some markdown formatting

Author: davidism

content/blog/jinja-2-10-1-released.md

@@ -6,21 +6,21 @@ tags = ["releases", "security"]
 ~~~~
 
 Jinja 2.10.1 has been released and includes a security-related fix. If
-you are using the Jinja [sandboxed environment][] you are encouraged to
+you are using the Jinja [sandboxed environment] you are encouraged to
 upgrade.
 
-MITRE has assigned [CVE-2019-10906][] to this issue.
+MITRE has assigned [CVE-2019-10906] to this issue.
 
-Thank you to [Brian Welch][] for responsibly reporting the issue, and to
-[Armin Ronacher][] for writing the fix.
+Thank you to [Brian Welch] for responsibly reporting the issue, and to
+[Armin Ronacher] for writing the fix.
 
 The sandbox is used to restrict what code can be evaluated when
 rendering untrusted, user-provided templates. Due to the way string
 formatting works in Python, the `str.format_map` method could be used to
 escape the sandbox.
 
 This issue was previously addressed for the `str.format` method in
-[Jinja 2.8.1][], which discusses the issue in detail. However, the
+[Jinja 2.8.1], which discusses the issue in detail. However, the
 less-common `str.format_map` method was overlooked. This release applies
 the same sandboxing to both methods.
 

content/blog/werkzeug-0-15-0-released.md

@@ -29,8 +29,8 @@ to understand what changes may affect your code when upgrading.
   URL is logged by the dev server rather than showing percent escapes.
 * Deprecation warnings have been added throughout the code in
   preparation for version 1.0.
-* Werkzeug now uses [pre-commit][], [black][], [reorder-python-imports][],
-  and [flake8][] to provide consistent code formatting. The code also
+* Werkzeug now uses [pre-commit], [black], [reorder-python-imports],
+  and [flake8] to provide consistent code formatting. The code also
   moved to a `src` directory layout.
 * And much more!
 

content/blog/werkzeug-0-15-3-released.md

@@ -6,7 +6,7 @@ tags = ["releases", "security"]
 ~~~~
 
 Werkzeug 0.15.3 has been released, followed closely by 0.15.4. Both fix
-bugs and compatibility issues. The [changelog][] lists the changes in
+bugs and compatibility issues. The [changelog] lists the changes in
 detail, which include:
 
 * The debugger pin is unique per Docker container.

content/blog/werkzeug-0-15-5-released.md

@@ -6,7 +6,7 @@ tags = ["releases", "security"]
 ~~~~
 
 Werkzeug 0.15.5 has been released, containing bug and security fixes.
-The [changelog][] lists the changes in detail, which include:
+The [changelog] lists the changes in detail, which include:
 
 * `SharedDataMiddleware` safely handles drive names in paths on Windows.
 * The reloader no longer causes an `Exec format error` in many common

content/donate.md

@@ -8,10 +8,11 @@ managers can help us stay focused and productive. The Pallets teams does what
 they do because they love the frameworks and they love to code, and we are
 grateful to the community support that helps that continue. Thank you!
 
-* Donate through GitHub Sponsors: <https://github.com/sponsors/pallets>
-* Donate through the Python Software Foundation (PSF): <https://psfmember.org/civicrm/contribute/transact/?reset=1&id=20>
-* Subscribe through thanks.dev: <https://thanks.dev>
-* Subscribe through Tidelift: <https://tidelift.com>
+-   Donate through GitHub Sponsors: <https://github.com/sponsors/pallets>
+-   Donate through the Python Software Foundation (PSF):
+    <https://psfmember.org/civicrm/contribute/transact/?reset=1&id=20>
+-   Subscribe through thanks.dev: <https://thanks.dev>
+-   Subscribe through Tidelift: <https://tidelift.com>
 
 See the [Funding Sources](funding.md) page for details about all our funding
 sources.

content/ecosystem.md

@@ -1,6 +1,6 @@
 # Pallets Community Ecosystem
 
-The [Pallets-Eco][] organization is a collaborative community to share the
+The [Pallets-Eco] organization is a collaborative community to share the
 responsibility of maintaining libraries that work with and extend Pallets
 libraries.
 
@@ -19,7 +19,7 @@ everything themselves.
 
 ## Help Us Grow
 
-The Pallets-Eco organization is based on the successful [JazzBand][]
+The Pallets-Eco organization is based on the successful [JazzBand]
 organization. We're still in the early days of setting up the community, and
 still need to set up guidelines, automation, and other resources for
 contributors and maintainers. If you would like to help with that, please join
@@ -40,7 +40,7 @@ A trusted user will invite you to the GitHub organization.
 If you maintain a well-known extension that of a Pallets library, and need
 assistance with that effort, you can transfer the project to Pallets-Eco.
 
-After joining the organization, you can use [GitHub's transfer feature][] to
+After joining the organization, you can use [GitHub's transfer feature] to
 transfer the repository to the Pallets-Eco organization. You'll retain access,
 and the other organization members will gain access. Only trusted users can make
 releases, so you don't have to worry about security issues.

content/funding.md

@@ -1,7 +1,7 @@
 # Funding Sources
 
 Pallets is an open source community organization. We are a part of the Python
-Software Foundation (PSF) as a [fiscal sponsoree][], who help manage our funds
+Software Foundation (PSF) as a [fiscal sponsoree], who help manage our funds
 and provide administrative assistance.
 
 [fiscal sponsoree]: https://www.python.org/psf/fiscal-sponsorees/
@@ -14,7 +14,7 @@ Donate to Pallets through GitHub Sponsors here:
 <https://github.com/sponsors/pallets>
 
 If you or your company already uses GitHub, the easiest way to donate to us may
-be through [GitHub Sponsors][]. You may donate any amount, either one time or on
+be through [GitHub Sponsors]. You may donate any amount, either one time or on
 a schedule.
 
 [GitHub Sponsors]: https://github.com/sponsors
@@ -37,8 +37,8 @@ budget, and then distributes your donation to your dependencies.
 
 ## EthicalAds and Read the Docs
 
-Our documentation is hosted by [Read the Docs][], which shows relevant and
-non-intrusive ads through [EthicalAds][]. Both projects are run by trusted
+Our documentation is hosted by [Read the Docs], which shows relevant and
+non-intrusive ads through [EthicalAds]. Both projects are run by trusted
 members of the Python community.
 
 We receive a portion of advertising revenue on our documentation pages.
@@ -50,7 +50,7 @@ Please consider disabling ad blocking for EthicalAds:
 
 ## Tidelift Enterprise Subscription
 
-[Tidelift][] provides tools, data, and strategies that help organizations
+[Tidelift] provides tools, data, and strategies that help organizations
 assess risk and improve the health, security, and resilience of the open source
 used in their applications.
 

content/releases.md

@@ -9,7 +9,7 @@ See our [Version Support Policy](versions.md) as well.
 
 ## Notifications
 
-PyPI provides an RSS feed of [release notifications][] for each project. You can
+PyPI provides an RSS feed of [release notifications] for each project. You can
 find it at the top of the "Release history" tab on the project's page.
 
 [release notifications]: https://pypi.org/help/#project-release-notifications
@@ -33,7 +33,7 @@ are being reported.
 ## Security
 
 Building and publishing releases is automated with GitHub workflows and PyPI's
-[Trusted Publisher][] authentication. Team members on GitHub and PyPI are
+[Trusted Publisher] authentication. Team members on GitHub and PyPI are
 required to have 2FA enabled.
 
 [Trusted Publisher]: https://docs.pypi.org/trusted-publishers/
@@ -48,6 +48,6 @@ The context of each build is recorded and signed as SLSA provenance. The
 provenance file can be found on the GitHub release page, usually called
 `multiple.intoto.jsonl`. Eventually, PyPI will support uploading and displaying
 verification for these files. For now, they can be verified manually using
-[slsa-verifier][].
+[slsa-verifier].
 
 [slsa-verifier]: https://github.com/slsa-framework/slsa-verifier

content/security.md

@@ -31,22 +31,23 @@ The following categories will generally not be considered security issues. You
 may still err on the side of caution and make a private report first, but we
 may close it or ask you to report a regular issue instead.
 
-* The Werkzeug and Flask development server, debugger, and reloader.
-  Documentation and startup messages already clearly indicate that these are
-  intended for local development only.
-* Use of Jinja and MarkupSafe HTML escaping in other contexts, such as JavaScript.
-* Use of SHA-1 in ItsDangerous. SHA-1 is not vulnerable when used as an
-  intermediate step in HMAC, and ItsDangerous can be configured to use another
-  algorithm when needed.
-* Insecure configuration or code in a project *using* our libraries. This should
-  be reported to the relevant project instead.
-* Regular expression performance, often referred to as "ReDoS". Deployed
-  applications should use standard/recommended resource limits offered by their
-  server software and hosting service. You may report this as a regular
-  performance issue instead of a security issue.
-* Automated reports from vulnerability scanners or "AI" tools. Please make it
-  clear that you understand what you are reporting and have put personal time
-  into crafting the report.
-* Do not report something that has already been fixed and released; check the
-  project's change log. Getting a notification from your security scanner that
-  you need to update is not itself a new vulnerability to report.
+-   The Werkzeug and Flask development server, debugger, and reloader.
+    Documentation and startup messages already clearly indicate that these are
+    intended for local development only.
+-   Use of Jinja and MarkupSafe HTML escaping in other contexts, such as
+    JavaScript.
+-   Use of SHA-1 in ItsDangerous. SHA-1 is not vulnerable when used as an
+    intermediate step in HMAC, and ItsDangerous can be configured to use another
+    algorithm when needed.
+-   Insecure configuration or code in a project *using* our libraries. This
+    should be reported to the relevant project instead.
+-   Regular expression performance, often referred to as "ReDoS". Deployed
+    applications should use standard/recommended resource limits offered by
+    their server software and hosting service. You may report this as a regular
+    performance issue instead of a security issue.
+-   Automated reports from vulnerability scanners or "AI" tools. Please make it
+    clear that you understand what you are reporting and have put personal time
+    into crafting the report.
+-   Do not report something that has already been fixed and released; check the
+    project's change log. Getting a notification from your security scanner that
+    you need to update is not itself a new vulnerability to report.

content/versions.md

@@ -16,18 +16,18 @@ See our [Release Policy](releases.md) as well.
 
 ## Version Format
 
-Each project uses versions that follow the [PEP 440][] format. Stable releases
+Each project uses versions that follow the [PEP 440] format. Stable releases
 have three numbers, `A.B.C`. We follow a version scheme similar to Python
 itself.
 
-* The `A` number is considered a "milestone" release. It increases rarely, and
-  indicates a significant change in the project's structure or capabilities.
-* The `B` number is considered a "feature" release. Increasing this number
-  indicates adding new features, and may deprecate existing code or remove
-  previously deprecated code.
-* The `C` number is considered a "fix" release. Increasing this number indicates
-  changes to fix bugs or security issues, and will not intentionally break
-  public APIs.
+-   The `A` number is considered a "milestone" release. It increases rarely, and
+    indicates a significant change in the project's structure or capabilities.
+-   The `B` number is considered a "feature" release. Increasing this number
+    indicates adding new features, and may deprecate existing code or remove
+    previously deprecated code.
+-   The `C` number is considered a "fix" release. Increasing this number
+    indicates changes to fix bugs or security issues, and will not intentionally
+    break public APIs.
 
 ## Public API, Deprecations, and Removals
 
@@ -50,7 +50,7 @@ migrations.
 
 ## Pinning Versions and Constraints
 
-When writing an application, you *must* use a tool like [pip-compile][] to pin
+When writing an application, you *must* use a tool like [pip-compile] to pin
 your application's full dependency tree. This gives you reproducible
 deployments, allowing you to control when you get updates.
 
@@ -75,11 +75,11 @@ versions as `major.major.patch` if you need to use SemVer in other contexts.
 
 Please see any of the following resources for more information:
 
-* <https://hynek.me/articles/semver-will-not-save-you/>
-* <https://www.youtube.com/watch?v=WSVFw-3ssXM&t>
-* <https://snarky.ca/why-i-dont-like-semver/>
-* <https://caremad.io/posts/2016/02/versioning-software/>
-* <https://bernat.tech/posts/version-numbers/>
-* <https://iscinumpy.dev/post/bound-version-constraints/>
+-   <https://hynek.me/articles/semver-will-not-save-you/>
+-   <https://www.youtube.com/watch?v=WSVFw-3ssXM&t>
+-   <https://snarky.ca/why-i-dont-like-semver/>
+-   <https://caremad.io/posts/2016/02/versioning-software/>
+-   <https://bernat.tech/posts/version-numbers/>
+-   <https://iscinumpy.dev/post/bound-version-constraints/>
 
 [PEP 440]: https://peps.python.org/pep-0440/