Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Backport 1.7.latest] Upgrade Jinja2 dependency version specification to address CVE-2024-22195 #9655

Merged
merged 3 commits into from
Feb 26, 2024
Merged

[Backport 1.7.latest] Upgrade Jinja2 dependency version specification to address CVE-2024-22195 #9655

merged 3 commits into from
Feb 26, 2024

Conversation

github-actions[bot]
Copy link
Contributor

Backport 7ea4670 from #9638.

@QMalcolm @github-actions
Upgrade Jinja2 dependency version specification to address CVE-2024-2…
5b5ff76 
…2195 (#9638)

CVE-2024-22195 identified an issue in Jinja2 versions <= 3.1.2. As such
we've gone and changed our dependency requirement specification to be
3.1.3 or greater (but less than 4).

Note: Preivously we were using the `~=` version specifier. However due
to some issues with the `~=` we've moved to using `>=` in combination
with `<`. This gives us the same range that `~=` gave us, but avoids
a pip resolution issue when multiple packages in an environment use `~=`
for the same dependency.

(cherry picked from commit 7ea4670)
@github-actions github-actions bot requested a review from a team as a code owner February 23, 2024 22:22
@cla-bot cla-bot bot added the cla:yes label Feb 23, 2024
ChenyuLInx
ChenyuLInx approved these changes Feb 26, 2024
View reviewed changes
Copy link
Contributor

@ChenyuLInx ChenyuLInx left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM, remember to update the branch and run tests before merging

@codecov Codecov
Copy link

codecov bot commented Feb 26, 2024
edited
Loading

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 86.63%. Comparing base (708e07e) to head (70f3431).

Additional details and impacted files 
@@              Coverage Diff               @@
##           1.7.latest    #9655      +/-   ##
==============================================
- Coverage       86.67%   86.63%   -0.05%     
==============================================
  Files             179      179              
  Lines           26645    26645              
==============================================
- Hits            23094    23083      -11     
- Misses           3551     3562      +11
Flag Coverage Δ
integration 83.47% <ø> (-0.05%) ⬇️
unit 64.96% <ø> (ø)

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

@QMalcolm QMalcolm merged commit 0a6d0c1 into 1.7.latest Feb 26, 2024
96 checks passed
@QMalcolm QMalcolm deleted the backport-9638-to-1.7.latest branch February 26, 2024 22:13
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ChenyuLInx ChenyuLInx ChenyuLInx approved these changes

Assignees
No one assigned
Labels
cla:yes
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@ChenyuLInx @QMalcolm