Jinja vulnerable to HTML attribute injection when passing user input as keys to xmlattr filter

[fnielsen]

Describe the bug https://nvd.nist.gov/vuln/detail/CVE-2024-22195

Additional context

Affected is < 3.1.3. Patched is 3.1.3

[fnielsen]

Jinja2>=3.1.3 in https://github.com/WDscholia/scholia/blob/master/requirements.txt

[fnielsen]

There is another requirement: https://github.com/WDscholia/scholia/blob/master/docs/requirements.txt