Skip to content

Commit 7c1683f

Browse files
authored
Merge pull request #1488 from lukaszstolarczuk/fix-sec
Bump jinja and its dependency version
2 parents cac3de1 + 2ad8110 commit 7c1683f

File tree

2 files changed

+3
-2
lines changed

2 files changed

+3
-2
lines changed

third_party/deps.yml

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -33,6 +33,7 @@ dependencies:
3333
- openssl=3.1.1
3434
- pkg-config=0.29.2
3535
- rhash=1.4.3
36+
# don't upgrade xz utils due to CVE-2024-3094
3637
- xz=5.2.6
3738
- zlib=1.2.13
3839
- zstd=1.5.2

third_party/requirements.txt

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -12,10 +12,10 @@ docutils==0.15.2
1212
exhale==0.3.0
1313
idna==2.8
1414
imagesize==1.1.0
15-
Jinja2==2.11.3
15+
Jinja2==3.1.3
1616
lxml==4.9.3
1717
Mako==1.3.0
18-
MarkupSafe==1.1.1
18+
MarkupSafe==2.1.5
1919
packaging==19.2
2020
Pygments==2.17.2
2121
pyparsing==2.4.5

0 commit comments

Comments
 (0)