From 459c58504a619542b658ada08c597f12a74608f4 Mon Sep 17 00:00:00 2001
From: tlento <tom@transformdata.io>
Date: Mon, 26 Feb 2024 17:02:14 -0800
Subject: [PATCH] Update Jinja2 dependency to >= 3.1.3

Due to a security vulnerability in Jinja2 (refer to details on
CVE-2024-22195 at https://github.com/advisories/GHSA-h5c8-rqwp-cp95)
we must update to 3.1.3 or later.
---
 .changes/unreleased/Dependencies-20240226-171347.yaml | 6 ++++++
 pyproject.toml                                        | 2 +-
 2 files changed, 7 insertions(+), 1 deletion(-)
 create mode 100644 .changes/unreleased/Dependencies-20240226-171347.yaml

diff --git a/.changes/unreleased/Dependencies-20240226-171347.yaml b/.changes/unreleased/Dependencies-20240226-171347.yaml
new file mode 100644
index 0000000000..5434c7b5df
--- /dev/null
+++ b/.changes/unreleased/Dependencies-20240226-171347.yaml
@@ -0,0 +1,6 @@
+kind: Dependencies
+body: Update Jinja2 past 3.1.3 to resolve CVE-2024-22195
+time: 2024-02-26T17:13:47.285191-08:00
+custom:
+  Author: tlento
+  Issue: "1049"
diff --git a/pyproject.toml b/pyproject.toml
index 41180c8f39..6ce618ec44 100644
--- a/pyproject.toml
+++ b/pyproject.toml
@@ -25,7 +25,7 @@ classifiers = [
   "Programming Language :: Python :: Implementation :: PyPy",
 ]
 dependencies = [
-  "Jinja2>=2.11.3",
+  "Jinja2>=3.1.3",
   "PyYAML~=6.0",
   "click>=7.1.2",
   "dbt-core~=1.7.0",