Update dependency jinja2 to v2.11.3

[dev-mend-for-github-com]

This PR contains the following updates:

Package	Update	Change
jinja2 (changelog)	minor	==2.10 -> ==2.11.3

By merging this PR, the issue #7 will be automatically resolved and closed:

Severity	CVSS Score	CVE
High	8.6	CVE-2019-10906
Medium	5.3	CVE-2020-28493

---

Release Notes

pallets/jinja (jinja2)

v2.11.3

Compare Source

Released 2021-01-31

• Improve the speed of the urlize filter by reducing regex
  backtracking. Email matching requires a word character at the start
  of the domain part, and only word characters in the TLD. :pr:1343

v2.11.2

Compare Source

Released 2020-04-13

• Fix a bug that caused callable objects with __getattr__, like
  :class:~unittest.mock.Mock to be treated as a
  :func:contextfunction. :issue:1145
• Update wordcount filter to trigger :class:Undefined methods
  by wrapping the input in :func:soft_str. :pr:1160
• Fix a hang when displaying tracebacks on Python 32-bit.
  :issue:1162
• Showing an undefined error for an object that raises
  AttributeError on access doesn't cause a recursion error.
  :issue:1177
• Revert changes to :class:~loaders.PackageLoader from 2.10 which
  removed the dependency on setuptools and pkg_resources, and added
  limited support for namespace packages. The changes caused issues
  when using Pytest. Due to the difficulty in supporting Python 2 and
  :pep:451 simultaneously, the changes are reverted until 3.0.
  :pr:1182
• Fix line numbers in error messages when newlines are stripped.
  :pr:1178
• The special namespace() assignment object in templates works in
  async environments. :issue:1180
• Fix whitespace being removed before tags in the middle of lines when
  lstrip_blocks is enabled. :issue:1138
• :class:~nativetypes.NativeEnvironment doesn't evaluate
  intermediate strings during rendering. This prevents early
  evaluation which could change the value of an expression.
  :issue:1186

v2.11.1

Compare Source

Released 2020-01-30

• Fix a bug that prevented looking up a key after an attribute
  ({{ data.items[1:] }}) in an async template. :issue:1141

v2.11.0

Compare Source

Released 2020-01-27

• Drop support for Python 2.6, 3.3, and 3.4. This will be the last
  version to support Python 2.7 and 3.5.
• Added a new ChainableUndefined class to support getitem and
  getattr on an undefined object. :issue:977
• Allow {%+ syntax (with NOP behavior) when lstrip_blocks is
  disabled. :issue:748
• Added a default parameter for the map filter. :issue:557
• Exclude environment globals from
  :func:meta.find_undeclared_variables. :issue:931
• Float literals can be written with scientific notation, like
  2.56e-3. :issue:912, :pr:922
• Int and float literals can be written with the '_' separator for
  legibility, like 12_345. :pr:923
• Fix a bug causing deadlocks in LRUCache.setdefault. :pr:1000
• The trim filter takes an optional string of characters to trim.
  :pr:828
• A new jinja2.ext.debug extension adds a {% debug %} tag to
  quickly dump the current context and available filters and tests.
  :issue:174, :pr:798, 983
• Lexing templates with large amounts of whitespace is much faster.
  :issue:857, :pr:858
• Parentheses around comparisons are preserved, so
  {{ 2 * (3 < 5) }} outputs "2" instead of "False".
  :issue:755, :pr:938
• Add new boolean, false, true, integer and float
  tests. :pr:824
• The environment's finalize function is only applied to the
  output of expressions (constant or not), not static template data.
  :issue:63
• When providing multiple paths to FileSystemLoader, a template
  can have the same name as a directory. :issue:821
• Always return :class:Undefined when omitting the else clause
  in a {{ 'foo' if bar }} expression, regardless of the
  environment's undefined class. Omitting the else clause is a
  valid shortcut and should not raise an error when using
  :class:StrictUndefined. :issue:710, :pr:1079
• Fix behavior of loop control variables such as length and
  revindex0 when looping over a generator. :issue:459, 751, 794,
  :pr:993
• Async support is only loaded the first time an environment enables
  it, in order to avoid a slow initial import. :issue:765
• In async environments, the |map filter will await the filter
  call if needed. :pr:913
• In for loops that access loop attributes, the iterator is not
  advanced ahead of the current iteration unless length,
  revindex, nextitem, or last are accessed. This makes it
  less likely to break groupby results. :issue:555, :pr:1101
• In async environments, the loop attributes length and
  revindex work for async iterators. :pr:1101
• In async environments, values from attribute/property access will
  be awaited if needed. :pr:1101
• :class:~loader.PackageLoader doesn't depend on setuptools or
  pkg_resources. :issue:970
• PackageLoader has limited support for :pep:420 namespace
  packages. :issue:1097
• Support :class:os.PathLike objects in
  :class:~loader.FileSystemLoader and :class:~loader.ModuleLoader.
  :issue:870
• :class:~nativetypes.NativeTemplate correctly handles quotes
  between expressions. "'{{ a }}', '{{ b }}'" renders as the tuple
  ('1', '2') rather than the string '1, 2'. :issue:1020
• Creating a :class:~nativetypes.NativeTemplate directly creates a
  :class:~nativetypes.NativeEnvironment instead of a default
  :class:Environment. :issue:1091
• After calling LRUCache.copy(), the copy's queue methods point to
  the correct queue. :issue:843
• Compiling templates always writes UTF-8 instead of defaulting to the
  system encoding. :issue:889
• |wordwrap filter treats existing newlines as separate paragraphs
  to be wrapped individually, rather than creating short intermediate
  lines. :issue:175
• Add break_on_hyphens parameter to |wordwrap filter.
  :issue:550
• Cython compiled functions decorated as context functions will be
  passed the context. :pr:1108
• When chained comparisons of constants are evaluated at compile time,
  the result follows Python's behavior of returning False if any
  comparison returns False, rather than only the last one.
  :issue:1102
• Tracebacks for exceptions in templates show the correct line numbers
  and source for Python >= 3.7. :issue:1104
• Tracebacks for template syntax errors in Python 3 no longer show
  internal compiler frames. :issue:763
• Add a DerivedContextReference node that can be used by
  extensions to get the current context and local variables such as
  loop. :issue:860
• Constant folding during compilation is applied to some node types
  that were previously overlooked. :issue:733
• TemplateSyntaxError.source is not empty when raised from an
  included template. :issue:457
• Passing an Undefined value to get_template (such as through
  extends, import, or include), raises an
  UndefinedError consistently. select_template will show the
  undefined message in the list of attempts rather than the empty
  string. :issue:1037
• TemplateSyntaxError can be pickled. :pr:1117

v2.10.3

Compare Source

Released 2019-10-04

• Fix a typo in Babel entry point in setup.py that was preventing
  installation.

v2.10.2

Compare Source

Released 2019-10-04

• Fix Python 3.7 deprecation warnings.
• Using range in the sandboxed environment uses xrange on
  Python 2 to avoid memory use. :issue:933
• Use Python 3.7's better traceback support to avoid a core dump when
  using debug builds of Python 3.7. :issue:1050

v2.10.1

Compare Source

Released 2019-04-06

• SandboxedEnvironment securely handles str.format_map in
  order to prevent code execution through untrusted format strings.
  The sandbox already handled str.format.

---

• If you want to rebase/retry this PR, check this box