Follow up to 813015d67e2557fa859a07930a9becec4e5f64a0.
Regression in 8d67e16493c903adc9d049141028bc0fff43f8c8.
Backport of 198a19b692699ad3940373d9ed797fe9155f3f4a from main
Regression in 8d67e16493c903adc9d049141028bc0fff43f8c8.
Thanks Lorenzo Peña for the report.
Backport of 813015d67e2557fa859a07930a9becec4e5f64a0 from main
Black 23.1.0 is released which, as the first release of the year,
introduces the 2023 stable style. This incorporates most of last year's
preview style.
https://github.com/psf/black/releases/tag/23.1.0
Backport of 097e3a70c1481ee7b042b2edd91b2be86fb7b5b6 from main
- Updated references to RFC 1123 to RFC 5322
- Only partial as RFC 5322 sort of sub-references RFC 1123.
- Updated references to RFC 2388 to RFC 7578
- Except RFC 2388 Section 5.3 which has no equivalent.
- Updated references to RFC 2396 to RFC 3986
- Updated references to RFC 2616 to RFC 9110
- Updated references to RFC 3066 to RFC 5646
- Updated references to RFC 7230 to RFC 9112
- Updated references to RFC 7231 to RFC 9110
- Updated references to RFC 7232 to RFC 9110
- Updated references to RFC 7234 to RFC 9111
- Tidied up style of text when referring to RFC documents
Node._new_instance() was added in
6dd2b5468fa275d53aa60fdcaff8c28bdc5e9c25 to work around Q.__init__()
having an incompatible signature with Node.__init__().
It was intended as a hook that could be overridden if subclasses needed
to change the behaviour of instantiation of their specialised form of
Node. In practice this doesn't ever seem to have been used for this
purpose and there are very few calls to Node._new_instance() with other
code, e.g. Node.__deepcopy__() calling Node and overriding __class__ as
required.
Rename this to Node.create() to make it a more "official" piece of
private API that we can use to simplify a lot of other areas internally.
The docstring and nearby comment have been reworded to read more
clearly.
The tests for creating new instances or copying instances of Node and
its subclasses didn't fully capture the behaviour of the implementation,
particularly around whether the `children` list or is contents were the
same as the source.
Refs Python CVE-2022-0391. Django is not affected, but others who
incorrectly use internal function url_has_allowed_host_and_scheme()
with unsanitized input could be at risk.
Despite inheriting from the str type, every SafeString instance gains
an empty __dict__ due to the normal, expected behaviour of type
subclassing in Python.
Adding __slots__ to SafeData is necessary, because otherwise inheriting
from that (as SafeString does) will give it a __dict__ and negate the
benefit added by modifying SafeString.
