https://jinja.palletsprojects.com/en/2.11.x/changelog/#version-2-11-1

- Python
Published by davidism about 6 years ago

jinja2 -

  • Changes: https://jinja.palletsprojects.com/en/2.11.x/changelog/#version-2-11-0
  • Blog: https://palletsprojects.com/blog/jinja-2-11-0-released/
  • Twitter: https://twitter.com/PalletsTeam/status/1221883554537230336

This is the last version to support Python 2.7 and 3.5. The next version will be Jinja 3.0 and will support Python 3.6 and newer.

- Python
Published by davidism about 6 years ago

jinja2 -

  • Changes: http://jinja.palletsprojects.com/en/2.10.x/changelog/#version-2-10-3

- Python
Published by davidism over 6 years ago

jinja2 -

  • Changes: http://jinja.palletsprojects.com/en/2.10.x/changelog/#version-2-10-2

- Python
Published by davidism over 6 years ago

jinja2 -

  • Changes: https://jinja.palletsprojects.com/en/2.10.x/changelog/#version-2-10-1
  • Blog: https://palletsprojects.com/blog/jinja-2-10-1-released/
  • Twitter: https://twitter.com/PalletsTeam/status/1114605127308992513

- Python
Published by davidism almost 7 years ago

jinja2 - 2.10

Primary changes

  • A NativeEnvironment that renders Python types instead of strings. http://jinja.pocoo.org/docs/2.10/nativetypes/
  • A namespace object that works with {% set %}. This replaces previous hacks for storing state across iterations or scopes. http://jinja.pocoo.org/docs/2.10/templates/#assignments
  • The loop object now has nextitem and previtem attributes, as well as a changed method, for the common case of outputting something as a value in the loop changes. More complicated cases can use the namespace object. http://jinja.pocoo.org/docs/2.10/templates/#for

Install or upgrade

Install from PyPI with pip:

pip install -U Jinja2

Changelog

  • Added a new extension node called OverlayScope which can be used to create an unoptimized scope that will look up all variables from a derived context.
  • Added an in test that works like the in operator. This can be used in combination with reject and select.
  • Added previtem and nextitem to loop contexts, providing access to the previous/next item in the loop. If such an item does not exist, the value is undefined.
  • Added changed(*values) to loop contexts, providing an easy way of checking whether a value has changed since the last iteration (or rather since the last call of the method)
  • Added a namespace function that creates a special object which allows attribute assignment using the set tag. This can be used to carry data across scopes, e.g. from a loop body to code that comes after the loop.
  • Added a trimmed modifier to {% trans %} to strip linebreaks and surrounding whitespace. Also added a new policy to enable this for all trans blocks.
  • The random filter is no longer incorrectly constant folded and will produce a new random choice each time the template is rendered. (#478)
  • Added a unique filter. (#469)
  • Added min and max filters. (#475)
  • Added tests for all comparison operators: eq, ne, lt, le, gt, ge. (#665)
  • import statement cannot end with a trailing comma. (#617, #618)
  • indent filter will not indent blank lines by default. (#685)
  • Add reverse argument for dictsort filter. (#692)
  • Add a NativeEnvironment that renders templates to native Python types instead of strings. (#708)
  • Added filter support to the block set tag. (#489)
  • tojson filter marks output as safe to match documented behavior. (#718)
  • Resolved a bug where getting debug locals for tracebacks could modify template context.
  • Fixed a bug where having many {% elif ... %} blocks resulted in a "too many levels of indentation" error. These blocks now compile to native elif ..: instead of else: if ..: (#759)

- Python
Published by davidism over 8 years ago