Update dependency MarkupSafe to v3

[renovate]

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence
MarkupSafe (changelog)	==1.1.1 -> ==3.0.2

---

Release Notes

pallets/markupsafe (MarkupSafe)

v3.0.2

Compare Source

Released 2024-10-18

• Fix compatibility when __str__ returns a str subclass. :issue:472
• Build requires setuptools >= 70.1. :issue:475

v3.0.1

Compare Source

Released 2024-10-08

• Address compiler warnings that became errors in GCC 14. :issue:466
• Fix compatibility with proxy objects. :issue:467

v3.0.0

Compare Source

Released 2024-10-07

• Support Python 3.13 and its experimental free-threaded build. :pr:461
• Drop support for Python 3.7 and 3.8.
• Use modern packaging metadata with pyproject.toml instead of setup.cfg.
  :pr:348
• Change distutils imports to setuptools. :pr:399
• Use deferred evaluation of annotations. :pr:400
• Update signatures for Markup methods to match str signatures. Use
  positional-only arguments. :pr:400
• Some str methods on Markup no longer escape their argument:
  strip, lstrip, rstrip, removeprefix, removesuffix,
  partition, and rpartition; replace only escapes its new
  argument. These methods are conceptually linked to search methods such as
  in, find, and index, which already do not escape their argument.
  :issue:401
• The __version__ attribute is deprecated. Use feature detection, or
  importlib.metadata.version("markupsafe"), instead. :pr:402
• Speed up escaping plain strings by 40%. :pr:434
• Simplify speedups implementation. :pr:437

v2.1.5

Compare Source

Released 2024-02-02

• Fix striptags not collapsing spaces. :issue:417

v2.1.4

Compare Source

Released 2024-01-19

• Don't use regular expressions for striptags, avoiding a performance
  issue. :pr:413

v2.1.3

Compare Source

Released 2023-06-02

• Implement format_map, casefold, removeprefix, and removesuffix
  methods. :issue:370
• Fix static typing for basic str methods on Markup. :issue:358
• Use Self for annotating return types. :pr:379

v2.1.2

Compare Source

Released 2023-01-17

• Fix striptags not stripping tags containing newlines.
  :issue:310

v2.1.1

Compare Source

Released 2022-03-14

• Avoid ambiguous regex matches in striptags. :pr:293

v2.1.0

Compare Source

Released 2022-02-17

• Drop support for Python 3.6. :pr:262
• Remove soft_unicode, which was previously deprecated. Use
  soft_str instead. :pr:261
• Raise error on missing single placeholder during string
  interpolation. :issue:225
• Disable speedups module for GraalPython. :issue:277

v2.0.1

Compare Source

Released 2021-05-18

• Mark top-level names as exported so type checking understands
  imports in user projects. :pr:215
• Fix some types that weren't available in Python 3.6.0. :pr:215

v2.0.0

Compare Source

Released 2021-05-11

• Drop Python 2.7, 3.4, and 3.5 support.
• Markup.unescape uses :func:html.unescape to support HTML5
  character references. :pr:117
• Add type annotations for static typing tools. :pr:149

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[secure-code-warrior-for-github]

Micro-Learning Topic: SQL injection (Detected by phrase)

Matched on "sqli"

What is this? (2min video)

This is probably one of the two most exploited vulnerabilities in web applications and has led to a number of high profile company breaches. It occurs when an application fails to sanitize or validate input before using it to dynamically construct a statement. An attacker that exploits this vulnerability will be able to gain access to the underlying database and view or modify data without permission.

Try a challenge in Secure Code Warrior

Helpful references

• PHP SQL Injection Page - A detailed page on SQL injection in the online PHP manual.
• OWASP SQL Injection Prevention Cheat Sheet - This article is focused on providing clear, simple, actionable guidance for preventing SQL Injection flaws in your applications.
• OWASP SQL Injection - OWASP community page with comprehensive information about SQL injection, and links to various OWASP resources to help detect or prevent it.
• OWASP Query Parameterization Cheat Sheet - A derivative work of the OWASP SQL Injection Prevention Cheat Sheet focused on SQL query parameterization.
• Preventing SQL Injection Attacks With Python - A tutorial on crafting parameterized queries, SQL composition and safe query execution in Python.

[github-actions]

🔐 Secure Code Review (AI)

No eligible code changes.

---

Models can make mistakes. Verify before merging.

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud