Bump jinja2 from 3.1.4 to 3.1.6 in /examples/kafka-db-sum by dependabot[bot] · Pull Request #449 · open-lambda/open-lambda · GitHub
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Footer
You can’t perform that action at this time.
Bumps jinja2 from 3.1.4 to 3.1.6.
Release notesSourced from jinja2's releases.
3.1.6
This is the Jinja 3.1.6 security release, which fixes security issues but does not otherwise change behavior and should not result in breaking changes compared to the latest feature release.
PyPI: https://pypi.org/project/Jinja2/3.1.6/ Changes: https://jinja.palletsprojects.com/en/stable/changes/#version-3-1-6
3.1.5
This is the Jinja 3.1.5 security fix release, which fixes security issues and bugs but does not otherwise change behavior and should not result in breaking changes compared to the latest feature release.
PyPI: https://pypi.org/project/Jinja2/3.1.5/ Changes: https://jinja.palletsprojects.com/changes/#version-3-1-5 Milestone: https://github.com/pallets/jinja/milestone/16?closed=1
- The sandboxed environment handles indirect calls to str.format, such as by passing a stored reference to a filter that calls its argument. GHSA-q2x7-8rv6-6q7h
- Escape template name before formatting it into error messages, to avoid issues with names that contain f-string syntax. #1792, GHSA-gmj6-6f8f-6699
- Sandbox does not allow clear and pop on known mutable sequence types. #2032
- Calling sync render for an async template uses asyncio.run. #1952
- Avoid unclosed auto_aiter warnings. #1960
- Return an aclose-able AsyncGenerator from Template.generate_async. #1960
- Avoid leaving root_render_func() unclosed in Template.generate_async. #1960
- Avoid leaving async generators unclosed in blocks, includes and extends. #1960
- The runtime uses the correct concat function for the current environment when calling block references. #1701
- Make |unique async-aware, allowing it to be used after another async-aware filter. #1781
- |int filter handles OverflowError from scientific notation. #1921
- Make compiling deterministic for tuple unpacking in a {% set ... %} call. #2021
- Fix dunder protocol (copy/pickle/etc) interaction with Undefined objects. #2025
- Fix copy/pickle support for the internal missing object. #2027
- Environment.overlay(enable_async) is applied correctly. #2061
- The error message from FileSystemLoader includes the paths that were searched. #1661
- PackageLoader shows a clearer error message when the package does not contain the templates directory. #1705
- Improve annotations for methods returning copies. #1880
- urlize does not add mailto: to values like @a@b. #1870
- Tests decorated with @pass_context can be used with the |select filter. #1624
- Using set for multiple assignment (a, b = 1, 2) does not fail when the target is a namespace attribute. #1413
- Using set in all branches of {% if %}{% elif %}{% else %} blocks does not cause the variable to be considered initially undefined. #1253
ChangelogSourced from jinja2's changelog.
Version 3.1.6
Released 2025-03-05
Version 3.1.5
Released 2024-12-21
... (truncated)
CommitsDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.
Dependabot commands and optionsYou can trigger Dependabot actions by commenting on this PR:
You can disable automated security fix PRs for this repo from the Security Alerts page.