Bump jinja2 from 3.1.4 to 3.1.5 in /scripts/copy_from_upstream in the pip group #2036

dependabot · 2025-01-08T20:36:13Z

Bumps the pip group in /scripts/copy_from_upstream with 1 update: jinja2.

Updates jinja2 from 3.1.4 to 3.1.5

Release notes

3.1.5

This is the Jinja 3.1.5 security fix release, which fixes security issues and bugs but does not otherwise change behavior and should not result in breaking changes compared to the latest feature release.

PyPI: https://pypi.org/project/Jinja2/3.1.5/ Changes: https://jinja.palletsprojects.com/changes/#version-3-1-5 Milestone: https://github.com/pallets/jinja/milestone/16?closed=1

The sandboxed environment handles indirect calls to str.format, such as by passing a stored reference to a filter that calls its argument. GHSA-q2x7-8rv6-6q7h

Escape template name before formatting it into error messages, to avoid issues with names that contain f-string syntax. #1792, GHSA-gmj6-6f8f-6699

Sandbox does not allow clear and pop on known mutable sequence types. #2032

Calling sync render for an async template uses asyncio.run. #1952

Avoid unclosed auto_aiter warnings. #1960

Return an aclose-able AsyncGenerator from Template.generate_async. #1960

Avoid leaving root_render_func() unclosed in Template.generate_async. #1960

Avoid leaving async generators unclosed in blocks, includes and extends. #1960

The runtime uses the correct concat function for the current environment when calling block references. #1701

Make |unique async-aware, allowing it to be used after another async-aware filter. #1781

|int filter handles OverflowError from scientific notation. #1921

Make compiling deterministic for tuple unpacking in a {% set ... %} call. #2021

Fix dunder protocol (copy/pickle/etc) interaction with Undefined objects. #2025

Fix copy/pickle support for the internal missing object. #2027

Environment.overlay(enable_async) is applied correctly. #2061

The error message from FileSystemLoader includes the paths that were searched. #1661

PackageLoader shows a clearer error message when the package does not contain the templates directory. #1705

Improve annotations for methods returning copies. #1880

urlize does not add mailto: to values like @a@b. #1870

Tests decorated with @pass_context can be used with the |select filter. #1624

Using set for multiple assignment (a, b = 1, 2) does not fail when the target is a namespace attribute. #1413

Using set in all branches of {% if %}{% elif %}{% else %} blocks does not cause the variable to be considered initially undefined. #1253

Changelog

Sourced from jinja2's changelog.

Version 3.1.5

Released 2024-12-21

The sandboxed environment handles indirect calls to str.format, such as by passing a stored reference to a filter that calls its argument. :ghsa:q2x7-8rv6-6q7h

Escape template name before formatting it into error messages, to avoid issues with names that contain f-string syntax. :issue:1792, :ghsa:gmj6-6f8f-6699

Sandbox does not allow clear and pop on known mutable sequence types. :issue:2032

Calling sync render for an async template uses asyncio.run. :pr:1952

Avoid unclosed auto_aiter warnings. :pr:1960

Return an aclose-able AsyncGenerator from Template.generate_async. :pr:1960

Avoid leaving root_render_func() unclosed in Template.generate_async. :pr:1960

Avoid leaving async generators unclosed in blocks, includes and extends. :pr:1960

The runtime uses the correct concat function for the current environment when calling block references. :issue:1701

Make |unique async-aware, allowing it to be used after another async-aware filter. :issue:1781

|int filter handles OverflowError from scientific notation. :issue:1921

Make compiling deterministic for tuple unpacking in a {% set ... %} call. :issue:2021

Fix dunder protocol (copy/pickle/etc) interaction with Undefined objects. :issue:2025

Fix copy/pickle support for the internal missing object. :issue:2027

Environment.overlay(enable_async) is applied correctly. :pr:2061

The error message from FileSystemLoader includes the paths that were searched. :issue:1661

PackageLoader shows a clearer error message when the package does not contain the templates directory. :issue:1705

Improve annotations for methods returning copies. :pr:1880

urlize does not add mailto: to values like @a@b. :pr:1870

Tests decorated with @pass_context`` can be used with the ``|select`` filter. :issue:1624`

Using set for multiple assignment (a, b = 1, 2) does not fail when the target is a namespace attribute. :issue:1413

Using set in all branches of {% if %}{% elif %}{% else %} blocks does not cause the variable to be considered initially undefined. :issue:1253

Commits

877f6e5 release version 3.1.5
8d58859 remove test pypi
eda8fe8 update dev dependencies
c8fdce1 Fix bug involving calling set on a template parameter within all branches of ...
66587ce Fix bug where set would sometimes fail within if
fbc3a69 Add support for namespaces in tuple parsing (#1664)
b8f4831 more comments about nsref assignment
ee83219 Add support for namespaces in tuple assignment
1d55cdd Triple quotes in docs (#2064)
8a8eafc edit block assignment section
Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot merge will merge this PR after your CI passes on it
@dependabot squash and merge will squash and merge this PR after your CI passes on it
@dependabot cancel merge will cancel a previously requested merge and block automerging
@dependabot reopen will reopen this PR if it is closed
@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
@dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
@dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
@dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
@dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
@dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
@dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions
You can disable automated security fix PRs for this repo from the Security Alerts page.

Bumps the pip group in /scripts/copy_from_upstream with 1 update: [jinja2](https://github.com/pallets/jinja). Updates `jinja2` from 3.1.4 to 3.1.5 - [Release notes](https://github.com/pallets/jinja/releases) - [Changelog](https://github.com/pallets/jinja/blob/main/CHANGES.rst) - [Commits](pallets/jinja@3.1.4...3.1.5) --- updated-dependencies: - dependency-name: jinja2 dependency-type: direct:production dependency-group: pip ... Signed-off-by: dependabot[bot] <[email protected]>

praveksharma

I'm not sure how to verify the updated hash but pip install -r requirements.txt installs the correct Jinja2 version for me.

…ntum-safe#2036) Bumps the pip group in /scripts/copy_from_upstream with 1 update: [jinja2](https://github.com/pallets/jinja). Updates `jinja2` from 3.1.4 to 3.1.5 - [Release notes](https://github.com/pallets/jinja/releases) - [Changelog](https://github.com/pallets/jinja/blob/main/CHANGES.rst) - [Commits](pallets/jinja@3.1.4...3.1.5) --- updated-dependencies: - dependency-name: jinja2 dependency-type: direct:production dependency-group: pip ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Pablo Gutiérrez <pablogf@MSI.>

…ntum-safe#2036) Bumps the pip group in /scripts/copy_from_upstream with 1 update: [jinja2](https://github.com/pallets/jinja). Updates `jinja2` from 3.1.4 to 3.1.5 - [Release notes](https://github.com/pallets/jinja/releases) - [Changelog](https://github.com/pallets/jinja/blob/main/CHANGES.rst) - [Commits](pallets/jinja@3.1.4...3.1.5) --- updated-dependencies: - dependency-name: jinja2 dependency-type: direct:production dependency-group: pip ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Pablo Gutiérrez <pablogf@MSI.> Signed-off-by: Pablo Gutiérrez <[email protected]>

* Bump jinja2 in /scripts/copy_from_upstream in the pip group (#2036) Bumps the pip group in /scripts/copy_from_upstream with 1 update: [jinja2](https://github.com/pallets/jinja). Updates `jinja2` from 3.1.4 to 3.1.5 - [Release notes](https://github.com/pallets/jinja/releases) - [Changelog](https://github.com/pallets/jinja/blob/main/CHANGES.rst) - [Commits](pallets/jinja@3.1.4...3.1.5) --- updated-dependencies: - dependency-name: jinja2 dependency-type: direct:production dependency-group: pip ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Pablo Gutiérrez <pablogf@MSI.> Signed-off-by: Pablo Gutiérrez <[email protected]> * Avoid unresolved symbols from libcrypto when compiled with OQS_DLOPEN_OPENSSL (#2043) * Do not assume OpenSSL memory functions when libcrypto is dlopened Otherwise, when the OQS_DLOPEN_OPENSSL is defined but OpenSSL is used only partially, e.g., with OQS_USE_SHA3_OPENSSL=ON, there will be some unresolved symbols in the final artifact: ``` $ cmake -GNinja -DBUILD_SHARED_LIBS=ON -DOQS_USE_AES_OPENSSL=ON -DOQS_USE_AES_INSTRUCTIONS=OFF -DOQS_DIST_BUILD=ON -DOQS_USE_SHA3_OPENSSL=ON -DOQS_DLOPEN_OPENSSL=ON -DCMAKE_BUILD_TYPE=Debug -LAH .. $ ninja $ nm -g lib/liboqs.so.0.12.1-dev | grep '^[[:space:]]*U ' U __assert_fail@GLIBC_2.2.5 U CRYPTO_free U CRYPTO_malloc U dlopen@GLIBC_2.34 U dlsym@GLIBC_2.34 ``` Signed-off-by: Daiki Ueno <[email protected]> * Wrap OpenSSL memory functions with OSSL_FUNC This enables those OpenSSL memory functions can be either resolved at build time or at run-time through dlopen. Note that we use CRYPTO_* functions instead of OPENSSL_* as the latter are defined as a macro and cannot be dynamically resolved. Signed-off-by: Daiki Ueno <[email protected]> --------- Signed-off-by: Daiki Ueno <[email protected]> Signed-off-by: Pablo Gutiérrez <pablogf@MSI.> Signed-off-by: Pablo Gutiérrez <[email protected]> * Added sig_stfl.h path to .Doxyfile INPUT setting Signed-off-by: Pablo Gutiérrez <[email protected]> * added sig_stfl path to .Doxyfile INPUT setting Signed-off-by: Pablo Gutiérrez <[email protected]> * Update to public Ubuntu 24.04 ARM runner [full tests] (#2050) Signed-off-by: Spencer Wilson <[email protected]> Signed-off-by: Pablo Gutiérrez <[email protected]> * Added Doxygen comments of algorithm identifiers until XMSSMT Signed-off-by: Pablo Gutiérrez <[email protected]> * commit Signed-off-by: Pablo Gutiérrez <[email protected]> * NVIDIA: Adding cuPQC as a backend for ML-KEM. (#2044) * Adding cuPQC as a backend for ML-KEM. Signed-off-by: Steven Reeves <[email protected]> * Fixing transposition error that left out OQS_USE_CUPQC in CMake system. Signed-off-by: Steven Reeves <[email protected]> * Add CMake dependent options for cupqc. Fixed formatting in kem_ml_kem_####.c and kem/family/kem_scheme.c Signed-off-by: Steven Reeves <[email protected]> * Move cupqc_ml-kem source files to correctly named dir Signed-off-by: Pravek Sharma <[email protected]> * Stop piggybacking on pqcrystals-kyber-standard and move cupqc_ml-kem metadata to separate upstream repo Signed-off-by: Pravek Sharma <[email protected]> * Update licensing information Signed-off-by: Pravek Sharma <[email protected]> * Update PLATFORMS.md Signed-off-by: Pravek Sharma <[email protected]> * Fix kem_family cmakelists template Signed-off-by: Pravek Sharma <[email protected]> * Run copy_from_upsream.py and pull updated upstream Signed-off-by: Pravek Sharma <[email protected]> * Add cupqc build test to basic.yml Signed-off-by: Pravek Sharma <[email protected]> * Move cupqc build test from basic.yml to linux.yml Signed-off-by: Pravek Sharma <[email protected]> * Fix error in linux.yml Signed-off-by: Pravek Sharma <[email protected]> * fixup! Fix error in linux.yml Signed-off-by: Pravek Sharma <[email protected]> * Redo cupqc build check Signed-off-by: Pravek Sharma <[email protected]> * Supply default CUDA arch to cupqc-buildcheck configuration stage Signed-off-by: Pravek Sharma <[email protected]> * Specify CUDAXX in cupqc-buildcheck Signed-off-by: Pravek Sharma <[email protected]> * Make cuPQC_DIR explicit in cupqc-buildcheck Signed-off-by: Pravek Sharma <[email protected]> --------- Signed-off-by: Steven Reeves <[email protected]> Signed-off-by: Pravek Sharma <[email protected]> Co-authored-by: Pravek Sharma <[email protected]> Signed-off-by: Pablo Gutiérrez <pablogf@MSI.> Signed-off-by: Pablo Gutiérrez <[email protected]> * added all algorithm identifiers Doxyfile comments for sig_stfl Signed-off-by: Pablo Gutiérrez <[email protected]> * added additional Doxygen comments to sig_stfl.h Signed-off-by: Pablo Gutiérrez <[email protected]> * fixed formatting Signed-off-by: Pablo Gutiérrez <[email protected]> * fixed return types errors Signed-off-by: Pablo Gutiérrez <[email protected]> * included sig_stfl API Doxygen documentation [full tests] Signed-off-by: Pablo Gutiérrez <[email protected]> --------- Signed-off-by: dependabot[bot] <[email protected]> Signed-off-by: Pablo Gutiérrez <pablogf@MSI.> Signed-off-by: Pablo Gutiérrez <[email protected]> Signed-off-by: Daiki Ueno <[email protected]> Signed-off-by: Spencer Wilson <[email protected]> Signed-off-by: Steven Reeves <[email protected]> Signed-off-by: Pravek Sharma <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Daiki Ueno <[email protected]> Co-authored-by: Spencer Wilson <[email protected]> Co-authored-by: Steven I Reeves <[email protected]> Co-authored-by: Pravek Sharma <[email protected]>

dependabot bot requested a review from baentsch as a code owner January 8, 2025 20:36

dependabot bot added the dependencies Pull requests that update a dependency file label Jan 8, 2025

dependabot bot requested review from bhess, alexrow and praveksharma as code owners January 8, 2025 20:36

praveksharma approved these changes Jan 8, 2025

View reviewed changes

SWilson4 approved these changes Jan 9, 2025

View reviewed changes

SWilson4 merged commit cc61cb0 into main Jan 9, 2025
77 checks passed

SWilson4 deleted the dependabot/pip/scripts/copy_from_upstream/pip-e49d2f513e branch January 9, 2025 02:28

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Bump jinja2 from 3.1.4 to 3.1.5 in /scripts/copy_from_upstream in the pip group #2036

Bump jinja2 from 3.1.4 to 3.1.5 in /scripts/copy_from_upstream in the pip group #2036

dependabot bot commented on behalf of github Jan 8, 2025

praveksharma left a comment

Bump jinja2 from 3.1.4 to 3.1.5 in /scripts/copy_from_upstream in the pip group #2036

Bump jinja2 from 3.1.4 to 3.1.5 in /scripts/copy_from_upstream in the pip group #2036

Conversation

dependabot bot commented on behalf of github Jan 8, 2025

3.1.5

Version 3.1.5

praveksharma left a comment

Choose a reason for hiding this comment