From b5bc85e639c27bf7d25c6bcdcfa69bfdabe94058 Mon Sep 17 00:00:00 2001 From: Alan Rominger Date: Tue, 11 Mar 2025 10:45:37 -0400 Subject: [PATCH] AAP-41692 [4.6] Update jinja2 for CVE (#6881) * Initial bump of jinja2 lib * Run updater script --- requirements/requirements.in | 2 +- requirements/requirements.txt | 7 ++++++- 2 files changed, 7 insertions(+), 2 deletions(-) diff --git a/requirements/requirements.in b/requirements/requirements.in index b7c72e4b30..4bfd3368cd 100644 --- a/requirements/requirements.in +++ b/requirements/requirements.in @@ -32,7 +32,7 @@ filelock GitPython>=3.1.37 # CVE-2023-41040 grpcio>=1.68.0 # CVE-2024-11407 irc -jinja2>=3.1.5 # CVE-2024-56201 +jinja2>=3.1.6 # CVE-2025-27516 JSON-log-formatter jsonschema Markdown # used for formatting API help diff --git a/requirements/requirements.txt b/requirements/requirements.txt index baa41e8ef1..08e3ad92a8 100644 --- a/requirements/requirements.txt +++ b/requirements/requirements.txt @@ -30,6 +30,7 @@ asgiref==3.7.2 # channels-redis # daphne # django + # django-ansible-base # django-cors-headers asn1==2.7.0 # via -r /awx_devel/requirements/requirements.in @@ -262,7 +263,7 @@ jaraco-text==3.12.0 # via # irc # jaraco-collections -jinja2==3.1.5 +jinja2==3.1.6 # via -r /awx_devel/requirements/requirements.in jmespath==1.0.1 # via @@ -416,6 +417,7 @@ pygerduty==0.38.3 pyjwt[crypto]==2.8.0 # via # adal + # django-ansible-base # msal # social-auth-core # twilio @@ -478,6 +480,7 @@ requests==2.32.3 # -r /awx_devel/requirements/requirements.in # adal # azure-core + # django-ansible-base # django-oauth-toolkit # kubernetes # msal @@ -537,6 +540,7 @@ sqlparse==0.5.0 # via # -r /awx_devel/requirements/requirements.in # django + # django-ansible-base tacacs-plus==1.0 # via -r /awx_devel/requirements/requirements.in tempora==5.5.1 @@ -576,6 +580,7 @@ urllib3==1.26.20 # via # -r /awx_devel/requirements/requirements.in # botocore + # django-ansible-base # kubernetes # requests uwsgi==2.0.28