Sourced from arrow's releases.

Version 0.15.1

• [FIX] Fixed a bug that caused Arrow to fail when passed a negative timestamp string.
• [FIX] Fixed a bug that caused Arrow to fail when passed a datetime object with tzinfo of type StaticTzInfo.

Version 0.15.0

• [NEW] Added support for DDD and DDDD ordinal date tokens. The following functionality is now possible: arrow.get("1998-045"), arrow.get("1998-45", "YYYY-DDD"), arrow.get("1998-045", "YYYY-DDDD").
• [NEW] ISO 8601 basic format for dates and times is now supported (e.g. YYYYMMDDTHHmmssZ).
• [NEW] Added humanize week granularity translations for French, Russian and Swiss German locales.
• [CHANGE] Timestamps of type str are no longer supported without a format string in the arrow.get() method. This change was made to support the ISO 8601 basic format and to address bugs such as #447.

# will NOT work in v0.15.0
arrow.get("1565358758")
arrow.get("1565358758.123413")
will work in v0.15.0
arrow.get("1565358758", "X")
arrow.get("1565358758.123413", "X")
arrow.get(1565358758)
arrow.get(1565358758.123413)

• [CHANGE] When a meridian token (a|A) is passed and no meridians are available for the specified locale (e.g. unsupported or untranslated) a ParserError is raised.
• [CHANGE] The timestamp token (X) will now match float timestamps of type str: arrow.get(“1565358758.123415”, “X”).
• [CHANGE] Strings with leading and/or trailing whitespace will no longer be parsed without a format string. Please see the docs for ways to handle this.
• [FIX] The timestamp token (X) will now only match on strings that strictly contain integers and floats, preventing incorrect matches.
• [FIX] Most instances of arrow.get() returning an incorrect Arrow object from a partial parsing match have been eliminated. The following issue have been addressed: #91, #196, #396, #434, #447, #456, #519, #538, #560.

Version 0.14.7

• [CHANGE] ArrowParseWarning will no longer be printed on every call to arrow.get() with a datetime string. The purpose of the warning was to start a conversation about the upcoming 0.15.0 changes and we appreciate all the feedback that the community has given us!

Version 0.14.6

• [NEW] Added support for week granularity in Arrow.humanize(). For example, arrow.utcnow().shift(weeks=-1).humanize(granularity="week") outputs "a week ago". This change introduced two new untranslated words, week and weeks, to all locale dictionaries, so locale contributions are welcome!
• [NEW] Fully translated the Brazilian Portugese locale.
• [CHANGE] Updated the Macedonian locale to inherit from a Slavic base.
• [FIX] Fixed a bug that caused arrow.get() to ignore tzinfo arguments of type string (e.g. arrow.get(tzinfo="Europe/Paris")).
• [FIX] Fixed a bug that occurred when arrow.Arrow() was instantiated with a pytz tzinfo object.
• [FIX] Fixed a bug that caused Arrow to fail when passed a sub-second token, that when rounded, had a value greater than 999999 (e.g. arrow.get("2015-01-12T01:13:15.9999995")). Arrow should now accurately propagate the rounding for large sub-second tokens.

Version 0.14.5

• Added Afrikaans locale.
• Removed deprecated replace shift functionality.
• Fixed bug that occurred when factory.get() was passed a locale kwarg. (#630 )

Version 0.14.4

• Fixed a regression in 0.14.3 that prevented a tzinfo argument of type string to be passed to the get() function. Functionality such as arrow.get("2019072807", "YYYYMMDDHH", tzinfo="UTC") should work as normal again.
• Moved backports.functools_lru_cache dependency from extra_requires to install_requires for Python 2.7 installs to fix #495.

Version 0.14.3

• Added full support for Python 3.8.

... (truncated)

Sourced from arrow's changelog.

0.15.1 (2019-09-10)

• [NEW] Added humanize week granularity translations for Japanese.
• [FIX] Fixed a bug that caused Arrow to fail when passed a negative timestamp string.
• [FIX] Fixed a bug that caused Arrow to fail when passed a datetime object with tzinfo of type StaticTzInfo.

0.15.0 (2019-09-08)

• [NEW] Added support for DDD and DDDD ordinal date tokens. The following functionality is now possible: arrow.get("1998-045"), arrow.get("1998-45", "YYYY-DDD"), arrow.get("1998-045", "YYYY-DDDD").
• [NEW] ISO 8601 basic format for dates and times is now supported (e.g. YYYYMMDDTHHmmssZ).
• [NEW] Added humanize week granularity translations for French, Russian and Swiss German locales.
• [CHANGE] Timestamps of type str are no longer supported without a format string in the arrow.get() method. This change was made to support the ISO 8601 basic format and to address bugs such as [#447](https://github.com/arrow-py/arrow/issues/447) <https://github.com/arrow-py/arrow/issues/447>_.

The following will NOT work in v0.15.0:

.. code-block:: python

>>> arrow.get("1565358758")
>>> arrow.get("1565358758.123413")

The following will work in v0.15.0:

.. code-block:: python

>>> arrow.get("1565358758", "X")
>>> arrow.get("1565358758.123413", "X")
>>> arrow.get(1565358758)
>>> arrow.get(1565358758.123413)

• [CHANGE] When a meridian token (a|A) is passed and no meridians are available for the specified locale (e.g. unsupported or untranslated) a ParserError is raised.
• [CHANGE] The timestamp token (X) will now match float timestamps of type str: arrow.get(“1565358758.123415”, “X”).
• [CHANGE] Strings with leading and/or trailing whitespace will no longer be parsed without a format string. Please see the docs <https://arrow.readthedocs.io/#regular-expressions>_ for ways to handle this.
• [FIX] The timestamp token (X) will now only match on strings that strictly contain integers and floats, preventing incorrect matches.
• [FIX] Most instances of arrow.get() returning an incorrect Arrow object from a partial parsing match have been eliminated. The following issue have been addressed: [#91](https://github.com/arrow-py/arrow/issues/91) <https://github.com/arrow-py/arrow/issues/91>, [#196](https://github.com/arrow-py/arrow/issues/196) <https://github.com/arrow-py/arrow/issues/196>, [#396](https://github.com/arrow-py/arrow/issues/396) <https://github.com/arrow-py/arrow/issues/396>, [#434](https://github.com/arrow-py/arrow/issues/434) <https://github.com/arrow-py/arrow/issues/434>, [#447](https://github.com/arrow-py/arrow/issues/447) <https://github.com/arrow-py/arrow/issues/447>, [#456](https://github.com/arrow-py/arrow/issues/456) <https://github.com/arrow-py/arrow/issues/456>, [#519](https://github.com/arrow-py/arrow/issues/519) <https://github.com/arrow-py/arrow/issues/519>, [#538](https://github.com/arrow-py/arrow/issues/538) <https://github.com/arrow-py/arrow/issues/538>, [#560](https://github.com/arrow-py/arrow/issues/560) <https://github.com/arrow-py/arrow/issues/560>_.

0.14.7 (2019-09-04)

• [CHANGE] ArrowParseWarning will no longer be printed on every call to arrow.get() with a datetime string. The purpose of the warning was to start a conversation about the upcoming 0.15.0 changes and we appreciate all the feedback that the community has given us!

0.14.6 (2019-08-28)

• [NEW] Added support for week granularity in Arrow.humanize(). For example, arrow.utcnow().shift(weeks=-1).humanize(granularity="week") outputs "a week ago". This change introduced two new untranslated words, week and weeks, to all locale dictionaries, so locale contributions are welcome!
• [NEW] Fully translated the Brazilian Portuguese locale.
• [CHANGE] Updated the Macedonian locale to inherit from a Slavic base.
• [FIX] Fixed a bug that caused arrow.get() to ignore tzinfo arguments of type string (e.g. arrow.get(tzinfo="Europe/Paris")).
• [FIX] Fixed a bug that occurred when arrow.Arrow() was instantiated with a pytz tzinfo object.

... (truncated)

• 96e19e8 Merge pull request #665 from jadchaar/version-0.15.1
• 5b0d2a7 Merge pull request #664 from jadchaar/tzinfo-zone
• 15fae21 Prep 0.15.1 release
• f49cd84 Renamed variable
• dafdb69 Fix bug with tzinfo.zone
• 256e53f Merge pull request #663 from JBKahn/patch-1
• 1974316 linting
• 45d12d4 Update parser_tests.py
• d856efa Update parser.py
• 9b05216 Add Japanese translations for week(s) (#659)
• Additional commits viewable in compare view

• d43c7c7 release 7.16.3
• 5fa1e40 Merge pull request from GHSA-pq7m-3gw7-gq5x
• 8df8971 back to dev
• 9f477b7 release 7.16.2
• 138f266 bring back release helper from master branch
• 5aa3634 Merge pull request #13341 from meeseeksmachine/auto-backport-of-pr-13335-on-7...
• bcae8e0 Backport PR #13335: What's new 7.16.2
• 8fcdcd3 Pin Jedi to <0.17.2.
• 2486838 release 7.16.1
• 20bdc6f fix conda build
• Additional commits viewable in compare view

Sourced from flask-cors's releases.

Release 3.0.9

Security

• Escape path before evaluating resource rules (thanks @​praetorian-colby-morgan). Prior to this, flask-cors incorrectly evaluated CORS resource matching before path expansion. E.g. "/api/../foo.txt" would incorrectly match resources for "/api/*" whereas the path actually expands simply to "/foo.txt"

Release 3.0.8

Fixes DeprecationWarning: Using or importing the ABCs from 'collections' instead of from 'collections.abc' is deprecated, and in 3.8 it will stop working

Thank you @​juanmaneo and @​jdevera!

Sourced from flask-cors's changelog.

3.0.9

Security

• Escape path before evaluating resource rules (thanks to Colby Morgan). Prior to this, flask-cors incorrectly evaluated CORS resource matching before path expansion. E.g. "/api/../foo.txt" would incorrectly match resources for "/api/*" whereas the path actually expands simply to "/foo.txt"

3.0.8

Fixes : DeprecationWarning: Using or importing the ABCs from 'collections' in Python 3.7. Thank you @​juanmaneo and @​jdevera for the contribution.

• 91babb9 Update Api docs for credentialed requests (#221)
• 522d989 Release version 3.0.9 (#273)
• 67c4b2c Fix request path normalization (#272)
• 5c6e05e docs: Fix simple typo, garaunteed -> guaranteed
• 566aef2 Fixed over-indentation
• 8a4e6e7 Update changelog to give proper kudos to @​juanmaneo and @​jdevera
• c93f4e4 Fix DeprecationWarning on python 3.7 for python 3.8
• See full diff in compare view

Sourced from pygments's releases.

2.7.4

• Updated lexers:

  • Apache configurations: Improve handling of malformed tags (#1656)

  • CSS: Add support for variables (#1633, #1666)

  • Crystal (#1650, #1670)

  • Coq (#1648)

  • Fortran: Add missing keywords (#1635, #1665)

  • Ini (#1624)

  • JavaScript and variants (#1647 -- missing regex flags, #1651)

  • Markdown (#1623, #1617)

  • Shell

    • Lex trailing whitespace as part of the prompt (#1645)
    • Add missing in keyword (#1652)

  • SQL - Fix keywords (#1668)

  • Typescript: Fix incorrect punctuation handling (#1510, #1511)

• Fix infinite loop in SML lexer (#1625)

• Fix backtracking string regexes in JavaScript/TypeScript, Modula2 and many other lexers (#1637)

• Limit recursion with nesting Ruby heredocs (#1638)

• Fix a few inefficient regexes for guessing lexers

• Fix the raw token lexer handling of Unicode (#1616)

• Revert a private API change in the HTML formatter (#1655) -- please note that private APIs remain subject to change!

• Fix several exponential/cubic-complexity regexes found by Ben Caller/Doyensec (#1675)

• Fix incorrect MATLAB example (#1582)

Thanks to Google's OSS-Fuzz project for finding many of these bugs.

2.7.3

• Updated lexers:

  • Ada (#1581)
  • HTML (#1615, #1614)
  • Java (#1594, #1586)
  • JavaScript (#1605, #1589, #1588)
  • JSON (#1569 -- this is a complete rewrite)
  • Lean (#1601)
  • LLVM (#1612)
  • Mason (#1592)
  • MySQL (#1555, #1551)
  • Rust (#1608)
  • Turtle (#1590, #1553)

• Deprecated JsonBareObjectLexer, which is now identical to JsonLexer (#1600)

• The ImgFormatter now calculates the exact character width, which fixes some issues with overlapping text (#1213, #1611)

... (truncated)

Sourced from pygments's changelog.

Version 2.7.4

(released January 12, 2021)

• Updated lexers:

  • Apache configurations: Improve handling of malformed tags (#1656)

  • CSS: Add support for variables (#1633, #1666)

  • Crystal (#1650, #1670)

  • Coq (#1648)

  • Fortran: Add missing keywords (#1635, #1665)

  • Ini (#1624)

  • JavaScript and variants (#1647 -- missing regex flags, #1651)

  • Markdown (#1623, #1617)

  • Shell

    • Lex trailing whitespace as part of the prompt (#1645)
    • Add missing in keyword (#1652)

  • SQL - Fix keywords (#1668)

  • Typescript: Fix incorrect punctuation handling (#1510, #1511)

• Fix infinite loop in SML lexer (#1625)

• Fix backtracking string regexes in JavaScript/TypeScript, Modula2 and many other lexers (#1637)

• Limit recursion with nesting Ruby heredocs (#1638)

• Fix a few inefficient regexes for guessing lexers

• Fix the raw token lexer handling of Unicode (#1616)

• Revert a private API change in the HTML formatter (#1655) -- please note that private APIs remain subject to change!

• Fix several exponential/cubic-complexity regexes found by Ben Caller/Doyensec (#1675)

• Fix incorrect MATLAB example (#1582)

Thanks to Google's OSS-Fuzz project for finding many of these bugs.

Version 2.7.3

(released December 6, 2020)

• Updated lexers:

  • Ada (#1581)
  • HTML (#1615, #1614)
  • Java (#1594, #1586)
  • JavaScript (#1605, #1589, #1588)
  • JSON (#1569 -- this is a complete rewrite)
  • Lean (#1601)
  • LLVM (#1612)
  • Mason (#1592)

... (truncated)

• 4d555d0 Bump version to 2.7.4.
• fc3b05d Update CHANGES.
• ad21935 Revert "Added dracula theme style (#1636)"
• e411506 Prepare for 2.7.4 release.
• 275e34d doc: remove Perl 6 ref
• 2e7e8c4 Fix several exponential/cubic complexity regexes found by Ben Caller/Doyensec
• eb39c43 xquery: fix pop from empty stack
• 2738778 fix coding style in test_analyzer_lexer
• 02e0f09 Added 'ERROR STOP' to fortran.py keywords. (#1665)
• c83fe48 support added for css variables (#1633)
• Additional commits viewable in compare view

Sourced from jinja2's releases.

2.11.3

This contains a fix for a speed issue with the urlize filter. urlize is likely to be called on untrusted user input. For certain inputs some of the regular expressions used to parse the text could take a very long time due to backtracking. As part of the fix, the email matching became slightly stricter. The various speedups apply to urlize in general, not just the specific input cases.

• PyPI: https://pypi.org/project/Jinja2/2.11.3/
• Changes: https://jinja.palletsprojects.com/en/2.11.x/changelog/#version-2-11-3

2.11.2

• Changelog: https://jinja.palletsprojects.com/en/2.11.x/changelog/#version-2-11-2

2.11.1

This fixes an issue in async environment when indexing the result of an attribute lookup, like {{ data.items[1:] }}.

• Changes: https://jinja.palletsprojects.com/en/2.11.x/changelog/#version-2-11-1

2.11.0

• Changes: https://jinja.palletsprojects.com/en/2.11.x/changelog/#version-2-11-0
• Blog: https://palletsprojects.com/blog/jinja-2-11-0-released/
• Twitter: https://twitter.com/PalletsTeam/status/1221883554537230336

This is the last version to support Python 2.7 and 3.5. The next version will be Jinja 3.0 and will support Python 3.6 and newer.

2.10.3

• Changes: http://jinja.palletsprojects.com/en/2.10.x/changelog/#version-2-10-3

2.10.2

• Changes: http://jinja.palletsprojects.com/en/2.10.x/changelog/#version-2-10-2

Sourced from jinja2's changelog.

Version 2.11.3

Released 2021-01-31

• Improve the speed of the urlize filter by reducing regex backtracking. Email matching requires a word character at the start of the domain part, and only word characters in the TLD. :pr:1343

Version 2.11.2

Released 2020-04-13

• Fix a bug that caused callable objects with __getattr__, like :class:~unittest.mock.Mock to be treated as a :func:contextfunction. :issue:1145
• Update wordcount filter to trigger :class:Undefined methods by wrapping the input in :func:soft_str. :pr:1160
• Fix a hang when displaying tracebacks on Python 32-bit. :issue:1162
• Showing an undefined error for an object that raises AttributeError on access doesn't cause a recursion error. :issue:1177
• Revert changes to :class:~loaders.PackageLoader from 2.10 which removed the dependency on setuptools and pkg_resources, and added limited support for namespace packages. The changes caused issues when using Pytest. Due to the difficulty in supporting Python 2 and :pep:451 simultaneously, the changes are reverted until 3.0. :pr:1182
• Fix line numbers in error messages when newlines are stripped. :pr:1178
• The special namespace() assignment object in templates works in async environments. :issue:1180
• Fix whitespace being removed before tags in the middle of lines when lstrip_blocks is enabled. :issue:1138
• :class:~nativetypes.NativeEnvironment doesn't evaluate intermediate strings during rendering. This prevents early evaluation which could change the value of an expression. :issue:1186

Version 2.11.1

Released 2020-01-30

• Fix a bug that prevented looking up a key after an attribute ({{ data.items[1:] }}) in an async template. :issue:1141

... (truncated)

• cf21539 release version 2.11.3
• 15ef8f0 Merge pull request #1343 from pallets/urlize-speedup
• ef658dc speed up urlize matching
• eeca0fe Merge pull request #1207 from mhansen/patch-1
• 2dd7691 Merge pull request #1209 from mhansen/patch-3
• 4892940 do_dictsort: update example ready to copy/paste
• 7db7d33 api.rst: bugfix in docs, import PackageLoader
• 9ec465b fix changelog header
• 737a4cd release version 2.11.2
• 179df6b Merge pull request #1190 from pallets/native-eval
• Additional commits viewable in compare view