From a86ae5fd020b858e8b8429573e1d9a39d2c75762 Mon Sep 17 00:00:00 2001
From: tlento <tom@transformdata.io>
Date: Thu, 15 Feb 2024 12:42:32 -0800
Subject: [PATCH] Update Jinja2 to >= 3.1.3 to address CVE-2024-22195

We received a dependabot alert notifying us of this vulnerability.
See https://github.com/dbt-labs/dbt-semantic-interfaces/security/dependabot/1

Dependabot thought this had been fixed in a different PR, but
that was a false positive. This commit makes the relevant update.
---
 .changes/unreleased/Security-20240215-124558.yaml | 6 ++++++
 pyproject.toml                                    | 2 +-
 2 files changed, 7 insertions(+), 1 deletion(-)
 create mode 100644 .changes/unreleased/Security-20240215-124558.yaml

diff --git a/.changes/unreleased/Security-20240215-124558.yaml b/.changes/unreleased/Security-20240215-124558.yaml
new file mode 100644
index 00000000..16719a9b
--- /dev/null
+++ b/.changes/unreleased/Security-20240215-124558.yaml
@@ -0,0 +1,6 @@
+kind: Security
+body: Update Jinja2 to >= 3.1.3 to address CVE-2024-22195
+time: 2024-02-15T12:45:58.899493-08:00
+custom:
+  Author: tlento
+  PR: "264"
diff --git a/pyproject.toml b/pyproject.toml
index a468b3dd..531d7026 100644
--- a/pyproject.toml
+++ b/pyproject.toml
@@ -26,7 +26,7 @@ dependencies = [
   "jsonschema>=4.0,<5",
   "PyYAML>=6.0,<7",
   "more-itertools>=8.0,<11.0",
-  "Jinja2>=3.0,<4",
+  "Jinja2>=3.1.3,<4",
   "click>=7.0,<9.0",
   "python-dateutil>=2.0,<3",
   "importlib_metadata>=6.0,<7",