Merge PR #354 (Update dask and jinja2 for security fix)

yantosca · yantosca · commit 58e6d8e9e772 · 2025-03-24T16:42:53.000-04:00
This merge brings PR #354 (Update to dask 2025.3.0 and jinja2 3.1.6 to fix security issues identified by dependabot, by @yantosca) into the GCPy 1.6.1 development stream. This PR updates dask to 2025.3.0 and jinja2 to 3.1.6 to fix security issues identified by @dependabot. Signed-off-by: Bob Yantosca <yantosca@seas.harvard.edu>
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -15,6 +15,8 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
 - Updated symbolic link `environment.yml` to point to `docs/source/gcpy_environment_py312.yml`
 - Renamed GitHub Actions config file `.github/workflows/build-gcpy-environment.yml` to `build-gcpy-environment-py312.yml`
 - Updated package version information in ReadTheDocs documentation
+- Bumped dask from version 2024.5.2 to 2025.3.0 to fix a security issue (raised by @dependabot)
+- Bumped jinja2 from version 3.1.5 to 3.1.6 to fix a security issue (raised by @dependabot)
 
 ### Removed
 - Removed PyPi configuration file  `docs/environment_files/gcpy_requirements.txt` and symbolic link `./requirements.txt`
diff --git a/docs/environment_files/gcpy_environment_py312.yml b/docs/environment_files/gcpy_environment_py312.yml
@@ -14,7 +14,7 @@ channels:
 dependencies:
   - cartopy        ==0.23.0     # Geospatial data processing
   - cf_xarray      ==0.9.1      # CF conventions for xarray
-  - dask           ==2024.5.2   # Parallel library; backend for xarray
+  - dask           ==2025.3.0   # Parallel library; backend for xarray
   - esmf           ==8.6.1      # Earth system modeling framework
   - esmpy          ==8.6.1      # Python wrapper for ESMF
   - gridspec       ==0.1.0      # Define Earth System Model grids
diff --git a/docs/environment_files/gcpy_environment_py313.yml b/docs/environment_files/gcpy_environment_py313.yml
@@ -22,7 +22,7 @@ channels:
 dependencies:
   - cartopy        ==0.24.0     # Geospatial data processing
   - cf_xarray      ==0.10.0     # CF conventions for xarray
-  - dask           ==2025.2.0   # Parallel library; backend for xarray
+  - dask           ==2025.3.0   # Parallel library; backend for xarray
   - esmf           ==8.8.0      # Earth System Model Framework
   - esmpy          ==8.8.0      # Python wrapper for ESMF
   - gridspec       ==0.1.0      # Define Earth System Model grids
diff --git a/docs/environment_files/read_the_docs_environment.yml b/docs/environment_files/read_the_docs_environment.yml
@@ -19,6 +19,6 @@ dependencies:
   - sphinx-autobuild==2021.3.14
   - recommonmark==0.7.1
   - docutils==0.20.1
-  - jinja2==3.1.5
+  - jinja2==3.1.6
 
 
diff --git a/docs/environment_files/read_the_docs_requirements.txt b/docs/environment_files/read_the_docs_requirements.txt
@@ -12,6 +12,6 @@ sphinxcontrib-bibtex==2.6.2
 sphinx-autobuild==2021.3.14
 recommonmark==0.7.1
 docutils==0.20.1
-jinja2==3.1.5
+jinja2==3.1.6
 
 
diff --git a/setup.py b/setup.py
@@ -93,7 +93,7 @@ def _write_version_file():
     install_requires=[
         "cartopy==0.23.0",
         "cf_xarray==0.9.1",
-        "dask==2024.5.2",
+        "dask==2025.3.0",
         "esmf==8.6.1",
         "esmpy==8.6.1",
         "gridspec==0.1.0",
