Bump mistune from 3.0.2 to 3.2.1 in /experiments/agentcompany/openhands

[dependabot]

Bumps mistune from 3.0.2 to 3.2.1.

Release notes

Sourced from mistune's releases.

v3.2.1

   🐞 Bug Fixes

• Resolve Windows compatibility issues in file inclusion and tests  -  by @​Yuki9814 (25471)
• Escape html text  -  by @​lepture (a3cb6)
• Update link reference  -  by @​lepture (85eb5)
• Handle escaped dollar signs in inline math  -  by @​saschabuehrle in lepture/mistune#370 (7bd57)
• Escape id of toc  -  by @​lepture (04880)
• Escape id of headings  -  by @​lepture (28556)
• Remove double-encoding of image alt text  -  by @​lawrence3699 (0d6f3)
• Escape xml for math plugin  -  by @​lepture (5fa09)
• Use strict regex for image's height and width  -  by @​lepture (8d0cb)

    View changes on GitHub

v3.2.0

   🚀 Features

• Support footnotes that start on the next line.  -  by @​kylechui (2677e)
• Properly handle code blocks inside footnotes.  -  by @​kylechui (0516c)
• Support python 3.14  -  by @​lepture (7e0eb)

   🐞 Bug Fixes

• Render ref links and footnotes in footnotes.  -  by @​lepture (bd90e)
• Render ref links in TOC.  -  by @​lemon24 (a0a01)
• Update typing for mypy upgrades  -  by @​lepture (8d49c)
• Render correct html for footnotes  -  by @​lepture (9b622)

    View changes on GitHub

v3.1.4

   🐞 Bug Fixes

• Add fenced directive break rule in list parser, #412  -  by @​lepture in lepture/mistune#412 (ea3ec)
• Prevent remove unicode whitespace when parsing atx heading  -  by @​lepture (9e720)

    View changes on GitHub

v3.1.3

   🚀 Features

• Announce supports for python 3.12 and 3.13  -  by @​lepture (ff831)

    View changes on GitHub

v3.1.2

   🐞 Bug Fixes

• plugin: Fix footnote plugins when rendering ast  -  by @​lepture (a7289)

... (truncated)

Changelog

Sourced from mistune's changelog.

Version 3.2.1

Released on May 3, 2026

• Escape link in render_toc_ul.
• Escape text in math plugin.
• Fix regex for math plugin.
• Escape heading's ID attribute.
• Fix LINK_TITLE_RE to prevent DoS.
• Escape class attribute for admonition directive.
• Remove double-encoding of image alt text.
• Escape class attribute for image directive.
• Fix width/height attribute for image directive.

Version 3.2.0

Released on Dec 23, 2025

• Announce supports for python 3.14
• Fix footnotes plugins for code blocks, ref links, blockquote and etc.
• Fix ref links in TOC.

Version 3.1.4

Released on Aug 29, 2025

• Add fenced directive break rule in list parser.
• Prevent removing unicode whitespace when parsing atx heading.

Version 3.1.3

Released on Mar 19, 2025

• Announce supports for python 3.12 and 3.13

Version 3.1.2

Released on Feb 19, 2025

• Fix footnotes plugin for AST renderer

Version 3.1.1

Released on Jan 28, 2025

... (truncated)

Commits

• 067f908 chore: release 3.2.1
• bf55030 Merge pull request #438 from saschabuehrle/fix/issue-370
• 8d0cb75 fix: use strict regex for image's height and width
• 5fa092e fix: escape xml for math plugin
• 71ec947 Merge pull request #440 from lawrence3699/fix/image-alt-double-encoding
• 0d6f3d8 fix: remove double-encoding of image alt text
• 2855622 fix: escape id of headings
• 04880a0 fix: escape id of toc
• 7bd5709 fix: handle escaped dollar signs in inline math (fixes #370)
• 85eb54f fix: update link reference
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  You can disable automated security fix PRs for this repo from the Security Alerts page.

Greptile Summary

This PR bumps mistune from 3.0.2 to 3.2.1 in experiments/agentcompany/openhands/requirements.txt. The upgrade is a standard Dependabot security maintenance update that incorporates several HTML-escaping bug fixes (heading/TOC IDs, math plugin XML, image alt text double-encoding) and a ReDoS fix for LINK_TITLE_RE, all of which reduce XSS and denial-of-service exposure in rendered Markdown output.

Confidence Score: 5/5

Safe to merge — straightforward dependency bump with no breaking changes and beneficial security fixes.

Single-line version pin change in a requirements file. All intermediate releases are bug-fix/security patches with no breaking API changes. No custom rules are violated.

No files require special attention.

Important Files Changed

Filename	Overview
experiments/agentcompany/openhands/requirements.txt	Bumps mistune from 3.0.2 to 3.2.1, picking up multiple HTML-escaping/XSS and DoS bug fixes across intermediate releases.

Flowchart

%%{init: {'theme': 'neutral'}}%%
flowchart TD
    A[mistune 3.0.2] -->|bump| B[mistune 3.2.1]
    B --> C[v3.1.x fixes\nfenced directive,\nunicode heading whitespace]
    B --> D[v3.2.0 fixes\nfootnotes, TOC ref links,\nPython 3.14 support]
    B --> E[v3.2.1 fixes\nHTML escaping XSS,\nDoS regex fix,\nimage alt double-encoding]

Loading

_{Reviews (1): Last reviewed commit: "Bump mistune from 3.0.2 to 3.2.1 in /exp..." | Re-trigger Greptile}

[socket-security]

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff	Package	Supply Chain Security	Vulnerability	Quality	Maintenance	License
	mistune@​3.0.2 ⏵ 3.2.1		+16

View full report