Message ID | 20240506212230.2948754-1-trini@konsulko.com |
---|---|
State | Accepted |
Commit | 2ee6f3a5f7550de3599faef9704e166e5dcace35 |
Delegated to: | Heinrich Schuchardt |
Headers | show |
Series | doc/sphinx: Bump Jinja2 to 3.1.4 | expand |
On 5/6/24 23:22, Tom Rini wrote: > While we unlikely to have an issue with CVE-2024-22195, it is simple > enough to bump our version of Jinja2 to receive the fix, do so. > > Reported-by: GitHub dependabot > Signed-off-by: Tom Rini <trini@konsulko.com> Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> Hello tom, My review queue is rather empty. Do you want to pick up this patch directly? Best regards Heinrich > --- > doc/sphinx/requirements.txt | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/doc/sphinx/requirements.txt b/doc/sphinx/requirements.txt > index 5b4df36804b5..426f41e1a028 100644 > --- a/doc/sphinx/requirements.txt > +++ b/doc/sphinx/requirements.txt > @@ -5,7 +5,7 @@ charset-normalizer==3.3.2 > docutils==0.20.1 > idna==3.7 > imagesize==1.4.1 > -Jinja2==3.1.3 > +Jinja2==3.1.4 > MarkupSafe==2.1.3 > packaging==23.2 > Pygments==2.17.2
On Fri, May 10, 2024 at 11:32:10AM +0200, Heinrich Schuchardt wrote: > On 5/6/24 23:22, Tom Rini wrote: > > While we unlikely to have an issue with CVE-2024-22195, it is simple > > enough to bump our version of Jinja2 to receive the fix, do so. > > > > Reported-by: GitHub dependabot > > Signed-off-by: Tom Rini <trini@konsulko.com> > > Tested-by: Heinrich Schuchardt <xypron.glpk@gmx.de> > > Hello tom, > > My review queue is rather empty. Do you want to pick up this patch directly? OK.
On Mon, 06 May 2024 15:22:30 -0600, Tom Rini wrote: > While we unlikely to have an issue with CVE-2024-22195, it is simple > enough to bump our version of Jinja2 to receive the fix, do so. > > Applied to u-boot/master, thanks!
diff --git a/doc/sphinx/requirements.txt b/doc/sphinx/requirements.txt index 5b4df36804b5..426f41e1a028 100644 --- a/doc/sphinx/requirements.txt +++ b/doc/sphinx/requirements.txt @@ -5,7 +5,7 @@ charset-normalizer==3.3.2 docutils==0.20.1 idna==3.7 imagesize==1.4.1 -Jinja2==3.1.3 +Jinja2==3.1.4 MarkupSafe==2.1.3 packaging==23.2 Pygments==2.17.2
While we unlikely to have an issue with CVE-2024-22195, it is simple enough to bump our version of Jinja2 to receive the fix, do so. Reported-by: GitHub dependabot Signed-off-by: Tom Rini <trini@konsulko.com> --- doc/sphinx/requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)