Bump jinja2 from 3.1.2 to 3.1.3 in /src (#265)

* Bump jinja2 from 3.1.2 to 3.1.3 in /src Bumps [jinja2](https://github.com/pallets/jinja) from 3.1.2 to 3.1.3. - [Release notes](https://github.com/pallets/jinja/releases) - [Changelog](https://github.com/pallets/jinja/blob/main/CHANGES.rst) - [Commits](pallets/jinja@3.1.2...3.1.3) --- updated-dependencies: - dependency-name: jinja2 dependency-type: indirect ... Signed-off-by: dependabot[bot] <[email protected]> * pip-compile dependencies with jinja2>=3.1.3 * fix comment alignment --------- Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Anthony Romaniello <[email protected]>
NTIA · Jan 16, 2024 · ef32047 · ef32047
1 parent fb2aa21
commit ef32047
Show file tree

Hide file tree

Showing 3 changed files with 6 additions and 3 deletions.
diff --git a/src/requirements-dev.txt b/src/requirements-dev.txt
@@ -149,7 +149,7 @@ itypes==1.2.0
     # via
     #   -r requirements.txt
     #   coreapi
-jinja2==3.1.2
+jinja2==3.1.3
     # via
     #   -r requirements.txt
     #   coreschema

diff --git a/src/requirements.in b/src/requirements.in
@@ -18,5 +18,6 @@ scos_tekrsa @ git+https://github.com/NTIA/[email protected]
 # The following are sub-dependencies for which SCOS Sensor enforces a
 # higher minimum patch version than the dependencies which require them.
 # This is done to ensure the inclusion of specific security patches.
+jinja2>=3.1.3         # CVE-2024-22195
 pyyaml>=5.4.0         # CVE-2020-14343
 urllib3>=1.26.18      # CVE-2023-45803
diff --git a/src/requirements.txt b/src/requirements.txt
@@ -69,8 +69,10 @@ its-preselector @ git+https://github.com/NTIA/[email protected]
     # via scos-actions
 itypes==1.2.0
     # via coreapi
-jinja2==3.1.2
-    # via coreschema
+jinja2==3.1.3
+    # via
+    #   -r requirements.in
+    #   coreschema
 jsonfield==3.1.0
     # via -r requirements.in
 jsonschema==3.2.0