From 5b2f3f74782bc18a7cd916d94f8fd5cee7350b80 Mon Sep 17 00:00:00 2001 From: brandon s allbery kf8nh Date: Tue, 16 Jan 2024 12:11:46 -0500 Subject: [PATCH 1/2] update jinja2 per CVE-2024-22195 (cherry picked from commit f1908283c214d9459948b48a226a3fb92821dbae) # Conflicts: # doc/requirements.in # doc/requirements.txt --- doc/requirements.in | 9 +++++++++ doc/requirements.txt | 8 ++++++++ 2 files changed, 17 insertions(+) diff --git a/doc/requirements.in b/doc/requirements.in index df0b2f34d80..9d7568e3c63 100644 --- a/doc/requirements.in +++ b/doc/requirements.in @@ -4,5 +4,14 @@ sphinx-jsonschema sphinxnotes-strike # Pygments>=2.7.4 suggested by CVE-2021-20270 CVE-2021-27291 Pygments >= 2.7.4 +<<<<<<< HEAD # Suggested by dependabot in https://github.com/haskell/cabal/pull/8807 certifi >= 2022.12.7 +======= +# CVE-2023-37920 +certifi >= 2023.07.22 +# CVE-2023-45803 +urllib3 >= 2.0.7 +# CVE-2024-22195 +jinja2 == 3.1.3 +>>>>>>> f1908283c (update jinja2 per CVE-2024-22195) diff --git a/doc/requirements.txt b/doc/requirements.txt index 441ab0baab0..6f396792aa9 100644 --- a/doc/requirements.txt +++ b/doc/requirements.txt @@ -23,9 +23,17 @@ idna==2.10 # via requests imagesize==1.4.1 # via sphinx +<<<<<<< HEAD jinja2==3.1.2 # via sphinx jsonpointer==2.1 +======= +jinja2==3.1.3 + # via + # -r requirements.in + # sphinx +jsonpointer==2.3 +>>>>>>> f1908283c (update jinja2 per CVE-2024-22195) # via sphinx-jsonschema markupsafe==2.1.2 # via jinja2 From 8fa3eae08728b5df3e770e3577dd32c629dbc845 Mon Sep 17 00:00:00 2001 From: brandon s allbery kf8nh Date: Thu, 18 Jan 2024 18:09:40 -0500 Subject: [PATCH 2/2] fix conflicts --- doc/requirements.in | 5 ----- doc/requirements.txt | 6 ------ 2 files changed, 11 deletions(-) diff --git a/doc/requirements.in b/doc/requirements.in index 9d7568e3c63..c8a3a7692a2 100644 --- a/doc/requirements.in +++ b/doc/requirements.in @@ -4,14 +4,9 @@ sphinx-jsonschema sphinxnotes-strike # Pygments>=2.7.4 suggested by CVE-2021-20270 CVE-2021-27291 Pygments >= 2.7.4 -<<<<<<< HEAD -# Suggested by dependabot in https://github.com/haskell/cabal/pull/8807 -certifi >= 2022.12.7 -======= # CVE-2023-37920 certifi >= 2023.07.22 # CVE-2023-45803 urllib3 >= 2.0.7 # CVE-2024-22195 jinja2 == 3.1.3 ->>>>>>> f1908283c (update jinja2 per CVE-2024-22195) diff --git a/doc/requirements.txt b/doc/requirements.txt index 6f396792aa9..b9cddab40e4 100644 --- a/doc/requirements.txt +++ b/doc/requirements.txt @@ -23,17 +23,11 @@ idna==2.10 # via requests imagesize==1.4.1 # via sphinx -<<<<<<< HEAD -jinja2==3.1.2 - # via sphinx -jsonpointer==2.1 -======= jinja2==3.1.3 # via # -r requirements.in # sphinx jsonpointer==2.3 ->>>>>>> f1908283c (update jinja2 per CVE-2024-22195) # via sphinx-jsonschema markupsafe==2.1.2 # via jinja2