Bump jinja2 from 2.7.3 to 2.10.1

[dependabot]

Bumps jinja2 from 2.7.3 to 2.10.1.

Release notes

Sourced from jinja2's releases.

2.10.1

• Changes: https://jinja.palletsprojects.com/en/2.10.x/changelog/#version-2-10-1
• Blog: https://palletsprojects.com/blog/jinja-2-10-1-released/
• Twitter: https://twitter.com/PalletsTeam/status/1114605127308992513

2.10

Primary changes

• A NativeEnvironment that renders Python types instead of strings. http://jinja.pocoo.org/docs/2.10/nativetypes/
• A namespace object that works with {% set %}. This replaces previous hacks for storing state across iterations or scopes. http://jinja.pocoo.org/docs/2.10/templates/#assignments
• The loop object now has nextitem and previtem attributes, as well as a changed method, for the common case of outputting something as a value in the loop changes. More complicated cases can use the namespace object. http://jinja.pocoo.org/docs/2.10/templates/#for

Install or upgrade

Install from PyPI with pip:

pip install -U Jinja2

Changelog

• Added a new extension node called OverlayScope which can be used to create an unoptimized scope that will look up all variables from a derived context.
• Added an in test that works like the in operator. This can be used in combination with reject and select.
• Added previtem and nextitem to loop contexts, providing access to the previous/next item in the loop. If such an item does not exist, the value is undefined.
• Added changed(*values) to loop contexts, providing an easy way of checking whether a value has changed since the last iteration (or rather since the last call of the method)
• Added a namespace function that creates a special object which allows attribute assignment using the set tag. This can be used to carry data across scopes, e.g. from a loop body to code that comes after the loop.
• Added a trimmed modifier to {% trans %} to strip linebreaks and surrounding whitespace. Also added a new policy to enable this for all trans blocks.
• The random filter is no longer incorrectly constant folded and will produce a new random choice each time the template is rendered. (#478)
• Added a unique filter. (#469)
• Added min and max filters. (#475)
• Added tests for all comparison operators: eq, ne, lt, le, gt, ge. (#665)
• import statement cannot end with a trailing comma. (#617, #618)
• indent filter will not indent blank lines by default. (#685)
• Add reverse argument for dictsort filter. (#692)
• Add a NativeEnvironment that renders templates to native Python types instead of strings. (#708)
• Added filter support to the block set tag. (#489)
• tojson filter marks output as safe to match documented behavior. (#718)
• Resolved a bug where getting debug locals for tracebacks could modify template context.
• Fixed a bug where having many {% elif ... %} blocks resulted in a "too many levels of indentation" error. These blocks now compile to native elif ..: instead of else: if ..: (#759)

Changelog

Sourced from jinja2's changelog.

Version 2.10.1

Released 2019-04-06

• SandboxedEnvironment securely handles str.format_map in order to prevent code execution through untrusted format strings. The sandbox already handled str.format.

Version 2.10

Released 2017-11-08

• Added a new extension node called OverlayScope which can be used to create an unoptimized scope that will look up all variables from a derived context.
• Added an in test that works like the in operator. This can be used in combination with reject and select.
• Added previtem and nextitem to loop contexts, providing access to the previous/next item in the loop. If such an item does not exist, the value is undefined.
• Added changed(*values) to loop contexts, providing an easy way of checking whether a value has changed since the last iteration (or rather since the last call of the method)
• Added a namespace function that creates a special object which allows attribute assignment using the set tag. This can be used to carry data across scopes, e.g. from a loop body to code that comes after the loop.
• Added a trimmed modifier to {% trans %} to strip linebreaks and surrounding whitespace. Also added a new policy to enable this for all trans blocks.
• The random filter is no longer incorrectly constant folded and will produce a new random choice each time the template is rendered. :pr:478
• Added a unique filter. :pr:469
• Added min and max filters. :pr:475
• Added tests for all comparison operators: eq, ne, lt, le, gt, ge. :pr:665
• import statement cannot end with a trailing comma. :pr:617, :pr:618
• indent filter will not indent blank lines by default. :pr:685
• Add reverse argument for dictsort filter. :pr:692
• Add a NativeEnvironment that renders templates to native Python types instead of strings. :pr:708
• Added filter support to the block set tag. :pr:489
• tojson filter marks output as safe to match documented behavior. :pr:718
• Resolved a bug where getting debug locals for tracebacks could

... (truncated)

Commits

• c4c4088 release 2.10.1
• a2a6c93 sandbox str.format_map
• 78d2f67 Bump version number to 2.10
• d9d3fc3 clean up MANIFEST.in
• 072cdf9 Support filters in set block
• d17c7db Merge pull request #708 from jctanner/NATIVE_TYPES
• 6a7a263 Merge branch 'master' into NATIVE_TYPES
• 31f92b5 Fix typo in docstring (#779)
• c314761 codecov needs argparse on 2.6
• 4750cf7 Minor docstring grammar fix (#772)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
• @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
• @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
• @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
• @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

[dependabot]

Superseded by #7.