[Snyk] Security upgrade jinja2 from 3.1.5 to 3.1.6 #125

luke · 2025-03-06T08:52:52+01:00

luketainton commented

2025-03-06 08:52:52 +01:00

(Migrated from github.com)

Snyk has created this PR to fix 1 vulnerabilities in the pip dependencies of this project.

Snyk changed the following file(s):

requirements.txt

⚠️ Warning

jinja2 3.1.6 requires MarkupSafe, which is not installed.

Important

Check the changes in this PR to ensure they won't cause issues with your project.

Max score is 1000. Note that the real score may have changed since the PR was raised.

This PR was automatically created by Snyk using the credentials of a real user.

Some vulnerabilities couldn't be fully fixed and so Snyk will still find them when the project is tested again. This may be because the vulnerability existed within more than one direct dependency, but not all of the affected dependencies could be upgraded.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report
📜 Customise PR templates
🛠 Adjust project settings
📚 Read about Snyk's upgrade logic

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Learn about vulnerability in an interactive lesson of Snyk Learn.

![snyk-top-banner](https://redirect.github.com/andygongea/OWASP-Benchmark/assets/818805/c518c423-16fe-447e-b67f-ad5a49b5d123) ### Snyk has created this PR to fix 1 vulnerabilities in the pip dependencies of this project. #### Snyk changed the following file(s): - `requirements.txt` <details> <summary>⚠️ <b>Warning</b></summary> ``` jinja2 3.1.6 requires MarkupSafe, which is not installed. ``` </details> --- > [!IMPORTANT] > > - Check the changes in this PR to ensure they won't cause issues with your project. > - Max score is 1000. Note that the real score may have changed since the PR was raised. > - This PR was automatically created by Snyk using the credentials of a real user. > - Some vulnerabilities couldn't be fully fixed and so Snyk will still find them when the project is tested again. This may be because the vulnerability existed within more than one direct dependency, but not all of the affected dependencies could be upgraded. --- **Note:** _You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs._ For more information: <img src="https://api.segment.io/v1/pixel/track?data=eyJ3cml0ZUtleSI6InJyWmxZcEdHY2RyTHZsb0lYd0dUcVg4WkFRTnNCOUEwIiwiYW5vbnltb3VzSWQiOiJmYTY2ZGUwOC03MzVhLTRlOWQtOWM3Yy1jYTFiNDI3NGYwZDMiLCJldmVudCI6IlBSIHZpZXdlZCIsInByb3BlcnRpZXMiOnsicHJJZCI6ImZhNjZkZTA4LTczNWEtNGU5ZC05YzdjLWNhMWI0Mjc0ZjBkMyJ9fQ==" width="0" height="0"/> 🧐 [View latest project report](https://app.snyk.io/org/luketainton/project/9c954cb9-66af-4f3b-a3f6-d4b78f3034b2?utm_source=github&utm_medium=referral&page=fix-pr) 📜 [Customise PR templates](https://docs.snyk.io/scan-using-snyk/pull-requests/snyk-fix-pull-or-merge-requests/customize-pr-templates?utm_source=github&utm_content=fix-pr-template) 🛠 [Adjust project settings](https://app.snyk.io/org/luketainton/project/9c954cb9-66af-4f3b-a3f6-d4b78f3034b2?utm_source=github&utm_medium=referral&page=fix-pr/settings) 📚 [Read about Snyk's upgrade logic](https://docs.snyk.io/scan-with-snyk/snyk-open-source/manage-vulnerabilities/upgrade-package-versions-to-fix-vulnerabilities?utm_source=github&utm_content=fix-pr-template) --- **Learn how to fix vulnerabilities with free interactive lessons:** 🦉 [Learn about vulnerability in an interactive lesson of Snyk Learn.](https://learn.snyk.io/?loc=fix-pr) [//]: # 'snyk:metadata:{"customTemplate":{"variablesUsed":[],"fieldsUsed":[]},"dependencies":[{"name":"jinja2","from":"3.1.5","to":"3.1.6"}],"env":"prod","issuesToFix":["SNYK-PYTHON-JINJA2-9292516","SNYK-PYTHON-JINJA2-9292516","SNYK-PYTHON-JINJA2-9292516"],"prId":"fa66de08-735a-4e9d-9c7c-ca1b4274f0d3","prPublicId":"fa66de08-735a-4e9d-9c7c-ca1b4274f0d3","packageManager":"pip","priorityScoreList":[76],"projectPublicId":"9c954cb9-66af-4f3b-a3f6-d4b78f3034b2","projectUrl":"https://app.snyk.io/org/luketainton/project/9c954cb9-66af-4f3b-a3f6-d4b78f3034b2?utm_source=github&utm_medium=referral&page=fix-pr","prType":"fix","templateFieldSources":{"branchName":"default","commitMessage":"default","description":"default","title":"default"},"templateVariants":["updated-fix-title","pr-warning-shown","priorityScore"],"type":"auto","upgrade":[],"vulns":["SNYK-PYTHON-JINJA2-9292516"],"patch":[],"isBreakingChange":false,"remediationStrategy":"vuln"}'

luketainton commented

2025-03-06 08:53:14 +01:00

(Migrated from github.com)

🎉 Snyk checks have passed. No issues have been found so far.

✅ security/snyk check is complete. No issues have been found. (View Details)

![](https://res.cloudinary.com/snyk/image/upload/r-d/scm-platform/snyk-pull-requests/pr-banner-default.svg) ### :tada: **Snyk checks have passed. No issues have been found so far.** :white_check_mark: **security/snyk** check is complete. No issues have been found. [(View Details)](https://app.snyk.io/org/luketainton/pr-checks/539a039e-bbce-4ab0-b7a4-0d5e183d40c4?refs=e37646a688e6764b9460eafd46591931b10a6632&source=prChecksComment)

sonarqubecloud[bot] commented

2025-03-06 08:54:13 +01:00

(Migrated from github.com)

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

## [![Quality Gate Passed](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/checks/QualityGateBadge/qg-passed-20px.png 'Quality Gate Passed')](https://sonarcloud.io/dashboard?id=luketainton_epage&pullRequest=125) **Quality Gate passed** Issues ![](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/common/passed-16px.png '') [0 New issues](https://sonarcloud.io/project/issues?id=luketainton_epage&pullRequest=125&issueStatuses=OPEN,CONFIRMED&sinceLeakPeriod=true) ![](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/common/accepted-16px.png '') [0 Accepted issues](https://sonarcloud.io/project/issues?id=luketainton_epage&pullRequest=125&issueStatuses=ACCEPTED) Measures ![](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/common/passed-16px.png '') [0 Security Hotspots](https://sonarcloud.io/project/security_hotspots?id=luketainton_epage&pullRequest=125&issueStatuses=OPEN,CONFIRMED&sinceLeakPeriod=true) ![](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/common/passed-16px.png '') [0.0% Coverage on New Code](https://sonarcloud.io/component_measures?id=luketainton_epage&pullRequest=125&metric=new_coverage&view=list) ![](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/common/passed-16px.png '') [0.0% Duplication on New Code](https://sonarcloud.io/component_measures?id=luketainton_epage&pullRequest=125&metric=new_duplicated_lines_density&view=list) [See analysis details on SonarQube Cloud](https://sonarcloud.io/dashboard?id=luketainton_epage&pullRequest=125)

luke approved these changes 2025-03-27 21:16:12 +01:00

luke merged commit e37646a688 into main

2025-03-27 21:16:18 +01:00

luke deleted branch snyk-fix-4f4b6f239e074407fb3c5e97e88ed999

2025-03-27 21:16:22 +01:00

Sign in to join this conversation.

1 Participants

Notifications

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: repos/epage#125