Update jinja2 from 3.0.2 to 3.1.3 #7107
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
zenmonkeykstop
force-pushed
the
safety-jinja2-update
branch
6 times, most recently
from
f691b81
to
67aedfe
Compare
zenmonkeykstop
force-pushed
the
safety-jinja2-update
branch
from
67aedfe
to
7bb50ef
Compare
zenmonkeykstop
force-pushed
the
safety-jinja2-update
branch
from
028c0bf
to
75e5a34
Compare
cfm
approved these changes
Jan 23, 2024
There was a problem hiding this comment.
Left one documentation nit for your consideration, @zenmonkeykstop. Revise or merge at your discretion!
| @@ -271,7 +271,7 @@ jobs: | |||
| command: | | |||
| fromtag=$(docker images |grep securedrop-test-focal-py3 |head -n1 |awk '{print $2}') | |||
| DOCKER_BUILD_ARGUMENTS="--cache-from securedrop-test-focal-py3:${fromtag:-latest}" securedrop/bin/dev-shell \ | |||
| bash -c "pip3 install -U -q --upgrade pip && pip3 install -U -q --upgrade semgrep && make -C .. semgrep" | |||
| bash -c "pip3 install -U -q --upgrade pip && pip3 install -U -q semgrep==1.56.0 && make -C .. semgrep" | |||
There was a problem hiding this comment.
Suggested change
| bash -c "pip3 install -U -q --upgrade pip && pip3 install -U -q semgrep==1.56.0 && make -C .. semgrep" | |
| bash -c "pip3 install -U -q --upgrade pip && pip3 install -U -q semgrep==1.56.0 && make -C .. semgrep" # semgrep==1.56.0 pending semgrep/semgrep#9630 |
There was a problem hiding this comment.
IMO it's fine as is, let's skip an extra CI run. I will bear the burden of remembering to test the next semgrep release and slip an update into the next appropriate PR.
2 tasks
cfm
added a commit
to freedomofpress/securedrop-builder
that referenced
this pull request
Feb 13, 2024
This update was already diff-reviewed in freedomofpress/securedrop#7107.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Status
RfR
Description of Changes
jinja2from 3.0.2 to 3.1.3 in response to GHSA-h5c8-rqwp-cp95Testing
Deployment
n/a - will be released with next scheduled version
Checklist
If you added or updated a reference to a production code dependency:
Choose one of the following: