eliott/servo
1
0
Fork 0
mirror of https://github.com/servo/servo synced 2026-04-26 01:25:32 +02:00
Code Issues Packages Projects Releases Wiki Activity
Files
ee72fca571f27bf8c3c77014d5f450118464c6ce
servo/python/requirements.txt
dependabot[bot] 4dc82fe2c0 build: bump mako from 1.2.2 to 1.3.11 in /python (#44287) 
Bumps [mako](https://github.com/sqlalchemy/mako) from 1.2.2 to 1.3.11.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/sqlalchemy/mako/releases">mako's
releases</a>.</em></p>
<blockquote>
<h1>1.3.11</h1>
<p>Released: Tue Apr 14 2026</p>
<h2>bug</h2>
<ul>
<li>
<p><strong>[bug] [template]</strong> Fixed issue in
<code>TemplateLookup</code> where a URI with a double-slash
prefix (e.g. <code>//../../</code>) could bypass the directory traversal
check in
<code>Template</code>, allowing reads of arbitrary files outside of the
template directory. The issue was caused by an inconsistency in how
leading
slashes were stripped between <code>TemplateLookup.get_template()</code>
and
<code>Template</code> initialization.</p>
<p>References: <a
href="https://redirect.github.com/sqlalchemy/mako/issues/434">#434</a></p>
</li>
</ul>
<h1>1.3.10</h1>
<p>Released: Thu Apr 10 2025</p>
<h2>bug</h2>
<ul>
<li>
<p><strong>[bug] [lexer]</strong> Fix undefined variable errors when
<code>strict_undefined=True</code> when using a
nested list comprehension. Pull request courtesy Sébastien Granjoux.</p>
<p>References: <a
href="https://redirect.github.com/sqlalchemy/mako/issues/418">#418</a></p>
</li>
</ul>
<h1>1.3.9</h1>
<p>Released: Tue Feb 4 2025</p>
<h2>bug</h2>
<ul>
<li>
<p><strong>[bug] [tests]</strong> Fixed test suite to not rely upon
ancient &quot;future division&quot; statement to
test the <code>Template.future_imports</code> feature.   The test is
replaced with one that tests only the rendering, not the ultimate
effect.</p>
<p>References: <a
href="https://redirect.github.com/sqlalchemy/mako/issues/408">#408</a></p>
</li>
</ul>
<h1>1.3.8</h1>
<p>Released: Sat Dec 7 2024</p>
<h2>bug</h2>
<ul>
<li><strong>[bug] [lexer]</strong> Reverted the fix for <a
href="https://redirect.github.com/sqlalchemy/mako/issues/140">#140</a>
released in Mako 1.3.7 as it produced
regressions in existing user code.</li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li>See full diff in <a
href="https://github.com/sqlalchemy/mako/commits">compare view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=mako&package-manager=pip&previous-version=1.2.2&new-version=1.3.11)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the
[Security Alerts page](https://github.com/servo/servo/network/alerts).

</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-04-16 21:59:55 +00:00

43 lines
756 B
Plaintext
Raw Blame History

# Ensure all versions are pinned for repeatability,
# since `--system-site-packages` is enabled
blessed == 1.20.0
distro == 1.4
mozinfo == 1.2.3
mozlog == 8.1.0
setuptools == 78.1.1
toml == 0.9.2
# these are copied from tests/wpt/tests/tools/wptrunner/requirements_firefox.txt
mozleak == 0.2
mozrunner == 8.4.0
mozversion == 2.4.0
mozcrash == 2.2.1
redo == 3.0.0
# For Python linting and formatting
ruff == 0.11.10
# For test-webidl
ply == 3.8
# For Cross-platform colored terminal text
colorama == 0.3.7
# For Python3 compatibility
six == 1.16
# For wpt scripts and their tests.
flask
requests
types-requests
# For mach package on macOS.
Mako == 1.3.11
# For devtools tests.
geckordp == 1.0.3
# For Python static type checking
pyrefly == 0.23.1
Reference in New Issue View Git Blame Copy Permalink