Bump markdown from 3.3.4 to 3.6

[dependabot[bot]]

Bumps markdown from 3.3.4 to 3.6.

Release notes

Sourced from markdown's releases.

Release 3.6

Changed

Refactor TOC Sanitation

• All postprocessors are now run on heading content.
• Footnote references are now stripped from heading content. Fixes #660.
• A more robust striptags is provided to convert headings to plain text. Unlike, the markupsafe implementation, HTML entities are not unescaped.
• The plain text name, rich html, and unescaped raw data-toc-label are saved to toc_tokens, allowing users to access the full rich text content of the headings directly from toc_tokens.
• The value of data-toc-label is sanitized separate from heading content before being written to name. This fixes a bug which allowed markup through in certain circumstances. To access the raw unsanitized data, retrieve the value from token['data-toc-label'] directly.
• An html.unescape call is made just prior to calling slugify so that slugify only operates on Unicode characters. Note that html.unescape is not run on name, html, or data-toc-label.
• The functions get_name and stashedHTML2text defined in the toc extension are both deprecated. Instead, third party extensions should use some combination of the new functions run_postprocessors, render_inner_html and striptags.

Fixed

• Include scripts/*.py in the generated source tarballs (#1430).
• Ensure lines after heading in loose list are properly detabbed (#1443).
• Give smarty tree processor higher priority than toc (#1440).
• Permit carets (^) and square brackets (]) but explicitly exclude backslashes (\) from abbreviations (#1444).
• In attribute lists (attr_list, fenced_code), quoted attribute values are now allowed to contain curly braces (}) (#1414).

Release 3.5.2

Fixed

• Fix type annotations for convertFile - it accepts only bytes-based buffers. Also remove legacy checks from Python 2 (#1400)
• Remove legacy import needed only in Python 2 (#1403)
• Fix typo that left the attribute AdmonitionProcessor.content_indent unset (#1404)
• Fix edge-case crash in InlineProcessor with AtomicString (#1406).
• Fix edge-case crash in codehilite with an empty code tag (#1405).
• Improve and expand type annotations in the code base (#1401).
• Fix handling of bogus comments (#1425).

Release 3.5.1

Fixed

... (truncated)

Changelog

Sourced from markdown's changelog.

[3.6] -- 2024-03-14

Changed

Refactor TOC Sanitation

• All postprocessors are now run on heading content.
• Footnote references are now stripped from heading content. Fixes #660.
• A more robust striptags is provided to convert headings to plain text. Unlike, the markupsafe implementation, HTML entities are not unescaped.
• The plain text name, rich html, and unescaped raw data-toc-label are saved to toc_tokens, allowing users to access the full rich text content of the headings directly from toc_tokens.
• The value of data-toc-label is sanitized separate from heading content before being written to name. This fixes a bug which allowed markup through in certain circumstances. To access the raw unsanitized data, retrieve the value from token['data-toc-label'] directly.
• An html.unescape call is made just prior to calling slugify so that slugify only operates on Unicode characters. Note that html.unescape is not run on name, html, or data-toc-label.
• The functions get_name and stashedHTML2text defined in the toc extension are both deprecated. Instead, third party extensions should use some combination of the new functions run_postprocessors, render_inner_html and striptags.

Fixed

• Include scripts/*.py in the generated source tarballs (#1430).
• Ensure lines after heading in loose list are properly detabbed (#1443).
• Give smarty tree processor higher priority than toc (#1440).
• Permit carets (^) and square brackets (]) but explicitly exclude backslashes (\) from abbreviations (#1444).
• In attribute lists (attr_list, fenced_code), quoted attribute values are now allowed to contain curly braces (}) (#1414).

[3.5.2] -- 2024-01-10

Fixed

• Fix type annotations for convertFile - it accepts only bytes-based buffers. Also remove legacy checks from Python 2 (#1400)
• Remove legacy import needed only in Python 2 (#1403)
• Fix typo that left the attribute AdmonitionProcessor.content_indent unset (#1404)
• Fix edge-case crash in InlineProcessor with AtomicString (#1406).
• Fix edge-case crash in codehilite with an empty code tag (#1405).
• Improve and expand type annotations in the code base (#1401).
• Fix handling of bogus comments (#1425).

[3.5.1] -- 2023-10-31

... (truncated)

Commits

• e524b8f Bump version to 3.6
• 3d8afc6 Allow attr_list quoted values to contain curly braces
• 9edba85 Refactor abbr escaping
• e4ab4a6 Refactor TOC sanitation
• a18765c Explicitly omit carot and backslash from abbr
• 421f1e8 Give smarty tree processor higher priority than toc
• c334a3e Ensure lines after heading in loose list are properly detabbed
• ea92856 Update the license template so GitHub can detect it
• a2effd6 Disable mkdocstrings show_symbol_type_toc option to work around searching iss...
• 91f9a12 Restore Attribute symbol type in mkdocstrings template
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)