[Snyk] Security upgrade jinja2 from 2.11.3 to 3.1.4

[Sackstools]

User description

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `pip` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • scripts/klippy-requirements.txt

⚠️ Warning

jinja2 3.1.4 has requirement MarkupSafe>=2.0, but you have MarkupSafe 1.1.1.

Vulnerabilities that will be fixed

By pinning:

Severity	Priority Score (*)	Issue	Upgrade	Breaking Change	Exploit Maturity
	556/1000 Why? Recently disclosed, Has a fix available, CVSS 5.4	Cross-site Scripting (XSS) SNYK-PYTHON-JINJA2-6809379	jinja2: 2.11.3 -> 3.1.4	No	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Some vulnerabilities couldn't be fully fixed and so Snyk will still find them when the project is tested again. This may be because the vulnerability existed within more than one direct dependency, but not all of the affected dependencies could be upgraded.

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Cross-site Scripting (XSS)

---

PR Type

Enhancement

---

Description

• Upgraded Jinja2 in scripts/klippy-requirements.txt from version 2.11.3 to 3.1.4 to fix security vulnerabilities identified by Snyk.
• This update addresses a Cross-site Scripting (XSS) vulnerability as reported.

---

Changes walkthrough 📝

	Relevant files
Enhancement	klippy-requirements.txt Upgrade Jinja2 to Fix Security Vulnerabilities                      scripts/klippy-requirements.txt Upgraded Jinja2 from version 2.11.3 to 3.1.4 to address security vulnerabilities. +1/-1

---

💡 PR-Agent usage:
Comment /help on the PR to get a list of all available PR-Agent tools and their descriptions

[codiumai-pr-agent-pro]

PR Description updated to latest commit (861029f)

• Copy walkthrough table to "Files Changed" Tab

[codiumai-pr-agent-pro]

PR Review 🔍

⏱️ Estimated effort to review [1-5]	1, because the PR involves a simple version update in a requirements file, which is straightforward to review.
🧪 Relevant tests	No
⚡ Possible issues	Dependency Conflict: The PR updates Jinja2 to 3.1.4 which requires MarkupSafe>=2.0, but the current version of MarkupSafe is 1.1.1. This could lead to runtime errors if not addressed.
🔒 Security concerns	No

[codiumai-pr-agent-pro]

PR Code Suggestions ✨

Category

Suggestions

Compatibility

Update the markupsafe version to ensure compatibility with the new Jinja2 version. Consider pinning the markupsafe version that is compatible with Jinja2==3.1.4 to avoid potential incompatibilities. The markupsafe version should be updated to at least 2.0.1 as it is a dependency of Jinja2 and older versions might not be fully compatible with Jinja2==3.1.4. scripts/klippy-requirements.txt [11] -markupsafe==1.1.1 +markupsafe>=2.0.1

[codiumai-pr-agent-pro]

PR-Agent was enabled for this repository. To continue using it, please link your git user with your CodiumAI identity here.

CI Failure Feedback 🧐

Action: build

Failed stage: Prepare tests [❌]

Failure summary: The action failed due to multiple dependency conflicts and version incompatibilities: jinja2 3.1.4 requires MarkupSafe>=2.0, but only MarkupSafe 1.1.1 was available, leading to an incompatibility error. The required version Jinja2==3.1.4 could not be found for the Python version being used, as the available versions did not include 3.1.4.

Relevant error logs: 1: ##[group]Operating System 2: Ubuntu ... 794: Collecting wrapt~=1.10 795: Downloading wrapt-1.16.0-cp38-cp38-manylinux_2_5_x86_64.manylinux1_x86_64.manylinux_2_17_x86_64.manylinux2014_x86_64.whl (83 kB) 796: Building wheels for collected packages: python-can 797: Building wheel for python-can (setup.py): started 798: Building wheel for python-can (setup.py): finished with status 'done' 799: Created wheel for python-can: filename=python_can-3.3.4-py2.py3-none-any.whl size=154190 sha256=ca8504b1e4d7fee2ac96174de166ba0469a442c4e4472c15073df6a5a404d43b 800: Stored in directory: /home/runner/.cache/pip/wheels/92/22/e3/45ef04fb8e96202d5fd6dece1ee28ed727848d7a22a1cae20f 801: Successfully built python-can 802: ERROR: jinja2 3.1.4 has requirement MarkupSafe>=2.0, but you'll have markupsafe 1.1.1 which is incompatible. ... 814: DEPRECATION: Python 2.7 reached the end of its life on January 1st, 2020. Please upgrade your Python as Python 2.7 is no longer maintained. A future version of pip will drop support for Python 2.7. More details about Python 2 support in pip, can be found at https://pip.pypa.io/en/latest/development/release-process/#python-2-support 815: Ignoring greenlet: markers 'python_version >= "3.12"' don't match your environment 816: Collecting cffi==1.14.6 817: Downloading cffi-1.14.6-cp27-cp27mu-manylinux1_x86_64.whl (389 kB) 818: Collecting pyserial==3.4 819: Using cached pyserial-3.4-py2.py3-none-any.whl (193 kB) 820: Collecting greenlet==2.0.2 821: Downloading greenlet-2.0.2-cp27-cp27mu-manylinux2010_x86_64.whl (532 kB) 822: ERROR: Could not find a version that satisfies the requirement Jinja2==3.1.4 (from -r /home/runner/work/klipper_chronos/klipper_chronos/scripts/klippy-requirements.txt (line 9)) (from versions: 2.0rc1, 2.0, 2.1, 2.1.1, 2.2, 2.2.1, 2.3, 2.3.1, 2.4, 2.4.1, 2.5, 2.5.1, 2.5.2, 2.5.3, 2.5.4, 2.5.5, 2.6, 2.7, 2.7.1, 2.7.2, 2.7.3, 2.8, 2.8.1, 2.9, 2.9.1, 2.9.2, 2.9.3, 2.9.4, 2.9.5, 2.9.6, 2.10, 2.10.1, 2.10.2, 2.10.3, 2.11.0, 2.11.1, 2.11.2, 2.11.3) 823: ERROR: No matching distribution found for Jinja2==3.1.4 (from -r /home/runner/work/klipper_chronos/klipper_chronos/scripts/klippy-requirements.txt (line 9)) 824: ##[error]Process completed with exit code 1.

---

✨ CI feedback usage guide:

---

The CI feedback tool (/checks) automatically triggers when a PR has a failed check.
The tool analyzes the failed checks and provides several feedbacks:

• Failed stage
• Failed test name
• Failure summary
• Relevant error logs

In addition to being automatically triggered, the tool can also be invoked manually by commenting on a PR:

/checks "https://github.com/{repo_name}/actions/runs/{run_number}/job/{job_number}"

where {repo_name} is the name of the repository, {run_number} is the run number of the failed check, and {job_number} is the job number of the failed check.

Configuration options

• enable_auto_checks_feedback - if set to true, the tool will automatically provide feedback when a check is failed. Default is true.
• excluded_checks_list - a list of checks to exclude from the feedback, for example: ["check1", "check2"]. Default is an empty list.
• enable_help_text - if set to true, the tool will provide a help message with the feedback. Default is true.
• persistent_comment - if set to true, the tool will overwrite a previous checks comment with the new feedback. Default is true.
• final_update_message - if persistent_comment is true and updating a previous checks message, the tool will also create a new message: "Persistent checks updated to latest commit". Default is true.

See more information about the checks tool in the docs.

[codiumai-pr-agent-pro]

PR-Agent was enabled for this repository. To continue using it, please link your git user with your CodiumAI identity here.

CI Failure Feedback 🧐

Action: build

Failed stage: Prepare tests [❌]

Failure summary: The action failed due to multiple dependency conflicts and issues: jinja2 3.1.4 requires MarkupSafe>=2.0, but only MarkupSafe 1.1.1 is available, leading to an incompatibility error. The environment is using Python 2.7, which is deprecated and no longer maintained, causing potential issues with package support. The required version Jinja2==3.1.4 could not be found for the Python version in use, as available versions do not include 3.1.4.

Relevant error logs: 1: ##[group]Operating System 2: Ubuntu ... 802: Collecting wrapt~=1.10 803: Downloading wrapt-1.16.0-cp38-cp38-manylinux_2_5_x86_64.manylinux1_x86_64.manylinux_2_17_x86_64.manylinux2014_x86_64.whl (83 kB) 804: Building wheels for collected packages: python-can 805: Building wheel for python-can (setup.py): started 806: Building wheel for python-can (setup.py): finished with status 'done' 807: Created wheel for python-can: filename=python_can-3.3.4-py2.py3-none-any.whl size=154190 sha256=5ddb0e83564a65884aca9d2d37ed15a4ac441b246ce7f9bc08a39852987cb8a8 808: Stored in directory: /home/runner/.cache/pip/wheels/92/22/e3/45ef04fb8e96202d5fd6dece1ee28ed727848d7a22a1cae20f 809: Successfully built python-can 810: ERROR: jinja2 3.1.4 has requirement MarkupSafe>=2.0, but you'll have markupsafe 1.1.1 which is incompatible. ... 822: DEPRECATION: Python 2.7 reached the end of its life on January 1st, 2020. Please upgrade your Python as Python 2.7 is no longer maintained. A future version of pip will drop support for Python 2.7. More details about Python 2 support in pip, can be found at https://pip.pypa.io/en/latest/development/release-process/#python-2-support 823: Ignoring greenlet: markers 'python_version >= "3.12"' don't match your environment 824: Collecting cffi==1.14.6 825: Downloading cffi-1.14.6-cp27-cp27mu-manylinux1_x86_64.whl (389 kB) 826: Collecting pyserial==3.4 827: Using cached pyserial-3.4-py2.py3-none-any.whl (193 kB) 828: Collecting greenlet==2.0.2 829: Downloading greenlet-2.0.2-cp27-cp27mu-manylinux2010_x86_64.whl (532 kB) 830: ERROR: Could not find a version that satisfies the requirement Jinja2==3.1.4 (from -r /home/runner/work/klipper_chronos/klipper_chronos/scripts/klippy-requirements.txt (line 9)) (from versions: 2.0rc1, 2.0, 2.1, 2.1.1, 2.2, 2.2.1, 2.3, 2.3.1, 2.4, 2.4.1, 2.5, 2.5.1, 2.5.2, 2.5.3, 2.5.4, 2.5.5, 2.6, 2.7, 2.7.1, 2.7.2, 2.7.3, 2.8, 2.8.1, 2.9, 2.9.1, 2.9.2, 2.9.3, 2.9.4, 2.9.5, 2.9.6, 2.10, 2.10.1, 2.10.2, 2.10.3, 2.11.0, 2.11.1, 2.11.2, 2.11.3) 831: ERROR: No matching distribution found for Jinja2==3.1.4 (from -r /home/runner/work/klipper_chronos/klipper_chronos/scripts/klippy-requirements.txt (line 9)) 832: ##[error]Process completed with exit code 1.

---

✨ CI feedback usage guide:

---

The CI feedback tool (/checks) automatically triggers when a PR has a failed check.
The tool analyzes the failed checks and provides several feedbacks:

• Failed stage
• Failed test name
• Failure summary
• Relevant error logs

In addition to being automatically triggered, the tool can also be invoked manually by commenting on a PR:

/checks "https://github.com/{repo_name}/actions/runs/{run_number}/job/{job_number}"

where {repo_name} is the name of the repository, {run_number} is the run number of the failed check, and {job_number} is the job number of the failed check.

Configuration options

• enable_auto_checks_feedback - if set to true, the tool will automatically provide feedback when a check is failed. Default is true.
• excluded_checks_list - a list of checks to exclude from the feedback, for example: ["check1", "check2"]. Default is an empty list.
• enable_help_text - if set to true, the tool will provide a help message with the feedback. Default is true.
• persistent_comment - if set to true, the tool will overwrite a previous checks comment with the new feedback. Default is true.
• final_update_message - if persistent_comment is true and updating a previous checks message, the tool will also create a new message: "Persistent checks updated to latest commit". Default is true.

See more information about the checks tool in the docs.