[Snyk] Security upgrade jinja2 from 3.1.2 to 3.1.3 (#5086)

nautobot · Jan 12, 2024 · aa4aa40 · aa4aa40
1 parent ae9ba28
commit aa4aa40
Show file tree

Hide file tree

Showing 5 changed files with 12 additions and 18 deletions.
diff --git a/changes/5086.dependencies b/changes/5086.dependencies
@@ -0,0 +1 @@
+Updated Jinja2 to version 3.1.3 to address to address XSS security vulnerability [GHSA-h5c8-rqwp-cp95](https://github.com/pallets/jinja/security/advisories/GHSA-h5c8-rqwp-cp95).
diff --git a/examples/example_plugin/docs/requirements.txt b/examples/example_plugin/docs/requirements.txt
@@ -1,4 +1,4 @@
-Jinja2==3.1.2
+Jinja2==3.1.3
 mkdocs==1.5.3
 mkdocs-include-markdown-plugin==4.0.4
 mkdocs-material==9.1.18

diff --git a/nautobot/docs/requirements.txt b/nautobot/docs/requirements.txt
@@ -1,4 +1,4 @@
-Jinja2==3.1.2
+Jinja2==3.1.3
 Markdown==3.3.7
 markdown-data-tables==1.0.0
 mkdocs==1.5.3

diff --git a/poetry.lock b/poetry.lock
diff --git a/pyproject.toml b/pyproject.toml
@@ -94,7 +94,7 @@ graphene-django = "~2.16.0"
 # NOTE: graphene-django-optimizer 0.9 and later require Graphene v3
 graphene-django-optimizer = "~0.8.0"
 # Template rendering engine
-Jinja2 = "~3.1.2"
+Jinja2 = "~3.1.3"
 # Optional data validation of config contexts - loose dependency since our usage is light but apps may be more specific
 jsonschema = ">=4.7.0,<4.19.0"
 # Rendering of markdown files to HTML