Update jinja2 requirement from >=3.1 to >=3.1.6
Open-source behavioral intelligence platform for detecting child groom
Brought to you by:
sentinel-safety
Menu
▾
▴
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show <dependency name=""> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </dependency>
#8 Update jinja2 requirement from >=3.1 to >=3.1.6
open
nobody
None
2026-04-23
2026-04-23
Anonymous
No
Originally created by: dependabot[bot]
Updates the requirements on jinja2 to permit the latest version.
Release notes
Sourced from jinja2's releases.
3.1.6
This is the Jinja 3.1.6 security release, which fixes security issues but does not otherwise change behavior and should not result in breaking changes compared to the latest feature release.
PyPI: https://pypi.org/project/Jinja2/3.1.6/ Changes: https://jinja.palletsprojects.com/en/stable/changes/#version-3-1-6
- The
|attrfilter does not bypass the environment's attribute lookup, allowing the sandbox to apply its checks. https://github.com/pallets/jinja/security/advisories/GHSA-cpwx-vrp4-4pq7
Changelog
Sourced from jinja2's changelog.
Version 3.1.6
Released 2025-03-05
- The
|attrfilter does not bypass the environment's attribute lookup, allowing the sandbox to apply its checks. :ghsa:cpwx-vrp4-4pq7Version 3.1.5
Released 2024-12-21
- The sandboxed environment handles indirect calls to
str.format, such as by passing a stored reference to a filter that calls its argument. :ghsa:q2x7-8rv6-6q7h- Escape template name before formatting it into error messages, to avoid issues with names that contain f-string syntax. :issue:
1792, :ghsa:gmj6-6f8f-6699- Sandbox does not allow
clearandpopon known mutable sequence types. :issue:2032- Calling sync
renderfor an async template usesasyncio.run. :pr:1952- Avoid unclosed
auto_aiterwarnings. :pr:1960- Return an
aclose-ableAsyncGeneratorfromTemplate.generate_async. :pr:1960- Avoid leaving
root_render_func()unclosed inTemplate.generate_async. :pr:1960- Avoid leaving async generators unclosed in blocks, includes and extends. :pr:
1960- The runtime uses the correct
concatfunction for the current environment when calling block references. :issue:1701- Make
|uniqueasync-aware, allowing it to be used after another async-aware filter. :issue:1781|intfilter handlesOverflowErrorfrom scientific notation. :issue:1921- Make compiling deterministic for tuple unpacking in a
{% set ... %}call. :issue:2021- Fix dunder protocol (
copy/pickle/etc) interaction withUndefinedobjects. :issue:2025- Fix
copy/picklesupport for the internalmissingobject. :issue:2027Environment.overlay(enable_async)is applied correctly. :pr:2061- The error message from
FileSystemLoaderincludes the paths that were searched. :issue:1661PackageLoadershows a clearer error message when the package does not contain the templates directory. :issue:1705- Improve annotations for methods returning copies. :pr:
1880urlizedoes not addmailto:to values like@a@b. :pr:1870
... (truncated)
Commits
1520688release version 3.1.690457bbMerge commit from fork065334dattr filter uses env.getattr033c200start version 3.1.6bc68d4euse global contributing guide (#2070](https://github.com/href="https://redirect.github.com/pallets/jinja/issues/2070">/issues/2070))247de5euse global contributing guideab8218cuse project advisory link instead of globalb4ffc8frelease version 3.1.5 (#2066](https://github.com/href="https://redirect.github.com/pallets/jinja/issues/2066">/issues/2066))877f6e5release version 3.1.58d58859remove test pypi- Additional commits viewable in compare view
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show <dependency name=""> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </dependency>
Originally posted by: dependabot[bot]
Labels
The following labels could not be found:
dependencies,python. Please create them before Dependabot can add them to a pull request.Please fix the above issues or remove invalid values from
dependabot.yml.