Skip to content

Update to dask 2025.3.0 and jinja2 3.1.6 to fix security issues identified by dependabot#354

Merged
yantosca merged 2 commits intodevfrom
bugfix/dask-security-issue
Mar 24, 2025
Merged

Update to dask 2025.3.0 and jinja2 3.1.6 to fix security issues identified by dependabot#354
yantosca merged 2 commits intodevfrom
bugfix/dask-security-issue

Conversation

@yantosca
Copy link
Contributor

@yantosca yantosca commented Mar 24, 2025

Name and Institution (Required)

Name: Bob Yantosca
Institution: Harvard + GCST

Describe the update

This PR updates the version numbers of dask and jinja2 to fix security issues.

  • dask: 2024.5.2 -> 2025.3.0
  • jinja2: 3.1.5 -> 3.1.6

Expected changes

No changes are expected.

Related Github Issue

yantosca added 2 commits March 24, 2025 16:07
@yantosca
Bump dask from version 2024.5.2 to 2025.3.0 (security fix)
fa8e45a 
docs/environment_files/gcpy_environment_py312.yml
docs/environment_files/gcpy_environment_py313.yml
setup.py
- Changed the dask version from 2024.5.2 to 2025.3.0.
  This fixes a critical security issue raised by @dependabot.

CHANGELOG.md
- Updated accordingly

Signed-off-by: Bob Yantosca <yantosca@seas.harvard.edu>
@yantosca
Bump jinja2 to version 3.1.6 for ReadTheDocs
93904b9 
docs/environment_files/read_the_docs_environment.yml
docs/environment_files/read_the_docs_requirements.txt
- Updated jinja2 to version 3.1.6 to fix a security issue

CHANGELOG.md
- Updated accordingly

Signed-off-by: Bob Yantosca <yantosca@seas.harvard.edu>
@yantosca yantosca added topic: User Environment Relating to python and/or conda environment category: Bug Fix Fixes a bug that was previously reported labels Mar 24, 2025
@yantosca yantosca requested a review from lizziel March 24, 2025 20:17
@yantosca yantosca self-assigned this Mar 24, 2025
@yantosca yantosca changed the base branch from main to dev March 24, 2025 20:18
@yantosca yantosca merged commit 58e6d8e into dev Mar 24, 2025
17 checks passed
@yantosca yantosca deleted the bugfix/dask-security-issue branch March 24, 2025 20:45
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@lizziel lizziel lizziel approved these changes

Assignees

@yantosca yantosca

Labels

category: Bug Fix Fixes a bug that was previously reported topic: User Environment Relating to python and/or conda environment

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@yantosca @lizziel