Skip to content

Build(deps): Bump mistune from 3.2.1 to 3.3.0#1108

Merged
henrydingliu merged 1 commit into
mainfrom
dependabot/uv/mistune-3.3.0
Jul 10, 2026
Merged

Build(deps): Bump mistune from 3.2.1 to 3.3.0#1108
henrydingliu merged 1 commit into
mainfrom
dependabot/uv/mistune-3.3.0

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jul 10, 2026

Copy link
Copy Markdown
Contributor

Bumps mistune from 3.2.1 to 3.3.0.

Release notes

Sourced from mistune's releases.

v3.3.0

   🐞 Bug Fixes

   🏎 Performance

    View changes on GitHub
Changelog

Sourced from mistune's changelog.

Version 3.3.0

Released on Jun 21, 2026

  • Improve CommonMark compatibility and parser performance.
  • Add command line entrypoint with UTF-8 output.
  • Support display and backtick math.
  • Render plugin list and table nodes in Markdown renderer.
  • Escape leading block markers in Markdown renderer.
  • Fix RST renderer for block quotes nested in lists.
  • Avoid generated heading ID collisions in TOC.
  • Harden URL, image, figure, and include directive handling.
  • Fix quadratic scans in inline links, reference links, and formatting markers.
  • Fix math escaping, currency pattern matching, and cross-line matching.
Commits
  • 15c3b79 chore: release 3.3.0
  • bdc01ad tests: increase run time on pypy
  • 7cf1814 tests: increase run time for pypy
  • 6dfdc3d tests: add more tests
  • 17c50f6 chore: fix mypy issues
  • 63abe4b chore: use ruff check and format
  • e6c1b18 chore: resolve mypy issues
  • dcf8902 test(math): cover escaped math output
  • c4093c4 fix(toc): avoid generated id collisions
  • e3e51de fix(image): validate figure width option
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    You can disable automated security fix PRs for this repo from the Security Alerts page.

Note

Low Risk
Scope is limited to uv.lock; no chainladder runtime code changes, and the upgrade addresses known parsing DoS issues rather than introducing new app logic.

Overview
Updates the locked mistune dependency from 3.2.1 to 3.3.0 in uv.lock only (no application or pyproject.toml changes). mistune is pulled in transitively for the docs/notebook stack (e.g. via nbconvert).

The new release mainly hardens markdown parsing (fixes for quadratic-time link/reference/formatting paths, safer URL/include handling) and improves parser performance and CommonMark behavior—relevant wherever notebooks or markdown are rendered in CI or docs builds.

Reviewed by Cursor Bugbot for commit fc6ac97. Bugbot is set up for automated code reviews on this repo. Configure here.

Bumps [mistune](https://github.com/lepture/mistune) from 3.2.1 to 3.3.0.
- [Release notes](https://github.com/lepture/mistune/releases)
- [Changelog](https://github.com/lepture/mistune/blob/main/docs/changes.rst)
- [Commits](lepture/mistune@v3.2.1...v3.3.0)

---
updated-dependencies:
- dependency-name: mistune
  dependency-version: 3.3.0
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file python:uv Pull requests that update python:uv code labels Jul 10, 2026
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file python:uv Pull requests that update python:uv code labels Jul 10, 2026
@github-actions

Copy link
Copy Markdown

Pyright Type Completeness

View the full pyright --verifytypes output for this commit

Project (full chainladder package, at this PR's head): 14.6% of exported symbols fully typed (185 / 1271)

Known Ambiguous Unknown Total
Project (head) 185 106 980 1271

Other symbols referenced but not exported by chainladder: 13

Known Ambiguous Unknown Total
Other (head) 3 1 9 13

Symbols without documentation:

  • Functions without docstring: 313
  • Functions without default param: 0
  • Classes without docstring: 10

Patch (exported symbols added or changed by this PR): no exported symbol type-completeness changes detected.

@henrydingliu henrydingliu merged commit 9749697 into main Jul 10, 2026
9 checks passed
@dependabot dependabot Bot deleted the dependabot/uv/mistune-3.3.0 branch July 10, 2026 20:47
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file python:uv Pull requests that update python:uv code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant