Initial Update

[pyup-bot]

This is my first visit to this fine repo so I have bundled all updates in a single pull request to make things easier for you to merge.

Close this pull request and delete the branch if you want me to start with single pull requests right away

Here's the executive summary:

Updates

Here's a list of all the updates bundled in this pull request. I've added some links to make it easier for you to find all the information you need.

Jinja2	2.7.1	»	2.9.5	PyPI | Changelog | Homepage
mistune	0.7.1	»	0.7.3	PyPI | Changelog | Repo

Changelogs

Jinja2 2.7.1 -> 2.9.5

2.9.5

---

(bugfix release, released on January 28th 2017)

• Restored the original repr of the internal _GroupTuple because this
  caused issues with ansible and it was an unintended change. (654)
• Added back support for custom contexts that override the old resolve
  method since it was hard for people to spot that this could cause a
  regression.
• Correctly use the buffer for the else block of for loops. This caused
  invalid syntax errors to be caused on 2.x and completely wrong behavior
  on Python 3 (669)
• Resolve an issue where the {% extends %} tag could not be used with
  async environments. (668)
• Reduce memory footprint slightly by reducing our unicode database dump
  we use for identifier matching on Python 3 (666)
• Fixed autoescaping not working for macros in async compilation mode. (671)

2.9.4

---

(bugfix release, released on January 10th 2017)

• Solved some warnings for string literals. (646)
• Increment the bytecode cache version which was not done due to an
  oversight before.
• Corrected bad code generation and scoping for filtered loops. (649)
• Resolved an issue where top-level output silencing after known extend
  blocks could generate invalid code when blocks where contained in if
  statements. (651)
• Made the truncate.leeway default configurable to improve compatibility
  with older templates.

2.9.3

---

(bugfix release, released on January 8th 2017)

• Restored the use of blocks in macros to the extend that was possible
  before. On Python 3 it would render a generator repr instead of
  the block contents. (645)
• Set a consistent behavior for assigning of variables in inner scopes
  when the variable is also read from an outer scope. This now sets the
  intended behavior in all situations however it does not restore the
  old behavior where limited assignments to outer scopes was possible.
  For more information and a discussion see 641
• Resolved an issue where block scoped would not take advantage of the
  new scoping rules. In some more exotic cases a variable overriden in a
  local scope would not make it into a block.
• Change the code generation of the with statement to be in line with the
  new scoping rules. This resolves some unlikely bugs in edge cases. This
  also introduces a new internal With node that can be used by extensions.

2.9.2

---

(bugfix release, released on January 8th 2017)

• Fixed a regression that caused for loops to not be able to use the same
  variable for the target as well as source iterator. (640)
• Add support for a previously unknown behavior of macros. It used to be
  possible in some circumstances to explicitly provide a caller argument
  to macros. While badly buggy and unintended it turns out that this is a
  common case that gets copy pasted around. To not completely break backwards
  compatibility with the most common cases it's now possible to provide an
  explicit keyword argument for caller if it's given an explicit default.
  (642)

2.9.1

---

(bugfix release, released on January 7th 2017)

• Resolved a regression with call block scoping for macros. Nested caller
  blocks that used the same identifiers as outer macros could refer to the
  wrong variable incorrectly.

2.9

---

(codename Derivation, released on January 7th 2017)

• Change cache key definition in environment. This fixes a performance
  regression introduced in 2.8.
• Added support for generator_stop on supported Python versions
  (Python 3.5 and later)
• Corrected a long standing issue with operator precedence of math operations
  not being what was expected.
• Added support for Python 3.6 async iterators through a new async mode.
• Added policies for filter defaults and similar things.
• urlize now sets "rel noopener" by default.
• Support attribute fallback for old-style classes in 2.x.
• Support toplevel set statements in extend situations.
• Restored behavior of Cycler for Python 3 users.
• Subtraction now follows the same behavior as other operators on undefined
  values.
• map and friends will now give better error messages if you forgot to
  quote the parameter.
• Depend on MarkupSafe 0.23 or higher.
• Improved the truncate filter to support better truncation in case
  the string is barely truncated at all.
• Change the logic for macro autoescaping to be based on the runtime
  autoescaping information at call time instead of macro define time.
• Ported a modified version of the tojson filter from Flask to Jinja2
  and hooked it up with the new policy framework.
• Block sets are now marked safe by default.
• On Python 2 the asciification of ASCII strings can now be disabled with
  the compiler.ascii_str policy.
• Tests now no longer accept an arbitrary expression as first argument but
  a restricted one. This means that you can now properly use multiple
  tests in one expression without extra parentheses. In particular you can
  now write foo is divisibleby 2 or foo is divisibleby 3
  as you would expect.
• Greatly changed the scoping system to be more consistent with what template
  designers and developers expect. There is now no more magic difference
  between the different include and import constructs. Context is now always
  propagated the same way. The only remaining differences is the defaults
  for with context and without context.
• The with and autoescape tags are now built-in.
• Added the new select_autoescape function which helps configuring better
  autoescaping easier.

2.8.2

---

(bugfix release, unreleased)

• Fixed a runtime error in the sandbox when attributes of async generators
  were accessed.

2.8.1

---

(bugfix release, released on December 29th 2016)

• Fixed the for_qs flag for urlencode.
• Fixed regression when applying int to non-string values.
• SECURITY: if the sandbox mode is used format expressions are now sandboxed
  with the same rules as in Jinja. This solves various information leakage
  problems that can occur with format strings.

2.8

---

(codename Replacement, released on July 26th 2015)

• Added target parameter to urlize function.
• Added support for followsymlinks to the file system loader.
• The truncate filter now counts the length.
• Added equalto filter that helps with select filters.
• Changed cache keys to use absolute file names if available
  instead of load names.
• Fixed loop length calculation for some iterators.
• Changed how Jinja2 enforces strings to be native strings in
  Python 2 to work when people break their default encoding.
• Added :func:make_logging_undefined which returns an undefined
  object that logs failures into a logger.
• If unmarshalling of cached data fails the template will be
  reloaded now.
• Implemented a block set tag.
• Default cache size was increased to 400 from a low 50.
• Fixed is number test to accept long integers in all Python versions.
• Changed is number to accept Decimal as a number.
• Added a check for default arguments followed by non-default arguments. This
  change makes {% macro m(x, y=1, z) %}...{% endmacro %} a syntax error. The
  previous behavior for this code was broken anyway (resulting in the default
  value being applied to y).
• Add ability to use custom subclasses of jinja2.compiler.CodeGenerator and
  jinja2.runtime.Context by adding two new attributes to the environment
  (code_generator_class and context_class) (pull request 404).
• added support for context/environment/evalctx decorator functions on
  the finalize callback of the environment.
• escape query strings for urlencode properly. Previously slashes were not
  escaped in that place.
• Add 'base' parameter to 'int' filter.

2.7.3

---

(bugfix release, released on June 6th 2014)

• Security issue: Corrected the security fix for the cache folder. This
  fix was provided by RedHat.

2.7.2

---

(bugfix release, released on January 10th 2014)

• Prefix loader was not forwarding the locals properly to
  inner loaders. This is now fixed.
• Security issue: Changed the default folder for the filesystem cache to be
  user specific and read and write protected on UNIX systems. See Debian bug 734747_ for more information.

.. _Debian bug 734747: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=734747

mistune 0.7.1 -> 0.7.3

0.7.3

Released on Jun. 28, 2016

• Fix strikethrough regex
• Fix HTML attribute regex
• Fix close tag regex

0.7.2

Released on Feb. 26, 2016

• Fix hard_wrap options on renderer.
• Fix emphasis regex pattern
• Fix base64 image link 80_.
• Fix link security per 87_.

.. _80: lepture/mistune#80
.. _87: lepture/mistune#87

Once you have closed this pull request, I'll create seperate pull requests for every update as soon as I find them.

That's it for now!

Happy merging! 🤖

[chadwhitacre]

Closing per gratipay/gratipay.com#4376 (comment).