update jinja2 per CVE-2024-34064

haskell / cabal

Official upstream development repository for Cabal and cabal-install

https://haskell.org/cabal

Other

1.57k stars 676 forks source link

update jinja2 per CVE-2024-34064 #10030

Closed geekosaur closed 1 week ago

geekosaur commented 2 weeks ago

Template B: This PR does not modify behaviour or interface

E.g. the PR only touches documentation or tests, does refactorings, etc.

Include the following checklist in your PR:

[x] Patches conform to the coding conventions.
[x] Is this a PR that fixes CI? If so, it will need to be backported to older cabal release branches (ask maintainers for directions).

geekosaur commented 2 weeks ago

It'll take a little work since currently the RTD run doesn't depend on anything else, but we'll need to make sure it runs after the file has been generated.

geekosaur commented 1 week ago

So do we want to backport this? Also, given we just got another one, I'm wondering if #10031 should be backported after all.

ffaf1 commented 1 week ago

@mergify backport 3.12

mergify[bot] commented 1 week ago

backport 3.12

✅ Backports have been created

* [#10038 update jinja2 per CVE-2024-34064 (backport #10030)](https://github.com/haskell/cabal/pull/10038) has been created for branch `3.12`