Bump the pip group across 2 directories with 14 updates

[dependabot]

Bumps the pip group with 13 updates in the /python/fastapi directory:

Package	From	To
certifi	2024.2.2	2024.7.4
django	5.0.4	5.1.15
filelock	3.13.4	3.20.3
fonttools	4.51.0	4.60.2
h11	0.14.0	0.16.0
jinja2	3.1.3	3.1.6
jupyterlab	4.1.8	4.4.8
nbconvert	7.16.3	7.16.6
requests	2.31.0	2.32.4
starlette	0.37.2	0.49.1
torch	2.3.0	2.8.0
tornado	6.4	6.5
urllib3	2.2.1	2.6.3

Bumps the pip group with 2 updates in the /python/django directory: django and sqlparse.

Updates certifi from 2024.2.2 to 2024.7.4

Commits

• bd81538 2024.07.04 (#295)
• 06a2cbf Bump peter-evans/create-pull-request from 6.0.5 to 6.1.0 (#294)
• 13bba02 Bump actions/checkout from 4.1.6 to 4.1.7 (#293)
• e8abcd0 Bump pypa/gh-action-pypi-publish from 1.8.14 to 1.9.0 (#292)
• 124f4ad 2024.06.02 (#291)
• c2196ce --- (#290)
• fefdeec Bump actions/checkout from 4.1.4 to 4.1.5 (#289)
• 3c5fb15 Bump actions/download-artifact from 4.1.6 to 4.1.7 (#286)
• 4a9569a Bump actions/checkout from 4.1.2 to 4.1.4 (#287)
• 1fc8086 Bump peter-evans/create-pull-request from 6.0.4 to 6.0.5 (#288)
• Additional commits viewable in compare view

Updates django from 5.0.4 to 5.1.15

Commits

• 6ef1f6f [5.1.x] Bumped version for 5.1.15 release.
• 0db9ea4 [5.1.x] Fixed CVE-2025-64460 -- Corrected quadratic inner text accumulation i...
• 9c6a5bd [5.1.x] Fixed CVE-2025-13372 -- Protected FilteredRelation against SQL inject...
• e419ad8 [5.1.x] Added script to archive EOL stable branches.
• ca4251d [5.1.x] Refs #36743 -- Added missing release notes for 5.1.15 and 4.2.27.
• f354296 [5.1.x] Fixed #36743 -- Increased URL max length enforced in HttpResponseRedi...
• cae6f5c [5.1.x] Added timeout-minutes directive to all GitHub Actions workflows.
• 6f35c2e [5.1.x] Added stub release notes and release date for 5.1.15 and 4.2.27.
• a9311fc [5.1.x] Configured dangerous-triggers zizmor rule.
• dc29fe1 [5.1.x] Addressed unpinned-uses zizmor finding.
• Additional commits viewable in compare view

Updates filelock from 3.13.4 to 3.20.3

Release notes

Sourced from filelock's releases.

3.20.3

What's Changed

• Fix TOCTOU symlink vulnerability in SoftFileLock by @​gaborbernat in tox-dev/filelock#465

Full Changelog: tox-dev/filelock@3.20.2...3.20.3

3.20.2

What's Changed

• Support Unix systems without O_NOFOLLOW by @​mwilliamson in tox-dev/filelock#463
• [pre-commit.ci] pre-commit autoupdate by @​pre-commit-ci[bot] in tox-dev/filelock#464

New Contributors

• @​mwilliamson made their first contribution in tox-dev/filelock#463

Full Changelog: tox-dev/filelock@3.20.1...3.20.2

3.20.1

What's Changed

• CVE-2025-68146: Fix TOCTOU symlink vulnerability in lock file creation by @​gaborbernat in tox-dev/filelock#461

Full Changelog: tox-dev/filelock@3.20.0...3.20.1

3.20.0

What's Changed

• Add tox.toml to sdist by @​mtelka in tox-dev/filelock#436
• Update docs with example by @​znichollscr in tox-dev/filelock#438
• Add 3.14 support and drop 3.9 by @​gaborbernat in tox-dev/filelock#448

New Contributors

• @​mtelka made their first contribution in tox-dev/filelock#436
• @​znichollscr made their first contribution in tox-dev/filelock#438

Full Changelog: tox-dev/filelock@3.19.1...3.20.0

3.19.1

What's Changed

• add 3.14t (free threading) to matrix by @​paultiq in tox-dev/filelock#433
• Increase test coverage by @​paultiq in tox-dev/filelock#434

... (truncated)

Commits

• 41b42dd Fix TOCTOU symlink vulnerability in SoftFileLock (#465)
• f2e7d40 [pre-commit.ci] pre-commit autoupdate (#464)
• 5088854 Support Unix systems without O_NOFOLLOW (#463)
• 377f622 [pre-commit.ci] pre-commit autoupdate (#460)
• 4724d7f Fix TOCTOU symlink vulnerability in lock file creation (#461)
• cb69414 Bump actions/upload-artifact from 5 to 6 (#459)
• 0769294 Bump actions/download-artifact from 6 to 7 (#458)
• 414193a [pre-commit.ci] pre-commit autoupdate (#457)
• 1456797 [pre-commit.ci] pre-commit autoupdate (#456)
• 8d6bf90 Bump actions/checkout from 5 to 6 (#455)
• Additional commits viewable in compare view

Updates fonttools from 4.51.0 to 4.60.2

Release notes

Sourced from fonttools's releases.

4.60.2

• Backport release Same as 4.61.0 but without "Drop support for EOL Python 3.9" change to allow downstream projects still on Python 3.9 to avail of the security fix for CVE-2025-66034 (#3994, #3999).

4.60.1

• [ufoLib] Reverted accidental method name change in UFOReader.getKerningGroupConversionRenameMaps that broke compatibility with downstream projects like defcon (#3948, #3947, robotools/defcon#478).
• [ufoLib] Added test coverage for getKerningGroupConversionRenameMaps method (#3950).
• [subset] Don't try to subset BASE table; pass it through by default instead (#3949).
• [subset] Remove empty BaseRecord entries in MarkBasePos lookups (#3897, #3892).
• [subset] Add pruning for MarkLigPos and MarkMarkPos lookups (#3946).
• [subset] Remove duplicate features when subsetting (#3945).
• [Docs] Added documentation for the visitor module (#3944).

4.60.0

• [pointPen] Allow reverseFlipped parameter of DecomposingPointPen to take a ReverseFlipped enum value to control whether/how to reverse contour direction of flipped components, in addition to the existing True/False. This allows to set ReverseFlipped.ON_CURVE_FIRST to ensure that the decomposed outline starts with an on-curve point before being reversed, for better consistency with other segment-oriented contour transformations. The change is backward compatible, and the default behavior hasn't changed (#3934).

• [filterPen] Added ContourFilterPointPen, base pen for buffered contour operations, and OnCurveStartPointPen filter to ensure contours start with an on-curve point (#3934).

• [cu2qu] Fixed difference in cython vs pure-python complex division by real number (#3930).

• [varLib.avar] Refactored and added some new sub-modules and scripts (#3926).

  • varLib.avar.build module to build avar (and a missing fvar) binaries into a possibly empty TTFont,
  • varLib.avar.unbuild module to print a .designspace snippet that would generate the same avar binary,
  • varLib.avar.map module to take TTFont and do the mapping, in user/normalized space,
  • varLib.avar.plan module moved from varLib.avarPlanner.

  The bare fonttools varLib.avar script is deprecated, in favour of fonttools varLib.avar.build (or unbuild).

• [interpolatable] Clarify linear_sum_assignment backend options and minimal dependency usage (#3927).

• [post] Speed up build_psNameMapping (#3923).

• [ufoLib] Added typing annotations to fontTools.ufoLib (#3875).

4.59.2

• [varLib] Clear USE_MY_METRICS component flags when inconsistent across masters (#3912).
• [varLib.instancer] Avoid negative advance width/height values when instatiating HVAR/VVAR, (unlikely in well-behaved fonts) (#3918).
• [subset] Fix shaping behaviour when pruning empty mark sets (#3915, harfbuzz/harfbuzz#5499).
• [cu2qu] Fixed dot() product of perpendicular vectors not always returning exactly 0.0 in all Python implementations (#3911)
• [varLib.instancer] Implemented fully-instantiating avar2 fonts (#3909).
• [feaLib] Allow float values in VariableScalar's axis locations (#3906, #3907).
• [cu2qu] Handle special case in calc_intersect for degenerate cubic curves where 3 to 4 control points are equal (#3904).

4.59.1

• [featureVars] Update OS/2.usMaxContext if possible after addFeatureVariationsRaw (#3894).
• [vhmtx] raise TTLibError('not enough data...') when hmtx/vmtx are truncated (#3843, #3901).
• [feaLib] Combine duplicate features that have the same set of lookups regardless of the order in which those lookups are added to the feature (#3895).
• [varLib] Deprecate varLib.mutator in favor of varLib.instancer. The latter provides equivalent full (static font) instancing in addition to partial VF instancing.
  CLI users should replace fonttools varLib.mutator with fonttools varLib.instancer. API users should migrate to fontTools.varLib.instancer.instantiateVariableFont (#2680).

4.59.0

• Removed hard-dependency on pyfilesystem2 (fs package) from fonttools[ufo] extra. This is replaced by the fontTools.misc.filesystem package, a stdlib-only, drop-in replacement for the subset of the pyfilesystem2's API used by fontTools.ufoLib. The latter should continue to work with the upstream fs (we even test with/without). However, clients who wish to continue using fs can do so by depending on it directly instead of via the fonttools[ufo] extra (#3885, #3620).
• [xmlWriter] Replace illegal XML characters (e.g. control or non-characters) with "?" when dumping to ttx (#3868, #71).
• [varLib.hvar] Fixed vertical metrics fields copy/pasta error (#3884).
• Micro optimizations in ttLib and sstruct modules (#3878, #3879).
• [unicodedata] Add Garay script to RTL_SCRIPTS (#3882).

... (truncated)

Changelog

Sourced from fonttools's changelog.

4.60.2 (released 2025-12-09)

• Backport release Same as 4.61.0 but without "Drop support for EOL Python 3.9" change to allow downstream projects still on Python 3.9 to avail of the security fix for CVE-2025-66034 (#3994, #3999).

4.61.0 (released 2025-11-28)

• [varLib.main]: SECURITY Only use basename(vf.filename) to prevent path traversal attacks when running fonttools varLib command, or code which invokes fonttools.varLib.main(). Fixes CVE-2025-66034, see: GHSA-768j-98cg-p3fv.
• [feaLib] Sort BaseLangSysRecords by tag (#3986).
• Drop support for EOL Python 3.9 (#3982).
• [instancer] Support --remove-overlaps for fonts with CFF2 table (#3975).
• [CFF2ToCFF] Add --remove-overlaps option (#3976).
• [feaLib] Raise an error for rsub with NULL target (#3979).
• [bezierTools] Fix logic bug in curveCurveIntersections (#3963).
• [feaLib] Error when condition sets have the same name (#3958).
• [cu2qu.ufo] skip processing empty glyphs to support sparse kerning masters (#3956).
• [unicodedata] Update to Unicode 17. Require unicodedata2 >= 17.0.0 when installed with 'unicode' extra.

4.60.1 (released 2025-09-29)

• [ufoLib] Reverted accidental method name change in UFOReader.getKerningGroupConversionRenameMaps that broke compatibility with downstream projects like defcon (#3948, #3947, robotools/defcon#478).
• [ufoLib] Added test coverage for getKerningGroupConversionRenameMaps method (#3950).
• [subset] Don't try to subset BASE table; pass it through by default instead (#3949).
• [subset] Remove empty BaseRecord entries in MarkBasePos lookups (#3897, #3892).
• [subset] Add pruning for MarkLigPos and MarkMarkPos lookups (#3946).
• [subset] Remove duplicate features when subsetting (#3945).
• [Docs] Added documentation for the visitor module (#3944).

4.60.0 (released 2025-09-17)

• [pointPen] Allow reverseFlipped parameter of DecomposingPointPen to take a ReverseFlipped enum value to control whether/how to reverse contour direction of flipped components, in addition to the existing True/False. This allows to set ReverseFlipped.ON_CURVE_FIRST to ensure that the decomposed outline starts with an on-curve point before being reversed, for better consistency with other segment-oriented contour transformations. The change is backward compatible, and the default behavior hasn't changed (#3934).
• [filterPen] Added ContourFilterPointPen, base pen for buffered contour operations, and OnCurveStartPointPen filter to ensure contours start with an on-curve point (#3934).
• [cu2qu] Fixed difference in cython vs pure-python complex division by real number (#3930).
• [varLib.avar] Refactored and added some new sub-modules and scripts (#3926).
  • varLib.avar.build module to build avar (and a missing fvar) binaries into a possibly empty TTFont,
  • varLib.avar.unbuild module to print a .designspace snippet that would generate the same avar binary,

... (truncated)

Commits

• 78ba5e8 Release 4.60.2
• c3f9979 macos-13 runner is no more, use macos-15-intel
• 8016403 Revert "Merge pull request #3982 from fonttools/drop-py39"
• e691e3b Release 4.61.0
• c2d540f Update NEWS.rst
• 3859753 Update NEWS.rst
• 26eb070 black
• 5ff73af Merge commit from fork
• a696d5b varLib: only use the basename(vf.filename)
• b00bc45 varLib_test: test path traversal in variable-font filename
• Additional commits viewable in compare view

Updates h11 from 0.14.0 to 0.16.0

Commits

• 1c5b075 this time for surer
• d9c3699 this time for sure...
• d91b9dd blacken
• 5a4683c Soothe mypy
• 9c9567f Bump version to 0.16.0
• 114803a Merge commit from fork
• 9462006 Bump version to 0.15.0
• 70a96be Merge pull request #181 from Julien00859/Julien00859/get_int_max_str_digits
• 60782ad Reject Content-Length longer 1 billion TB
• dff7cc3 Validate Chunked-Encoding chunk footer
• Additional commits viewable in compare view

Updates jinja2 from 3.1.3 to 3.1.6

Release notes

Sourced from jinja2's releases.

3.1.6

This is the Jinja 3.1.6 security release, which fixes security issues but does not otherwise change behavior and should not result in breaking changes compared to the latest feature release.

PyPI: https://pypi.org/project/Jinja2/3.1.6/ Changes: https://jinja.palletsprojects.com/en/stable/changes/#version-3-1-6

• The |attr filter does not bypass the environment's attribute lookup, allowing the sandbox to apply its checks. GHSA-cpwx-vrp4-4pq7

3.1.5

This is the Jinja 3.1.5 security fix release, which fixes security issues and bugs but does not otherwise change behavior and should not result in breaking changes compared to the latest feature release.

PyPI: https://pypi.org/project/Jinja2/3.1.5/ Changes: https://jinja.palletsprojects.com/changes/#version-3-1-5 Milestone: https://github.com/pallets/jinja/milestone/16?closed=1

• The sandboxed environment handles indirect calls to str.format, such as by passing a stored reference to a filter that calls its argument. GHSA-q2x7-8rv6-6q7h
• Escape template name before formatting it into error messages, to avoid issues with names that contain f-string syntax. #1792, GHSA-gmj6-6f8f-6699
• Sandbox does not allow clear and pop on known mutable sequence types. #2032
• Calling sync render for an async template uses asyncio.run. #1952
• Avoid unclosed auto_aiter warnings. #1960
• Return an aclose-able AsyncGenerator from Template.generate_async. #1960
• Avoid leaving root_render_func() unclosed in Template.generate_async. #1960
• Avoid leaving async generators unclosed in blocks, includes and extends. #1960
• The runtime uses the correct concat function for the current environment when calling block references. #1701
• Make |unique async-aware, allowing it to be used after another async-aware filter. #1781
• |int filter handles OverflowError from scientific notation. #1921
• Make compiling deterministic for tuple unpacking in a {% set ... %} call. #2021
• Fix dunder protocol (copy/pickle/etc) interaction with Undefined objects. #2025
• Fix copy/pickle support for the internal missing object. #2027
• Environment.overlay(enable_async) is applied correctly. #2061
• The error message from FileSystemLoader includes the paths that were searched. #1661
• PackageLoader shows a clearer error message when the package does not contain the templates directory. #1705
• Improve annotations for methods returning copies. #1880
• urlize does not add mailto: to values like @a@b. #1870
• Tests decorated with @pass_context can be used with the |select filter. #1624
• Using set for multiple assignment (a, b = 1, 2) does not fail when the target is a namespace attribute. #1413
• Using set in all branches of {% if %}{% elif %}{% else %} blocks does not cause the variable to be considered initially undefined. #1253

3.1.4

This is the Jinja 3.1.4 security release, which fixes security issues and bugs but does not otherwise change behavior and should not result in breaking changes.

PyPI: https://pypi.org/project/Jinja2/3.1.4/ Changes: https://jinja.palletsprojects.com/en/3.1.x/changes/#version-3-1-4

• The xmlattr filter does not allow keys with / solidus, > greater-than sign, or = equals sign, in addition to disallowing spaces. Regardless of any validation done by Jinja, user input should never be used as keys to this filter, or must be separately validated first. GHSA-h75v-3vvj-5mfj

Changelog

Sourced from jinja2's changelog.

Version 3.1.6

Released 2025-03-05

• The |attr filter does not bypass the environment's attribute lookup, allowing the sandbox to apply its checks. :ghsa:cpwx-vrp4-4pq7

Version 3.1.5

Released 2024-12-21

• The sandboxed environment handles indirect calls to str.format, such as by passing a stored reference to a filter that calls its argument. :ghsa:q2x7-8rv6-6q7h
• Escape template name before formatting it into error messages, to avoid issues with names that contain f-string syntax. :issue:1792, :ghsa:gmj6-6f8f-6699
• Sandbox does not allow clear and pop on known mutable sequence types. :issue:2032
• Calling sync render for an async template uses asyncio.run. :pr:1952
• Avoid unclosed auto_aiter warnings. :pr:1960
• Return an aclose-able AsyncGenerator from Template.generate_async. :pr:1960
• Avoid leaving root_render_func() unclosed in Template.generate_async. :pr:1960
• Avoid leaving async generators unclosed in blocks, includes and extends. :pr:1960
• The runtime uses the correct concat function for the current environment when calling block references. :issue:1701
• Make |unique async-aware, allowing it to be used after another async-aware filter. :issue:1781
• |int filter handles OverflowError from scientific notation. :issue:1921
• Make compiling deterministic for tuple unpacking in a {% set ... %} call. :issue:2021
• Fix dunder protocol (copy/pickle/etc) interaction with Undefined objects. :issue:2025
• Fix copy/pickle support for the internal missing object. :issue:2027
• Environment.overlay(enable_async) is applied correctly. :pr:2061
• The error message from FileSystemLoader includes the paths that were searched. :issue:1661
• PackageLoader shows a clearer error message when the package does not contain the templates directory. :issue:1705
• Improve annotations for methods returning copies. :pr:1880
• urlize does not add mailto: to values like @a@b. :pr:1870

... (truncated)

Commits

• 1520688 release version 3.1.6
• 90457bb Merge commit from fork
• 065334d attr filter uses env.getattr
• 033c200 start version 3.1.6
• bc68d4e use global contributing guide (#2070)
• 247de5e use global contributing guide
• ab8218c use project advisory link instead of global
• b4ffc8f release version 3.1.5 (#2066)
• 877f6e5 release version 3.1.5
• 8d58859 remove test pypi
• Additional commits viewable in compare view

Updates jupyterlab from 4.1.8 to 4.4.8

Release notes

Sourced from jupyterlab's releases.

v4.4.8

4.4.8

(Full Changelog)

Bugs fixed

• Debugger: Only send the configurationDone message once as per the DAP #17912 (@​martinRenou)
• Fix output prompt overlay height for large outputs #17863 (@​Meriem-BenIsmail)
• Prevent overlay of content from other columns when renaming a file in the file browser #17857 (@​CrafterKolyan)
• Fix notebook toolbar item order #17866 (@​Darshan808)

Maintenance and upkeep improvements

• Ignore npmjs.com in check-links #17915 (@​jtpio)

Documentation improvements

• Add JupyterCon banner and Jupyter colors #17906 (@​choldgraf)

Contributors to this release

(GitHub contributors page for this release)

@​brichet | @​github-actions | @​HaudinFlorence | @​jtpio | @​jupyterlab-probot | @​krassowski | @​martinRenou | @​meeseeksmachine | @​Meriem-BenIsmail | @​williamstein

v4.4.7

4.4.7

(Full Changelog)

Enhancements made

• Update to mermaid 11.10, marked 16.2 #17813 (@​bollwyvl)

Bugs fixed

• Change default line wrap in default editor config #17818 (@​gjmooney)
• Select file and accept dialog on file double click in FileDialog.getOpenFiles #17844 (@​martinRenou)
• Fix broken toolbar updates due to missing 'clear' cases in switch statements for ObservableList #17837 (@​Darshan808)
• Send code to console #17824 (@​gjmooney)
• Clear incomplete execution metadata when splitting running cells #17804 (@​Darshan808)
• Don't create empty page_config in sys_prefix when disabled is empty #17791 (@​gjmooney)

Documentation improvements

... (truncated)

Commits

• a889bb5 [ci skip] Publish 4.4.8
• 51c585b Fix integrity
• f8841dc Merge commit from fork
• 526a3d7 Backport PR #17915: Ignore npmjs.com in check-links (#17921)
• 911ff90 Backport PR #17912: Debugger: Only send the configurationDone message once ...
• 2d0ff31 Backport PR #17906: Add JupyterCon banner and Jupyter colors (#17908)
• 276b38c Backport PR #17863: Fix output prompt overlay height for large outputs (#17889)
• 88f58b1 Backport PR #17857: Prevent overlay of content from other columns when renami...
• baf78ec Backport PR #17866: Fix notebook toolbar item order (#17872)
• 30d1f70 [ci skip] Publish 4.4.7
• Additional commits viewable in compare view

Updates nbconvert from 7.16.3 to 7.16.6

Release notes

Sourced from nbconvert's releases.

v7.16.6

7.16.6

(Full Changelog)

Bugs fixed

• Prevent leading whitespace in markdown code blocks from being stripped #2203 (@​peytondmurray)
• Fix bullet list parsing in markdown #2177 (@​douglas-raillard-arm)
• Fix crash when running with optimization #2160 (@​QuLogic)

Maintenance and upkeep improvements

• remove any twitter mention #2206 (@​Carreau)
• Update base.tex.j2 for macro compatibility with newer versions of Pandoc #2196 (@​PetalAdrift)

Contributors to this release

(GitHub contributors page for this release)

@​Carreau | @​douglas-raillard-arm | @​gabemorris12 | @​krassowski | @​PetalAdrift | @​peytondmurray | @​QuLogic

v7.16.5

7.16.5

(Full Changelog)

Enhancements made

• Add support for mistune 3.1.0 #2199 (@​fcollonval)
• Allow including text/x-rst outputs in rst conversion, transition away from text/restructuredtext #2167 (@​takluyver)

Bugs fixed

• Do not display mathjax overlay #2181 (@​timkpaine)
• Work around pip 24.1 bug which prevents installing pandocfilters 1.4.1 #2168 (@​takluyver)
• Don't die if template path cannot be read #2162 (@​stuaxo)
• Fix markdown2asciidoc function for pandoc >= 3.0 (closes #2017) #2152 (@​thomasjm)

Maintenance and upkeep improvements

• enhancement dep-chain: directly depend on bleach[css], instead of pulling in tinycss2. #2166 (@​xiacunshun)
• chore: update pre-commit hooks #2146 (@​pre-commit-ci)

Contributors to this release

... (truncated)

Changelog

Sourced from nbconvert's changelog.

7.16.6

(Full Changelog)

Bugs fixed

• Prevent leading whitespace in markdown code blocks from being stripped #2203 (@​peytondmurray)
• Fix bullet list parsing in markdown #2177 (@​douglas-raillard-arm)
• Fix crash when running with optimization #2160 (@​QuLogic)

Maintenance and upkeep improvements

• remove any twitter mention #2206 (@​Carreau)
• Update base.tex.j2 for macro compatibility with newer versions of Pandoc #2196 (@​PetalAdrift)

Contributors to this release

(GitHub contributors page for this release)

@​Carreau | @​douglas-raillard-arm | @​gabemorris12 | @​krassowski | @​PetalAdrift | @​peytondmurray | @​QuLogic

7.16.5

(Full Changelog)

Enhancements made

• Add support for mistune 3.1.0 #2199 (@​fcollonval)
• Allow including text/x-rst outputs in rst conversion, transition away from text/restructuredtext #2167 (@​takluyver)

Bugs fixed

• Do not display mathjax overlay #2181 (@​timkpaine)
• Work around pip 24.1 bug which prevents installing pandocfilters 1.4.1 #2168 (@​takluyver)
• Don't die if template path cannot be read #2162 (@​stuaxo)
• Fix markdown2asciidoc function for pandoc >= 3.0 (closes #2017) #2152 (@​thomasjm)

Maintenance and upkeep improvements

• enhancement dep-chain: directly depend on bleach[css], instead of pulling in tinycss2. #2166 (@​xiacunshun)
• chore: update pre-commit hooks #2146 (@​pre-commit-ci)

Contributors to this release

(GitHub contributors page for this release)

@​bollwyvl | @​fcollonval | @​krassowski | @​pre-commit-ci | @​stuaxo | @​t-makaro | @​takluyver | @​thomasjm | @​timkpaine | @​xiacunshun

... (truncated)

Commits

• 2ba5858 Publish 7.16.6
• 01c6ab2 Fix bullet list parsing in markdown (#2177)
• 0b36e8b Fix crash when running with optimization (#2160)
• edd96d1 Update base.tex.j2 for macro compatibility with newer versions of Pandoc (#2196)
• 7ffb70a Prevent leading whitespace in markdown code blocks from being stripped (#2203)
• 9ffb94a remove any twitter mention (#2206)
• 5f508eb Publish 7.16.5
• 18e10f6 Add support for mistune 3.1.0 (#2199)
• 6e5fdb3 Do not display mathjax overlay (#2181)
• e159962 Allow including text/x-rst outputs in rst conversion, transition away from ...
• Additional commits viewable in