Update python-liquid requirement from ~=2.1.0 to >=2.1,<2.3 in /celery

[dependabot]

Updates the requirements on python-liquid to permit the latest version.

Release notes

Sourced from python-liquid's releases.

Version 2.2.0

• Fixed FileSystemLoader and CachingFileSystemLoader to reject absolute paths.
• Added the reject_symlinks keyword argument to FileSystemLoader and CachingFileSystemLoader. When True, symlinks pointing to files outside the search path will be rejected. reject_symlinks defaults to False.
• Added the squish filter. {{ x | squish }} is equivalent to {{ x | strip | split | join }}. See #195.
• Added BoundTemplate.comments() and BoundTemplate.docs() for statically retrieving {% comment %}, {% # inline comment %} and {% doc %} nodes.
• Added an experimental {% snippet %} tag. Shopify/liquid released then quickly removed {% snippet %}. We're calling it "experimental" and keeping it disabled by default, pending more activity from Shopify/liquid. See #191 and #193.
• Improved static analysis of partial templates. Previously we would visit a partial template only once, regardless of how many times it is rendered with {% render %}. Now we visit partial templates once for each distinct set of arguments passed to {% render %}, potentially reporting "global" variables that we'd previously missed.
• Changed the string_filter decorator to coerce None to an empty string instead of "None". This is what Shopify/liquid does with nil.to_s.

Changelog

Sourced from python-liquid's changelog.

Version 2.2.0

• Fixed FileSystemLoader and CachingFileSystemLoader to reject absolute paths.
• Added the reject_symlinks keyword argument to FileSystemLoader and CachingFileSystemLoader. When True, symlinks pointing to files outside the search path will be rejected. reject_symlinks defaults to False.
• Added the squish filter. {{ x | squish }} is equivalent to {{ x | strip | split | join }}. See #195.
• Added BoundTemplate.comments() and BoundTemplate.docs() for statically retrieving {% comment %}, {% # inline comment %} and {% doc %} nodes.
• Added an experimental {% snippet %} tag. Shopify/liquid released then quickly removed {% snippet %}. We're calling it "experimental" and keeping it disabled by default, pending more activity from Shopify/liquid. See #191 and #193.
• Improved static analysis of partial templates. Previously we would visit a partial template only once, regardless of how many times it is rendered with {% render %}. Now we visit partial templates once for each distinct set of arguments passed to {% render %}, potentially reporting "global" variables that we'd previously missed.
• Changed the string_filter decorator to coerce None to an empty string instead of "None". This is what Shopify/liquid does with nil.to_s.

Version 2.1.0

Features

• Added the escapejs filter for escaping characters for use in JavaScript string literals. Whereas the standard escape filter replaces &, <, >, ' and " with their equivalent HTML escape sequence, escapejs replaces control characters and potentially dangerous symbols with their corresponding Unicode escape sequences.

Docs

• Improved documentation for HTML auto escaping and the escape filter.

Version 2.0.2

• Fixed static analysis of filters in ternary expressions. See #180.
• Fixed static analysis of macro blocks. Previously args and kwargs were considered "global". See #181.
• Fixed looping over non-iterable objects with the {% for %} tag. We were raising a LiquidTypeError when we should have been defaulting to an empty iterable, as Shopify/liquid does.

Version 2.0.1

• Fixed bad imports from typing_extensions.

Version 2.0.0

This is a major release with several breaking changes. As well as API changes listed below, we:

• Drop support for Python version 3.7 and 3.8.
• Promote rendering behavior from liquid.future.Environment to be the default, so as to improve Shopify/liquid compatibility by default.
• Fix variable/identifier/path parsing described in [issue #39](jg-rp/liquid#39).
• Improve Liquid syntax error messages and exposes source index, line numbers and column numbers through methods on Liquid exceptions. See #53.
• Change comment tag parsing to better match Shopify/Liquid. See #133.
• Remove BoundTemplate.analyze_with_context(). Shout if you need contextual analysis and we'll restore this feature.
• Remove the cache_size argument to liquid.Environment and liquid.Template. Template caching is now handled by template loaders.
• Remove the expression_cache_size argument to liquid.Environment and liquid.Template. Environment-level expression caching is no longer available as it does not play nicely with detailed error messages. If you need to cache parsing of Liquid expressions, it is now recommended to implement a cache per tag, where it makes sense to do so for your use case.
• Make markupsafe a dependency. Previously markupsafe was an optional dependency. Version 3 of markupsafe brings some subtle changes to the replace, replace_first and replace_last filters when they receive a "safe" string wrapped in Markup().
• Add new filters reject, has, find and find_index. See [Shopify/liquid #1869](Shopify/liquid#1869).
• Add the new doc tag. See [Shopify/liquid #1895](Shopify/liquid#1895).

API changes

Also see the migration guide.

... (truncated)

Commits

• e390178 Release version 2.2.0 [skip ci]
• b9413b3 Merge commit from fork
• f351620 Fix caching loader constructor and update doc comments
• e17b1f9 Add is_file check and optionally reject symlinks
• 1d9eeed Fix absolute paths escpae loader template root
• 011d2bd Merge pull request #200 from jg-rp/static-comment-helpers
• fb9c582 Add static comment helpers
• d2177cb Merge pull request #198 from jg-rp/restore-docs
• 42270bf docs: restore the error handling section of the known issues page
• 8981056 Merge pull request #195 from jg-rp/squish
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)