disfactory-notification

Month: 2025-03

2020-09 (51)
2020-10 (92)
2020-11 (209)
2020-12 (97)
2021-01 (87)
2021-02 (160)
2021-03 (231)
2021-04 (149)
2021-05 (142)
2021-06 (115)
2021-07 (70)
2021-08 (62)
2021-09 (103)
2021-10 (148)
2021-11 (159)
2021-12 (134)
2022-01 (128)
2022-02 (214)
2022-03 (264)
2022-04 (531)
2022-05 (198)
2022-06 (108)
2022-07 (130)
2022-08 (243)
2022-09 (248)
2022-10 (120)
2022-11 (126)
2022-12 (130)
2023-01 (89)
2023-02 (103)
2023-03 (169)
2023-04 (84)
2023-05 (166)
2023-06 (143)
2023-07 (149)
2023-08 (107)
2023-09 (136)
2023-10 (100)
2023-11 (118)
2023-12 (102)
2024-01 (72)
2024-02 (70)
2024-03 (100)
2024-04 (88)
2024-05 (2)
2024-06 (31)
2024-07 (4)
2024-08 (6)
2024-09 (6)
2024-10 (40)
2024-11 (21)
2024-12 (6)
2025-01 (6)
2025-02 (2)
2025-03 (7)

2025-03-05

github2 21:17:49

<https://github.com/Disfactory/Disfactory/issues/652|#652 新版地號格式支援問題>

這個是我們新提案想運用的資料：<https://www.cto.moea.gov.tw/FactoryMCLA/upload/information_upload/11401%E5%85%A7%E6%94%BF%E9%83%A8%E9%81%95%E5%8F%8D%E5%9C%9F%E5%9C%B0%E4%BD%BF%E7%94%A8%E6%9F%A5%E8%99%95%E5%90%8D%E5%96%AE.ods|各縣市疑似違反土地使用查處名單> 但遇到一個問題是表格裡面有新版、舊版地號混用的情況新版地號分別為地號母號、地號子號各4碼，一共為8碼例：啟明段01320002 (舊版為啟明段132-2地號) 所以也想確認我們地號轉經緯度的功能是否有同時支援新格式與舊格式？

github2 21:17:49

<https://github.com/Disfactory/Disfactory/issues/652|#652 新版地號格式支援問題>

<https://www.cto.moea.gov.tw/FactoryMCLA/upload/information_upload/11401%E5%85%A7%E6%94%BF%E9%83%A8%E9%81%95%E5%8F%8D%E5%9C%9F%E5%9C%B0%E4%BD%BF%E7%94%A8%E6%9F%A5%E8%99%95%E5%90%8D%E5%96%AE.ods|各縣市疑似違反土地使用查處名單> 新版地號分別為地號母號、地號子號各4碼，一共為8碼例：啟明段01320002 我們地號轉經緯度的功能是否有同時支援新格式與舊格式？

2025-03-06

github2 07:45:48

<https://github.com/Disfactory/Disfactory/pull/653|#653 Bump jinja2 from 3.0.1 to 3.1.6 in /backend>

Bumps <https://github.com/pallets/jinja|jinja2> from 3.0.1 to 3.1.6. Release notes _Sourced from <https://github.com/pallets/jinja/releases|jinja2's releases>._ > *3.1.6* > > This is the Jinja 3.1.6 security release, which fixes security issues but does not otherwise change behavior and should not result in breaking changes compared to the latest feature release. > PyPI: <https://pypi.org/project/Jinja2/3.1.6/|https://pypi.org/project/Jinja2/3.1.6/>Changes: <https://jinja.palletsprojects.com/en/stable/changes/#version-3-1-6|https://jinja.palletsprojects.com/en/stable/changes/#version-3-1-6> > • The `|attr` filter does not bypass the environment's attribute lookup, allowing the sandbox to apply its checks. <https://github.com/pallets/jinja/security/advisories/GHSA-cpwx-vrp4-4pq7 "GHSA-cpwx-vrp4-4pq7"|GHSA-cpwx-vrp4-4pq7> > > *3.1.5* > > This is the Jinja 3.1.5 security fix release, which fixes security issues and bugs but does not otherwise change behavior and should not result in breaking changes compared to the latest feature release. > PyPI: <https://pypi.org/project/Jinja2/3.1.5/|https://pypi.org/project/Jinja2/3.1.5/>Changes: <https://jinja.palletsprojects.com/changes/#version-3-1-5|https://jinja.palletsprojects.com/changes/#version-3-1-5>Milestone: <https://github.com/pallets/jinja/milestone/16?closed=1|https://github.com/pallets/jinja/milestone/16?closed=1> > • The sandboxed environment handles indirect calls to `str.format`, such as by passing a stored reference to a filter that calls its argument. <https://github.com/pallets/jinja/security/advisories/GHSA-q2x7-8rv6-6q7h|GHSA-q2x7-8rv6-6q7h> > • Escape template name before formatting it into error messages, to avoid issues with names that contain f-string syntax. <https://redirect.github.com/pallets/jinja/issues/1792|#1792>, <https://github.com/pallets/jinja/security/advisories/GHSA-gmj6-6f8f-6699|GHSA-gmj6-6f8f-6699> > • Sandbox does not allow `clear` and `pop` on known mutable sequence types. <https://redirect.github.com/pallets/jinja/issues/2032|#2032> > • Calling sync `render` for an async template uses `asyncio.run`. <https://redirect.github.com/pallets/jinja/issues/1952|#1952> > • Avoid unclosed `auto_aiter` warnings. <https://redirect.github.com/pallets/jinja/issues/1960|#1960> > • Return an `aclose`-able `AsyncGenerator` from `Template.generate_async`. <https://redirect.github.com/pallets/jinja/issues/1960|#1960> > • Avoid leaving `root_render_func()` unclosed in `Template.generate_async`. <https://redirect.github.com/pallets/jinja/issues/1960|#1960> > • Avoid leaving async generators unclosed in blocks, includes and extends. <https://redirect.github.com/pallets/jinja/issues/1960|#1960> > • The runtime uses the correct `concat` function for the current environment when calling block references. <https://redirect.github.com/pallets/jinja/issues/1701|#1701> > • Make `|unique` async-aware, allowing it to be used after another async-aware filter. <https://redirect.github.com/pallets/jinja/issues/1781|#1781> > • `|int` filter handles `OverflowError` from scientific notation. <https://redirect.github.com/pallets/jinja/issues/1921|#1921> > • Make compiling deterministic for tuple unpacking in a `{% set ... %}` call. <https://redirect.github.com/pallets/jinja/issues/2021|#2021> > • Fix dunder protocol (`copy`/`pickle`/etc) interaction with `Undefined` objects. <https://redirect.github.com/pallets/jinja/issues/2025|#2025> > • Fix `copy`/`pickle` support for the internal `missing` object. <https://redirect.github.com/pallets/jinja/issues/2027|#2027> > • `Environment.overlay(enable_async)` is applied correctly. <https://redirect.github.com/pallets/jinja/issues/2061|#2061> > • The error message from `FileSystemLoader` includes the paths that were searched. <https://redirect.github.com/pallets/jinja/issues/1661|#1661> > • `PackageLoader` shows a clearer error message when the package does not contain the templates directory. <https://redirect.github.com/pallets/jinja/issues/1705|#1705> > • Improve annotations for methods returning copies. <https://redirect.github.com/pallets/jinja/issues/1880|#1880> > • `urlize` does not add `mailto:` to values like `@a@b`. <https://redirect.github.com/pallets/jinja/issues/1870|#1870> > • Tests decorated with `@pass_context` can be used with the `|select` filter. <https://redirect.github.com/pallets/jinja/issues/1624|#1624> > • Using `set` for multiple assignment (`a, b = 1, 2`) does not fail when the target is a namespace attribute. <https://redirect.github.com/pallets/jinja/issues/1413|#1413> > • Using `set` in all branches of `{% if %}{% elif %}{% else %}` blocks does not cause the variable to be considered initially undefined. <https://redirect.github.com/pallets/jinja/issues/1253|#1253> > > *3.1.4* > > This is the Jinja 3.1.4 security release, which fixes security issues and bugs but does not otherwise change behavior and should not result in breaking changes. > PyPI: <https://pypi.org/project/Jinja2/3.1.4/|https://pypi.org/project/Jinja2/3.1.4/>Changes: <https://jinja.palletsprojects.com/en/3.1.x/changes/#version-3-1-4|https://jinja.palletsprojects.com/en/3.1.x/changes/#version-3-1-4> > • The `xmlattr` filter does not allow keys with `/` solidus, `>` greater-than sign, or `=` equals sign, in addition to disallowing spaces. Regardless of any validation done by Jinja, user input should never be used as keys to this filter, or must be separately validated first. <https://github.com/advisories/GHSA-h75v-3vvj-5mfj "GHSA-h75v-3vvj-5mfj"|GHSA-h75v-3vvj-5mfj> > > *3.1.3* > > This is a fix release for the 3.1.x feature branch. > • Fix for <https://github.com/pallets/jinja/security/advisories/GHSA-h5c8-rqwp-cp95|GHSA-h5c8-rqwp-cp95>. You are affected if you are using `xmlattr` and passing user input as attribute keys. ... (truncated) Changelog _Sourced from <https://github.com/pallets/jinja/blob/main/CHANGES.rst|jinja2's changelog>._ > *Version 3.1.6* > > Released 2025-03-05 > • The `|attr` filter does not bypass the environment's attribute lookup, allowing the sandbox to apply its checks. :ghsa:`cpwx-vrp4-4pq7` > > *Version 3.1.5* > > Released 2024-12-21 > • The sandboxed environment handles indirect calls to `str.format`, such as by passing a stored reference to a filter that calls its argument. :ghsa:`q2x7-8rv6-6q7h` > • Escape template name before formatting it into error messages, to avoid issues with names that contain f-string syntax. :issue:`1792`, :ghsa:`gmj6-6f8f-6699` > • Sandbox does not allow `clear` and `pop` on known mutable sequence types. :issue:`2032` > • Calling sync `render` for an async template uses `asyncio.run`. :pr:`1952` > • Avoid unclosed `auto_aiter` warnings. :pr:`1960` > • Return an `aclose`-able `AsyncGenerator` from`Template.generate_async`. :pr:`1960` > • Avoid leaving `root_render_func()` unclosed in`Template.generate_async`. :pr:`1960` > • Avoid leaving async generators unclosed in blocks, includes and extends. :pr:`1960` > • The runtime uses the correct `concat` function for the current environment when calling block references. :issue:`1701` > • Make `|unique` async-aware, allowing it to be used after another async-aware filter. :issue:`1781` > • `|int` filter handles `OverflowError` from scientific notation. :issue:`1921` > • Make compiling deterministic for tuple unpacking in a `{% set ... %}`call. :issue:`2021` > • Fix dunder protocol (`copy`/`pickle`/etc) interaction with `Undefined`objects. :issue:`2025` > • Fix `copy`/`pickle` support for the internal `missing` object. :issue:`2027` > • `Environment.overlay(enable_async)` is applied correctly. :pr:`2061` > • The error message from `FileSystemLoader` includes the paths that were searched. :issue:`1661` > • `PackageLoader` shows a clearer error message when t…

github2 07:45:48

<https://github.com/Disfactory/Disfactory/pull/653|#653 Bump jinja2 from 3.0.1 to 3.1.6 in /backend>

Bumps <https://github.com/pallets/jinja|jinja2> from 3.0.1 to 3.1.6. Release notes _Sourced from <https://github.com/pallets/jinja/releases|jinja2's releases>._ > *3.1.6* > > This is the Jinja 3.1.6 security release, which fixes security issues but does not otherwise change behavior and should not result in breaking changes compared to the latest feature release. > PyPI: <https://pypi.org/project/Jinja2/3.1.6/|https://pypi.org/project/Jinja2/3.1.6/>Changes: <https://jinja.palletsprojects.com/en/stable/changes/#version-3-1-6|https://jinja.palletsprojects.com/en/stable/changes/#version-3-1-6> > • The `|attr` filter does not bypass the environment's attribute lookup, allowing the sandbox to apply its checks. <https://github.com/pallets/jinja/security/advisories/GHSA-cpwx-vrp4-4pq7 "GHSA-cpwx-vrp4-4pq7"|GHSA-cpwx-vrp4-4pq7> > > *3.1.5* > > This is the Jinja 3.1.5 security fix release, which fixes security issues and bugs but does not otherwise change behavior and should not result in breaking changes compared to the latest feature release. > PyPI: <https://pypi.org/project/Jinja2/3.1.5/|https://pypi.org/project/Jinja2/3.1.5/>Changes: <https://jinja.palletsprojects.com/changes/#version-3-1-5|https://jinja.palletsprojects.com/changes/#version-3-1-5>Milestone: <https://github.com/pallets/jinja/milestone/16?closed=1|https://github.com/pallets/jinja/milestone/16?closed=1> > • The sandboxed environment handles indirect calls to `str.format`, such as by passing a stored reference to a filter that calls its argument. <https://github.com/pallets/jinja/security/advisories/GHSA-q2x7-8rv6-6q7h|GHSA-q2x7-8rv6-6q7h> > • Escape template name before formatting it into error messages, to avoid issues with names that contain f-string syntax. <https://redirect.github.com/pallets/jinja/issues/1792|#1792>, <https://github.com/pallets/jinja/security/advisories/GHSA-gmj6-6f8f-6699|GHSA-gmj6-6f8f-6699> > • Sandbox does not allow `clear` and `pop` on known mutable sequence types. <https://redirect.github.com/pallets/jinja/issues/2032|#2032> > • Calling sync `render` for an async template uses `asyncio.run`. <https://redirect.github.com/pallets/jinja/issues/1952|#1952> > • Avoid unclosed `auto_aiter` warnings. <https://redirect.github.com/pallets/jinja/issues/1960|#1960> > • Return an `aclose`-able `AsyncGenerator` from `Template.generate_async`. <https://redirect.github.com/pallets/jinja/issues/1960|#1960> > • Avoid leaving `root_render_func()` unclosed in `Template.generate_async`. <https://redirect.github.com/pallets/jinja/issues/1960|#1960> > • Avoid leaving async generators unclosed in blocks, includes and extends. <https://redirect.github.com/pallets/jinja/issues/1960|#1960> > • The runtime uses the correct `concat` function for the current environment when calling block references. <https://redirect.github.com/pallets/jinja/issues/1701|#1701> > • Make `|unique` async-aware, allowing it to be used after another async-aware filter. <https://redirect.github.com/pallets/jinja/issues/1781|#1781> > • `|int` filter handles `OverflowError` from scientific notation. <https://redirect.github.com/pallets/jinja/issues/1921|#1921> > • Make compiling deterministic for tuple unpacking in a `{% set ... %}` call. <https://redirect.github.com/pallets/jinja/issues/2021|#2021> > • Fix dunder protocol (`copy`/`pickle`/etc) interaction with `Undefined` objects. <https://redirect.github.com/pallets/jinja/issues/2025|#2025> > • Fix `copy`/`pickle` support for the internal `missing` object. <https://redirect.github.com/pallets/jinja/issues/2027|#2027> > • `Environment.overlay(enable_async)` is applied correctly. <https://redirect.github.com/pallets/jinja/issues/2061|#2061> > • The error message from `FileSystemLoader` includes the paths that were searched. <https://redirect.github.com/pallets/jinja/issues/1661|#1661> > • `PackageLoader` shows a clearer error message when the package does not contain the templates directory. <https://redirect.github.com/pallets/jinja/issues/1705|#1705> > • Improve annotations for methods returning copies. <https://redirect.github.com/pallets/jinja/issues/1880|#1880> > • `urlize` does not add `mailto:` to values like `@a@b`. <https://redirect.github.com/pallets/jinja/issues/1870|#1870> > • Tests decorated with `@pass_context` can be used with the `|select` filter. <https://redirect.github.com/pallets/jinja/issues/1624|#1624> > • Using `set` for multiple assignment (`a, b = 1, 2`) does not fail when the target is a namespace attribute. <https://redirect.github.com/pallets/jinja/issues/1413|#1413> > • Using `set` in all branches of `{% if %}{% elif %}{% else %}` blocks does not cause the variable to be considered initially undefined. <https://redirect.github.com/pallets/jinja/issues/1253|#1253> > > *3.1.4* > > This is the Jinja 3.1.4 security release, which fixes security issues and bugs but does not otherwise change behavior and should not result in breaking changes. > PyPI: <https://pypi.org/project/Jinja2/3.1.4/|https://pypi.org/project/Jinja2/3.1.4/>Changes: <https://jinja.palletsprojects.com/en/3.1.x/changes/#version-3-1-4|https://jinja.palletsprojects.com/en/3.1.x/changes/#version-3-1-4> > • The `xmlattr` filter does not allow keys with `/` solidus, `>` greater-than sign, or `=` equals sign, in addition to disallowing spaces. Regardless of any validation done by Jinja, user input should never be used as keys to this filter, or must be separately validated first. <https://github.com/advisories/GHSA-h75v-3vvj-5mfj "GHSA-h75v-3vvj-5mfj"|GHSA-h75v-3vvj-5mfj> > > *3.1.3* > > This is a fix release for the 3.1.x feature branch. > • Fix for <https://github.com/pallets/jinja/security/advisories/GHSA-h5c8-rqwp-cp95|GHSA-h5c8-rqwp-cp95>. You are affected if you are using `xmlattr` and passing user input as attribute keys. ... (truncated) Changelog _Sourced from <https://github.com/pallets/jinja/blob/main/CHANGES.rst|jinja2's changelog>._ > *Version 3.1.6* > > Released 2025-03-05 > • The `|attr` filter does not bypass the environment's attribute lookup, allowing the sandbox to apply its checks. :ghsa:`cpwx-vrp4-4pq7` > > *Version 3.1.5* > > Released 2024-12-21 > • The sandboxed environment handles indirect calls to `str.format`, such as by passing a stored reference to a filter that calls its argument. :ghsa:`q2x7-8rv6-6q7h` > • Escape template name before formatting it into error messages, to avoid issues with names that contain f-string syntax. :issue:`1792`, :ghsa:`gmj6-6f8f-6699` > • Sandbox does not allow `clear` and `pop` on known mutable sequence types. :issue:`2032` > • Calling sync `render` for an async template uses `asyncio.run`. :pr:`1952` > • Avoid unclosed `auto_aiter` warnings. :pr:`1960` > • Return an `aclose`-able `AsyncGenerator` from`Template.generate_async`. :pr:`1960` > • Avoid leaving `root_render_func()` unclosed in`Template.generate_async`. :pr:`1960` > • Avoid leaving async generators unclosed in blocks, includes and extends. :pr:`1960` > • The runtime uses the correct `concat` function for the current environment when calling block references. :issue:`1701` > • Make `|unique` async-aware, allowing it to be used after another async-aware filter. :issue:`1781` > • `|int` filter handles `OverflowError` from scientific notation. :issue:`1921` > • Make compiling deterministic for tuple unpacking in a `{% set ... %}`call. :issue:`2021` > • Fix dunder protocol (`copy`/`pickle`/etc) interaction with `Undefined`objects. :issue:`2025` > • Fix `copy`/`pickle` support for the internal `missing` object. :issue:`2027` > • `Environment.overlay(enable_async)` is applied correctly. :pr:`2061` > • The error message from `FileSystemLoader` includes the paths that were searched. :issue:`1661` > • `PackageLoader` shows a clearer error message when t…

github2 07:45:50

<https://github.com/Disfactory/Disfactory/pull/650|#650 Bump jinja2 from 3.0.1 to 3.1.5 in /backend>

Bumps <https://github.com/pallets/jinja|jinja2> from 3.0.1 to 3.1.5. Release notes _Sourced from <https://github.com/pallets/jinja/releases|jinja2's releases>._ > *3.1.5* > > This is the Jinja 3.1.5 security fix release, which fixes security issues and bugs but does not otherwise change behavior and should not result in breaking changes compared to the latest feature release. > PyPI: <https://pypi.org/project/Jinja2/3.1.5/|https://pypi.org/project/Jinja2/3.1.5/>Changes: <https://jinja.palletsprojects.com/changes/#version-3-1-5|https://jinja.palletsprojects.com/changes/#version-3-1-5>Milestone: <https://github.com/pallets/jinja/milestone/16?closed=1|https://github.com/pallets/jinja/milestone/16?closed=1> > • The sandboxed environment handles indirect calls to `str.format`, such as by passing a stored reference to a filter that calls its argument. <https://github.com/pallets/jinja/security/advisories/GHSA-q2x7-8rv6-6q7h|GHSA-q2x7-8rv6-6q7h> > • Escape template name before formatting it into error messages, to avoid issues with names that contain f-string syntax. <https://redirect.github.com/pallets/jinja/issues/1792|#1792>, <https://github.com/pallets/jinja/security/advisories/GHSA-gmj6-6f8f-6699|GHSA-gmj6-6f8f-6699> > • Sandbox does not allow `clear` and `pop` on known mutable sequence types. <https://redirect.github.com/pallets/jinja/issues/2032|#2032> > • Calling sync `render` for an async template uses `asyncio.run`. <https://redirect.github.com/pallets/jinja/issues/1952|#1952> > • Avoid unclosed `auto_aiter` warnings. <https://redirect.github.com/pallets/jinja/issues/1960|#1960> > • Return an `aclose`-able `AsyncGenerator` from `Template.generate_async`. <https://redirect.github.com/pallets/jinja/issues/1960|#1960> > • Avoid leaving `root_render_func()` unclosed in `Template.generate_async`. <https://redirect.github.com/pallets/jinja/issues/1960|#1960> > • Avoid leaving async generators unclosed in blocks, includes and extends. <https://redirect.github.com/pallets/jinja/issues/1960|#1960> > • The runtime uses the correct `concat` function for the current environment when calling block references. <https://redirect.github.com/pallets/jinja/issues/1701|#1701> > • Make `|unique` async-aware, allowing it to be used after another async-aware filter. <https://redirect.github.com/pallets/jinja/issues/1781|#1781> > • `|int` filter handles `OverflowError` from scientific notation. <https://redirect.github.com/pallets/jinja/issues/1921|#1921> > • Make compiling deterministic for tuple unpacking in a `{% set ... %}` call. <https://redirect.github.com/pallets/jinja/issues/2021|#2021> > • Fix dunder protocol (`copy`/`pickle`/etc) interaction with `Undefined` objects. <https://redirect.github.com/pallets/jinja/issues/2025|#2025> > • Fix `copy`/`pickle` support for the internal `missing` object. <https://redirect.github.com/pallets/jinja/issues/2027|#2027> > • `Environment.overlay(enable_async)` is applied correctly. <https://redirect.github.com/pallets/jinja/issues/2061|#2061> > • The error message from `FileSystemLoader` includes the paths that were searched. <https://redirect.github.com/pallets/jinja/issues/1661|#1661> > • `PackageLoader` shows a clearer error message when the package does not contain the templates directory. <https://redirect.github.com/pallets/jinja/issues/1705|#1705> > • Improve annotations for methods returning copies. <https://redirect.github.com/pallets/jinja/issues/1880|#1880> > • `urlize` does not add `mailto:` to values like `@a@b`. <https://redirect.github.com/pallets/jinja/issues/1870|#1870> > • Tests decorated with `@pass_context` can be used with the `|select` filter. <https://redirect.github.com/pallets/jinja/issues/1624|#1624> > • Using `set` for multiple assignment (`a, b = 1, 2`) does not fail when the target is a namespace attribute. <https://redirect.github.com/pallets/jinja/issues/1413|#1413> > • Using `set` in all branches of `{% if %}{% elif %}{% else %}` blocks does not cause the variable to be considered initially undefined. <https://redirect.github.com/pallets/jinja/issues/1253|#1253> > > *3.1.4* > > This is the Jinja 3.1.4 security release, which fixes security issues and bugs but does not otherwise change behavior and should not result in breaking changes. > PyPI: <https://pypi.org/project/Jinja2/3.1.4/|https://pypi.org/project/Jinja2/3.1.4/>Changes: <https://jinja.palletsprojects.com/en/3.1.x/changes/#version-3-1-4|https://jinja.palletsprojects.com/en/3.1.x/changes/#version-3-1-4> > • The `xmlattr` filter does not allow keys with `/` solidus, `>` greater-than sign, or `=` equals sign, in addition to disallowing spaces. Regardless of any validation done by Jinja, user input should never be used as keys to this filter, or must be separately validated first. <https://github.com/advisories/GHSA-h75v-3vvj-5mfj "GHSA-h75v-3vvj-5mfj"|GHSA-h75v-3vvj-5mfj> > > *3.1.3* > > This is a fix release for the 3.1.x feature branch. > • Fix for <https://github.com/pallets/jinja/security/advisories/GHSA-h5c8-rqwp-cp95|GHSA-h5c8-rqwp-cp95>. You are affected if you are using `xmlattr` and passing user input as attribute keys. > • Changes: <https://jinja.palletsprojects.com/en/3.1.x/changes/#version-3-1-3|https://jinja.palletsprojects.com/en/3.1.x/changes/#version-3-1-3> > • Milestone: <https://github.com/pallets/jinja/milestone/15?closed=1|https://github.com/pallets/jinja/milestone/15?closed=1> > > *3.1.2* > > This is a fix release for the <https://github.com/pallets/jinja/releases/tag/3.1.0|3.1.0> feature release. > • Changes: <https://jinja.palletsprojects.com/en/3.1.x/changes/#version-3-1-2|https://jinja.palletsprojects.com/en/3.1.x/changes/#version-3-1-2> > • Milestone: <https://github.com/pallets/jinja/milestone/13?closed=1|https://github.com/pallets/jinja/milestone/13?closed=1> ... (truncated) Changelog _Sourced from <https://github.com/pallets/jinja/blob/main/CHANGES.rst|jinja2's changelog>._ > *Version 3.1.5* > > Released 2024-12-21 > • The sandboxed environment handles indirect calls to `str.format`, such as by passing a stored reference to a filter that calls its argument. :ghsa:`q2x7-8rv6-6q7h` > • Escape template name before formatting it into error messages, to avoid issues with names that contain f-string syntax. :issue:`1792`, :ghsa:`gmj6-6f8f-6699` > • Sandbox does not allow `clear` and `pop` on known mutable sequence types. :issue:`2032` > • Calling sync `render` for an async template uses `asyncio.run`. :pr:`1952` > • Avoid unclosed `auto_aiter` warnings. :pr:`1960` > • Return an `aclose`-able `AsyncGenerator` from`Template.generate_async`. :pr:`1960` > • Avoid leaving `root_render_func()` unclosed in`Template.generate_async`. :pr:`1960` > • Avoid leaving async generators unclosed in blocks, includes and extends. :pr:`1960` > • The runtime uses the correct `concat` function for the current environment when calling block references. :issue:`1701` > • Make `|unique` async-aware, allowing it to be used after another async-aware filter. :issue:`1781` > • `|int` filter handles `OverflowError` from scientific notation. :issue:`1921` > • Make compiling deterministic for tuple unpacking in a `{% set ... %}`call. :issue:`2021` > • Fix dunder protocol (`copy`/`pickle`/etc) interaction with `Undefined`objects. :issue:`2025` > • Fix `copy`/`pickle` support for the internal `missing` object. :issue:`2027` > • `Environment.overlay(enable_async)` is applied correctly. :pr:`2061` > • The error message from `FileSystemLoader` includes the paths that were searched. :issue:`1661` > • `PackageLoader` shows a clearer error message when the package does not contain the templates directory. :issue:`1705` > • Improve annotations for methods returning copies. :pr:`1880` > • `urlize` does not add `mailto:` to values like `@a@b`. …

github2 2025-03-06 07:45:50

github2 07:45:50

<https://github.com/Disfactory/Disfactory/pull/650|#650 Bump jinja2 from 3.0.1 to 3.1.5 in /backend>

Bumps <https://github.com/pallets/jinja|jinja2> from 3.0.1 to 3.1.5. Release notes _Sourced from <https://github.com/pallets/jinja/releases|jinja2's releases>._ > *3.1.5* > > This is the Jinja 3.1.5 security fix release, which fixes security issues and bugs but does not otherwise change behavior and should not result in breaking changes compared to the latest feature release. > PyPI: <https://pypi.org/project/Jinja2/3.1.5/|https://pypi.org/project/Jinja2/3.1.5/>Changes: <https://jinja.palletsprojects.com/changes/#version-3-1-5|https://jinja.palletsprojects.com/changes/#version-3-1-5>Milestone: <https://github.com/pallets/jinja/milestone/16?closed=1|https://github.com/pallets/jinja/milestone/16?closed=1> > • The sandboxed environment handles indirect calls to `str.format`, such as by passing a stored reference to a filter that calls its argument. <https://github.com/pallets/jinja/security/advisories/GHSA-q2x7-8rv6-6q7h|GHSA-q2x7-8rv6-6q7h> > • Escape template name before formatting it into error messages, to avoid issues with names that contain f-string syntax. <https://redirect.github.com/pallets/jinja/issues/1792|#1792>, <https://github.com/pallets/jinja/security/advisories/GHSA-gmj6-6f8f-6699|GHSA-gmj6-6f8f-6699> > • Sandbox does not allow `clear` and `pop` on known mutable sequence types. <https://redirect.github.com/pallets/jinja/issues/2032|#2032> > • Calling sync `render` for an async template uses `asyncio.run`. <https://redirect.github.com/pallets/jinja/issues/1952|#1952> > • Avoid unclosed `auto_aiter` warnings. <https://redirect.github.com/pallets/jinja/issues/1960|#1960> > • Return an `aclose`-able `AsyncGenerator` from `Template.generate_async`. <https://redirect.github.com/pallets/jinja/issues/1960|#1960> > • Avoid leaving `root_render_func()` unclosed in `Template.generate_async`. <https://redirect.github.com/pallets/jinja/issues/1960|#1960> > • Avoid leaving async generators unclosed in blocks, includes and extends. <https://redirect.github.com/pallets/jinja/issues/1960|#1960> > • The runtime uses the correct `concat` function for the current environment when calling block references. <https://redirect.github.com/pallets/jinja/issues/1701|#1701> > • Make `|unique` async-aware, allowing it to be used after another async-aware filter. <https://redirect.github.com/pallets/jinja/issues/1781|#1781> > • `|int` filter handles `OverflowError` from scientific notation. <https://redirect.github.com/pallets/jinja/issues/1921|#1921> > • Make compiling deterministic for tuple unpacking in a `{% set ... %}` call. <https://redirect.github.com/pallets/jinja/issues/2021|#2021> > • Fix dunder protocol (`copy`/`pickle`/etc) interaction with `Undefined` objects. <https://redirect.github.com/pallets/jinja/issues/2025|#2025> > • Fix `copy`/`pickle` support for the internal `missing` object. <https://redirect.github.com/pallets/jinja/issues/2027|#2027> > • `Environment.overlay(enable_async)` is applied correctly. <https://redirect.github.com/pallets/jinja/issues/2061|#2061> > • The error message from `FileSystemLoader` includes the paths that were searched. <https://redirect.github.com/pallets/jinja/issues/1661|#1661> > • `PackageLoader` shows a clearer error message when the package does not contain the templates directory. <https://redirect.github.com/pallets/jinja/issues/1705|#1705> > • Improve annotations for methods returning copies. <https://redirect.github.com/pallets/jinja/issues/1880|#1880> > • `urlize` does not add `mailto:` to values like `@a@b`. <https://redirect.github.com/pallets/jinja/issues/1870|#1870> > • Tests decorated with `@pass_context` can be used with the `|select` filter. <https://redirect.github.com/pallets/jinja/issues/1624|#1624> > • Using `set` for multiple assignment (`a, b = 1, 2`) does not fail when the target is a namespace attribute. <https://redirect.github.com/pallets/jinja/issues/1413|#1413> > • Using `set` in all branches of `{% if %}{% elif %}{% else %}` blocks does not cause the variable to be considered initially undefined. <https://redirect.github.com/pallets/jinja/issues/1253|#1253> > > *3.1.4* > > This is the Jinja 3.1.4 security release, which fixes security issues and bugs but does not otherwise change behavior and should not result in breaking changes. > PyPI: <https://pypi.org/project/Jinja2/3.1.4/|https://pypi.org/project/Jinja2/3.1.4/>Changes: <https://jinja.palletsprojects.com/en/3.1.x/changes/#version-3-1-4|https://jinja.palletsprojects.com/en/3.1.x/changes/#version-3-1-4> > • The `xmlattr` filter does not allow keys with `/` solidus, `>` greater-than sign, or `=` equals sign, in addition to disallowing spaces. Regardless of any validation done by Jinja, user input should never be used as keys to this filter, or must be separately validated first. <https://github.com/advisories/GHSA-h75v-3vvj-5mfj "GHSA-h75v-3vvj-5mfj"|GHSA-h75v-3vvj-5mfj> > > *3.1.3* > > This is a fix release for the 3.1.x feature branch. > • Fix for <https://github.com/pallets/jinja/security/advisories/GHSA-h5c8-rqwp-cp95|GHSA-h5c8-rqwp-cp95>. You are affected if you are using `xmlattr` and passing user input as attribute keys. > • Changes: <https://jinja.palletsprojects.com/en/3.1.x/changes/#version-3-1-3|https://jinja.palletsprojects.com/en/3.1.x/changes/#version-3-1-3> > • Milestone: <https://github.com/pallets/jinja/milestone/15?closed=1|https://github.com/pallets/jinja/milestone/15?closed=1> > > *3.1.2* > > This is a fix release for the <https://github.com/pallets/jinja/releases/tag/3.1.0|3.1.0> feature release. > • Changes: <https://jinja.palletsprojects.com/en/3.1.x/changes/#version-3-1-2|https://jinja.palletsprojects.com/en/3.1.x/changes/#version-3-1-2> > • Milestone: <https://github.com/pallets/jinja/milestone/13?closed=1|https://github.com/pallets/jinja/milestone/13?closed=1> ... (truncated) Changelog _Sourced from <https://github.com/pallets/jinja/blob/main/CHANGES.rst|jinja2's changelog>._ > *Version 3.1.5* > > Released 2024-12-21 > • The sandboxed environment handles indirect calls to `str.format`, such as by passing a stored reference to a filter that calls its argument. :ghsa:`q2x7-8rv6-6q7h` > • Escape template name before formatting it into error messages, to avoid issues with names that contain f-string syntax. :issue:`1792`, :ghsa:`gmj6-6f8f-6699` > • Sandbox does not allow `clear` and `pop` on known mutable sequence types. :issue:`2032` > • Calling sync `render` for an async template uses `asyncio.run`. :pr:`1952` > • Avoid unclosed `auto_aiter` warnings. :pr:`1960` > • Return an `aclose`-able `AsyncGenerator` from`Template.generate_async`. :pr:`1960` > • Avoid leaving `root_render_func()` unclosed in`Template.generate_async`. :pr:`1960` > • Avoid leaving async generators unclosed in blocks, includes and extends. :pr:`1960` > • The runtime uses the correct `concat` function for the current environment when calling block references. :issue:`1701` > • Make `|unique` async-aware, allowing it to be used after another async-aware filter. :issue:`1781` > • `|int` filter handles `OverflowError` from scientific notation. :issue:`1921` > • Make compiling deterministic for tuple unpacking in a `{% set ... %}`call. :issue:`2021` > • Fix dunder protocol (`copy`/`pickle`/etc) interaction with `Undefined`objects. :issue:`2025` > • Fix `copy`/`pickle` support for the internal `missing` object. :issue:`2027` > • `Environment.overlay(enable_async)` is applied correctly. :pr:`2061` > • The error message from `FileSystemLoader` includes the paths that were searched. :issue:`1661` > • `PackageLoader` shows a clearer error message when the package does not contain the templates directory. :issue:`1705` > • Improve annotations for methods returning copies. :pr:`1880` > • `urlize` does not add `mailto:` to values like `@a@b`. …

github2 2025-03-06 07:45:50

github2 07:45:50

<https://github.com/Disfactory/Disfactory/pull/650|#650 Bump jinja2 from 3.0.1 to 3.1.5 in /backend>

github2 2025-03-06 07:45:50