From f4442e1ef58601c73f807bd3592f748957e0b378 Mon Sep 17 00:00:00 2001 From: Andrew Shumway Date: Mon, 23 Dec 2024 11:37:36 -0700 Subject: [PATCH 1/3] Update jinja2 to 3.1.5 to address vulnerability --- poetry.lock | 10 +++++----- pyproject.toml | 2 +- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/poetry.lock b/poetry.lock index debdf9ed9..70b7733e4 100644 --- a/poetry.lock +++ b/poetry.lock @@ -1,4 +1,4 @@ -# This file is automatically @generated by Poetry 1.8.3 and should not be changed by hand. +# This file is automatically @generated by Poetry 1.8.5 and should not be changed by hand. [[package]] name = "aiohappyeyeballs" @@ -1910,13 +1910,13 @@ trio = ["async_generator", "trio"] [[package]] name = "jinja2" -version = "3.1.4" +version = "3.1.5" description = "A very fast and expressive template engine." optional = false python-versions = ">=3.7" files = [ - {file = "jinja2-3.1.4-py3-none-any.whl", hash = "sha256:bc5dd2abb727a5319567b7a813e6a2e7318c39f4f487cfe6c89c6f9c7d25197d"}, - {file = "jinja2-3.1.4.tar.gz", hash = "sha256:4a3aee7acbbe7303aede8e9648d13b8bf88a429282aa6122a993f0ac800cb369"}, + {file = "jinja2-3.1.5-py3-none-any.whl", hash = "sha256:aba0f4dc9ed8013c424088f68a5c226f7d6097ed89b246d7749c2ec4175c6adb"}, + {file = "jinja2-3.1.5.tar.gz", hash = "sha256:8fefff8dc3034e27bb80d67c671eb8a9bc424c0ef4c0826edbff304cceff43bb"}, ] [package.dependencies] @@ -4947,4 +4947,4 @@ propcache = ">=0.2.0" [metadata] lock-version = "2.0" python-versions = "^3.12.2" -content-hash = "cf18ae74630e47eec18cc6c5fea9e554476809d20589d82c54a8d761bb2c3de0" +content-hash = "fec0ba8767be575fa1818a6c396c88d2d447a7a94609b8e8680f4786e257b3d5" diff --git a/pyproject.toml b/pyproject.toml index 99858c09e..82dbab9b2 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -74,7 +74,7 @@ six = "^1.16.0" urllib3 = "^2.2.2" webencodings = "^0.5.1" itsdangerous = "^2.2.0" -jinja2 = "^3.1.4" +jinja2 = "3.1.5" redis = "^5.0.8" requests = "^2.32.3" From e6e336cdf72d75040ba1e5456b5a711a1d188ad8 Mon Sep 17 00:00:00 2001 From: Andrew Shumway Date: Mon, 23 Dec 2024 11:42:39 -0700 Subject: [PATCH 2/3] Fix dependency syntax --- pyproject.toml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pyproject.toml b/pyproject.toml index 82dbab9b2..dc568d89e 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -74,7 +74,7 @@ six = "^1.16.0" urllib3 = "^2.2.2" webencodings = "^0.5.1" itsdangerous = "^2.2.0" -jinja2 = "3.1.5" +jinja2 = "^3.1.5" redis = "^5.0.8" requests = "^2.32.3" From 90ce2b2a6598b6b6a4e414f20eeb84dbb9922a91 Mon Sep 17 00:00:00 2001 From: Andrew Shumway Date: Mon, 23 Dec 2024 11:46:14 -0700 Subject: [PATCH 3/3] Poetry lock --no-update command --- poetry.lock | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/poetry.lock b/poetry.lock index 70b7733e4..e0096a7de 100644 --- a/poetry.lock +++ b/poetry.lock @@ -4947,4 +4947,4 @@ propcache = ">=0.2.0" [metadata] lock-version = "2.0" python-versions = "^3.12.2" -content-hash = "fec0ba8767be575fa1818a6c396c88d2d447a7a94609b8e8680f4786e257b3d5" +content-hash = "271d8e0f25856f45970e5a9cc3b8871a01b732226ab3ed68ea426912b5117fcf"