dependabot[bot] opened a new pull request, #2836:
URL: https://github.com/apache/incubator-kie-tools/pull/2836
Bumps [jinja2](https://github.com/pallets/jinja) from 3.1.4 to 3.1.5.
Release notes
Sourced from https://github.com/pallets/jinja/releases";>jinja2's releases.
3.1.5
This is the Jinja 3.1.5 security fix release, which fixes security issues
and bugs but does not otherwise change behavior and should not result in
breaking changes compared to the latest feature release.
PyPI: https://pypi.org/project/Jinja2/3.1.5/";>https://pypi.org/project/Jinja2/3.1.5/
Changes: https://jinja.palletsprojects.com/changes/#version-3-1-5";>https://jinja.palletsprojects.com/changes/#version-3-1-5
Milestone: https://github.com/pallets/jinja/milestone/16?closed=1";>https://github.com/pallets/jinja/milestone/16?closed=1
The sandboxed environment handles indirect calls to
str.format, such as by passing a stored reference to a filter that
calls its argument. https://github.com/pallets/jinja/security/advisories/GHSA-q2x7-8rv6-6q7h";>GHSA-q2x7-8rv6-6q7h
Escape template name before formatting it into error messages, to avoid
issues with names that contain f-string syntax. https://redirect.github.com/pallets/jinja/issues/1792";>#1792, https://github.com/pallets/jinja/security/advisories/GHSA-gmj6-6f8f-6699";>GHSA-gmj6-6f8f-6699
Sandbox does not allow clear and pop on known
mutable sequence types. https://redirect.github.com/pallets/jinja/issues/2032";>#2032
Calling sync render for an async template uses
asyncio.run. https://redirect.github.com/pallets/jinja/issues/1952";>#1952
Avoid unclosed auto_aiter warnings. https://redirect.github.com/pallets/jinja/issues/1960";>#1960
Return an aclose-able AsyncGenerator from
Template.generate_async. https://redirect.github.com/pallets/jinja/issues/1960";>#1960
Avoid leaving root_render_func() unclosed in
Template.generate_async. https://redirect.github.com/pallets/jinja/issues/1960";>#1960
Avoid leaving async generators unclosed in blocks, includes and extends.
https://redirect.github.com/pallets/jinja/issues/1960";>#1960
The runtime uses the correct concat function for the
current environment when calling block references. https://redirect.github.com/pallets/jinja/issues/1701";>#1701
Make |unique async-aware, allowing it to be used after
another async-aware filter. https://redirect.github.com/pallets/jinja/issues/1781";>#1781
|int filter handles OverflowError from
scientific notation. https://redirect.github.com/pallets/jinja/issues/1921";>#1921
Make compiling deterministic for tuple unpacking in a {% set ...
%} call. https://redirect.github.com/pallets/jinja/issues/2021";>#2021
Fix dunder protocol (copy/pickle/etc)
interaction with Undefined objects. https://redirect.github.com/pallets/jinja/issues/2025";>#2025
Fix copy/pickle support for the internal
missing object. https://redirect.github.com/pallets/jinja/issues/2027";>#2027
Environment.overlay(enable_async) is applied correctly. https://redirect.github.com/pallets/jinja/issues/2061";>#2061
The error message from FileSystemLoader includes the paths
that were searched. https://redirect.github.com/pallets/jinja/issues/1661";>#1661
PackageLoader shows a clearer error message when the
package does not contain the templates directory. https://redirect.github.com/pallets/jinja/issues/1705";>#1705
Improve annotations for methods returning copies. https://redirect.github.com/pallets/jinja/issues/1880";>#1880
urlize does not add mailto: to values like
@a@b. https://redirect.github.com/pallets/jinja/issues/1870";>#1870
Tests decorated with @pass_context can be used with the
|select filter. https://redirect.github.com/pallets/jinja/issues/1624";>#1624
Using set for multiple assignment (a, b = 1,
2) does not fail when the target is a namespace attribute. https://redirect.github.com/pallets/jinja/issues/1413";>#1413
Using set in all branches of {% if %}{% elif %}{%
else %} blocks does not cause the variable to be considered initially
undefined. https://redirect.github.com/pallets/jinja/issues/1253";>#1253
Changelog
Sourced from https://github.com/pallets/jinja/blob/main/CHANGES.rst";>jinja2's
changelog.
Version 3.1.5
Released 2024-12-21
The sandboxed environment handles indirect calls to
str.format, such as
by passing a stored reference to a filter that calls its argument.
:ghsa:q2x7-8rv6-6q7h
Escape template name before formatting it into error messages, to avoid
issues with names that contain f-string syntax.
:issue:1792, :ghsa:gmj6-6f8f-6699
Sandbox does not allow clear and pop on known
mutable sequence
types. :issue:2032
Calling sync render for an async template uses
asyncio.run.
:pr:1952
Avoid unclosed auto_aiter warnings.
:pr:1960
Return an aclose-able AsyncGenerator from
Template.generate_async. :pr:1960
Avoid leaving root_render_fun