Skip to content

Commit

Permalink
deps: Update dependency jinja2 to v3.1.3 [SECURITY] (#173)
Browse files Browse the repository at this point in the history
[![Mend
Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com)

This PR contains the following updates:

| Package | Change | Age | Adoption | Passing | Confidence |
|---|---|---|---|---|---|
| [jinja2](https://palletsprojects.com/p/jinja/)
([changelog](https://jinja.palletsprojects.com/changes/)) | `==3.1.2` ->
`==3.1.3` |
[![age](https://developer.mend.io/api/mc/badges/age/pypi/jinja2/3.1.3?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![adoption](https://developer.mend.io/api/mc/badges/adoption/pypi/jinja2/3.1.3?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![passing](https://developer.mend.io/api/mc/badges/compatibility/pypi/jinja2/3.1.2/3.1.3?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![confidence](https://developer.mend.io/api/mc/badges/confidence/pypi/jinja2/3.1.2/3.1.3?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|

### GitHub Vulnerability Alerts

####
[CVE-2024-22195](https://github.com/pallets/jinja/security/advisories/GHSA-h5c8-rqwp-cp95)

The `xmlattr` filter in affected versions of Jinja accepts keys
containing spaces. XML/HTML attributes cannot contain spaces, as each
would then be interpreted as a separate attribute. If an application
accepts keys (as opposed to only values) as user input, and renders
these in pages that other users see as well, an attacker could use this
to inject other attributes and perform XSS. Note that accepting keys as
user input is not common or a particularly intended use case of the
`xmlattr` filter, and an application doing so should already be
verifying what keys are provided regardless of this fix.

---

### Configuration

📅 **Schedule**: Branch creation - "" (UTC), Automerge - At any time (no
schedule defined).

🚦 **Automerge**: Disabled by config. Please merge this manually once you
are satisfied.

♻ **Rebasing**: Never, or you tick the rebase/retry checkbox.

🔕 **Ignore**: Close this PR and you won't be reminded about this update
again.

---

- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box

---

This PR has been generated by [Mend
Renovate](https://www.mend.io/free-developer-tools/renovate/). View
repository job log
[here](https://developer.mend.io/github/GoogleCloudPlatform/genai-databases-retrieval-app).

<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNy4xMjcuMCIsInVwZGF0ZWRJblZlciI6IjM3LjEyNy4wIiwidGFyZ2V0QnJhbmNoIjoibWFpbiJ9-->
  • Loading branch information
renovate-bot authored Jan 12, 2024
1 parent f03970b commit 693c19d
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion langchain_tools_demo/requirements.txt
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@ fastapi==0.108.0
google-cloud-aiplatform==1.38.1
google-auth==2.26.1
itsdangerous==2.1.2
jinja2==3.1.2
jinja2==3.1.3
langchain==0.0.354
markdown==3.5.1
types-Markdown==3.5.0.3
Expand Down

0 comments on commit 693c19d

Please sign in to comment.