Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

update jinja2 per CVE-2024-34064 #10030

Merged
merged 1 commit into from
May 20, 2024
Merged

update jinja2 per CVE-2024-34064 #10030

merged 1 commit into from
May 20, 2024

Conversation

geekosaur
Copy link
Collaborator

Template B: This PR does not modify behaviour or interface

E.g. the PR only touches documentation or tests, does refactorings, etc.

Include the following checklist in your PR:

  • Patches conform to the coding conventions.
  • Is this a PR that fixes CI? If so, it will need to be backported to older cabal release branches (ask maintainers for directions).

ffaf1
ffaf1 approved these changes May 18, 2024
View reviewed changes
Copy link
Collaborator

@ffaf1 ffaf1 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks.

Future work: on the top of requirements.txt I read:

# This file is autogenerated by pip-compile with Python 3.11
# by the following command:

I wonder whether we can axe it from version control so we have just one file where to bump dependencies.

@geekosaur
Copy link
Collaborator Author

It'll take a little work since currently the RTD run doesn't depend on anything else, but we'll need to make sure it runs after the file has been generated.

ulysses4ever
ulysses4ever approved these changes May 18, 2024
View reviewed changes
Copy link
Collaborator

@ulysses4ever ulysses4ever left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Bless your heart! 🙏

@geekosaur geekosaur added the merge me Tell Mergify Bot to merge label May 18, 2024
geekosaur added a commit to geekosaur/cabal that referenced this pull request May 18, 2024
@geekosaur
generate doc/requirements.txt
19dcccd 
As suggested in haskell#10030 (review)
@geekosaur geekosaur mentioned this pull request May 18, 2024
Merged
2 tasks
geekosaur added a commit to geekosaur/cabal that referenced this pull request May 18, 2024
@geekosaur
generate doc/requirements.txt
aaf052e 
As suggested in haskell#10030 (review)
geekosaur added a commit to geekosaur/cabal that referenced this pull request May 18, 2024
@geekosaur
generate doc/requirements.txt
5aed7e8 
As suggested in haskell#10030 (review)
geekosaur added a commit to geekosaur/cabal that referenced this pull request May 18, 2024
@geekosaur
generate doc/requirements.txt
2f8fa62 
As suggested in haskell#10030 (review)
geekosaur added a commit to geekosaur/cabal that referenced this pull request May 18, 2024
@geekosaur
generate doc/requirements.txt
7dd9d50 
As suggested in haskell#10030 (review)
geekosaur added a commit to geekosaur/cabal that referenced this pull request May 18, 2024
@geekosaur
generate doc/requirements.txt
2aca7c4 
As suggested in haskell#10030 (review)
geekosaur added a commit to geekosaur/cabal that referenced this pull request May 18, 2024
@geekosaur
generate doc/requirements.txt
a4ad174 
As suggested in haskell#10030 (review)
geekosaur added a commit to geekosaur/cabal that referenced this pull request May 18, 2024
@geekosaur
generate doc/requirements.txt
17bc8c1 
As suggested in haskell#10030 (review)
geekosaur added a commit to geekosaur/cabal that referenced this pull request May 18, 2024
@geekosaur
generate doc/requirements.txt
74c7a40 
As suggested in haskell#10030 (review)
geekosaur added a commit to geekosaur/cabal that referenced this pull request May 19, 2024
@geekosaur
generate doc/requirements.txt
d0205af 
As suggested in haskell#10030 (review)
@mergify mergify bot added the merge delay passed Applied (usually by Mergify) when PR approved and received no updates for 2 days label May 20, 2024
@mergify mergify bot merged commit 4072eb8 into haskell:master May 20, 2024
14 checks passed
@geekosaur
Copy link
Collaborator Author

So do we want to backport this? Also, given we just got another one, I'm wondering if #10031 should be backported after all.

@ffaf1
Copy link
Collaborator

ffaf1 commented May 21, 2024

@mergify backport 3.12

@mergify Mergify
Copy link
Contributor

mergify bot commented May 21, 2024
edited
Loading

backport 3.12

✅ Backports have been created

@mergify mergify bot mentioned this pull request May 21, 2024
Merged
2 tasks
mergify bot added a commit that referenced this pull request May 21, 2024
@mergify
Merge pull request #10038 from haskell/mergify/bp/3.12/pr-10030
934f084 
update jinja2 per CVE-2024-34064 (backport #10030)
geekosaur added a commit to geekosaur/cabal that referenced this pull request May 21, 2024
@geekosaur
generate doc/requirements.txt
12e228c 
As suggested in haskell#10030 (review)
geekosaur added a commit to geekosaur/cabal that referenced this pull request May 21, 2024
@geekosaur
generate doc/requirements.txt
23e9c1a 
As suggested in haskell#10030 (review)
mergify bot pushed a commit that referenced this pull request May 21, 2024
@geekosaur
generate doc/requirements.txt (#10031)
2658ac6 
* generate doc/requirements.txt

As suggested in #10030 (review)

* generate doc/requirements.txt

As suggested in #10030 (review)
mergify bot pushed a commit that referenced this pull request May 21, 2024
@geekosaur @mergify
generate doc/requirements.txt (#10031)
8d4f7ce 
* generate doc/requirements.txt

As suggested in #10030 (review)

* generate doc/requirements.txt

As suggested in #10030 (review)

(cherry picked from commit 2658ac6)
@mergify mergify bot mentioned this pull request May 21, 2024
Merged
2 tasks
Mikolaj pushed a commit that referenced this pull request May 22, 2024
@geekosaur @Mikolaj
generate doc/requirements.txt (#10031)
6ad3d94 
* generate doc/requirements.txt

As suggested in #10030 (review)

* generate doc/requirements.txt

As suggested in #10030 (review)

(cherry picked from commit 2658ac6)
wismill pushed a commit to wismill/cabal that referenced this pull request May 26, 2024
@geekosaur @wismill
generate doc/requirements.txt (haskell#10031)
f17e6c4 
* generate doc/requirements.txt

As suggested in haskell#10030 (review)

* generate doc/requirements.txt

As suggested in haskell#10030 (review)
wismill pushed a commit to wismill/cabal that referenced this pull request May 27, 2024
@geekosaur @wismill
generate doc/requirements.txt (haskell#10031)
dce676e 
* generate doc/requirements.txt

As suggested in haskell#10030 (review)

* generate doc/requirements.txt

As suggested in haskell#10030 (review)
@geekosaur geekosaur deleted the cve-2024-34064 branch July 18, 2024 03:38
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ffaf1 ffaf1 ffaf1 approved these changes

@ulysses4ever ulysses4ever ulysses4ever approved these changes

Assignees
No one assigned
Labels
merge delay passed Applied (usually by Mergify) when PR approved and received no updates for 2 days merge me Tell Mergify Bot to merge
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@geekosaur @ffaf1 @ulysses4ever @Mikolaj