Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[TECH DEBT] bump jinja2 version to 3.1.5 #67128

Open
bmckerry opened this issue Jan 6, 2025 · 1 comment
Open

[TECH DEBT] bump jinja2 version to 3.1.5 #67128

bmckerry opened this issue Jan 6, 2025 · 1 comment
Labels
tech-debt

Comments

@bmckerry
Copy link

bmckerry commented Jan 6, 2025

Description of the tech debt to be addressed, include links and screenshots

Jinja2 released 3.1.5 which fixes GHSA-q2x7-8rv6-6q7h and GHSA-gmj6-6f8f-6699 among other security fixes (see jinja2's releases). Salt 3007.1 Darwin has a direct dependency on jinja2==3.1.4 (here) so we can't upgrade our environment. Could the salt required jinja2 version be bumped (or alternatively not rely on a pinned minor version)?

Versions Report

% salt --versions-report
Salt Version:
          Salt: 3007.1

Python Version:
        Python: 3.11.6 (main, Oct  2 2023, 20:31:07) [Clang 16.0.3 ]

Dependency Versions:
          cffi: 1.16.0
      cherrypy: unknown
      dateutil: 2.8.2
     docker-py: Not Installed
         gitdb: Not Installed
     gitpython: Not Installed
        Jinja2: 3.1.4
       libgit2: Not Installed
  looseversion: 1.3.0
      M2Crypto: Not Installed
          Mako: Not Installed
       msgpack: 1.0.7
  msgpack-pure: Not Installed
  mysql-python: Not Installed
     packaging: 23.1
     pycparser: 2.21
      pycrypto: Not Installed
  pycryptodome: 3.19.1
        pygit2: Not Installed
  python-gnupg: 0.5.2
        PyYAML: 6.0.1
         PyZMQ: 25.1.2
        relenv: Not Installed
         smmap: Not Installed
       timelib: 0.3.0
       Tornado: 6.3.3
           ZMQ: 4.3.4

Salt Package Information:
  Package Type: Not Installed

System Versions:
          dist: darwin 23.6.0
        locale: utf-8
       machine: arm64
       release: 23.6.0
        system: Darwin
       version: 14.7 arm64
@welcome Welcome
Copy link

welcome bot commented Jan 6, 2025

Hi there! Welcome to the Salt Community! Thank you for making your first contribution. We have a lengthy process for issues and PRs. Someone from the Core Team will follow up as soon as possible. In the meantime, here’s some information that may help as you continue your Salt journey.
Please be sure to review our Code of Conduct. Also, check out some of our community resources including:

There are lots of ways to get involved in our community. Every month, there are around a dozen opportunities to meet with other contributors and the Salt Core team and collaborate in real time. The best way to keep track is by subscribing to the Salt Community Events Calendar.
If you have additional questions, email us at [email protected]. We’re glad you’ve joined our community and look forward to doing awesome things with you!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
tech-debt
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@bmckerry