Update Jinja2 to address CVE-2019-10906 #1980

emkll · 2019-04-16T13:50:46Z

Fixes #1976 ,

Updates Jinja2 to mitigate CVE-2019-10906. Since it's a point release and only addresses the security fix (https://github.com/pallets/jinja/releases/tag/2.10.1), it should be a fairly safe upgrade.

PR Type

Bugfix Pull Request : Minor dependency update

webknjaz · 2019-04-16T15:11:10Z

setup.cfg

@@ -77,7 +77,7 @@ install_requires =
    colorama == 0.3.9
    cookiecutter == 1.6.0
    python-gilt >= 1.2.1, < 2
-    Jinja2 == 2.10
+    Jinja2 == 2.10.1


Can we please have an open upper boundary?

Suggested change

Jinja2 == 2.10.1

Jinja2 >= 2.10.1

webknjaz · 2019-04-16T15:11:41Z

Meanwhile, I've restarted two failing jobs in Travis CI.

Signed-off-by: mickael e <[email protected]>

webknjaz · 2019-04-18T13:10:52Z

Restarted https://travis-ci.com/ansible/molecule/jobs/193368152

webknjaz · 2019-04-25T14:48:43Z

@emkll thanks!

emkll requested a review from webknjaz as a code owner April 16, 2019 13:50

webknjaz reviewed Apr 16, 2019

View reviewed changes

Update Jinja2 to address CVE-2019-10906

76de820

Signed-off-by: mickael e <[email protected]>

webknjaz approved these changes Apr 18, 2019

View reviewed changes

webknjaz merged commit 02db6af into ansible:master Apr 25, 2019

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Update Jinja2 to address CVE-2019-10906 #1980

Update Jinja2 to address CVE-2019-10906 #1980

emkll commented Apr 16, 2019

webknjaz Apr 16, 2019

webknjaz commented Apr 16, 2019

webknjaz commented Apr 18, 2019

webknjaz commented Apr 25, 2019

Update Jinja2 to address CVE-2019-10906 #1980

Update Jinja2 to address CVE-2019-10906 #1980

Conversation

emkll commented Apr 16, 2019

PR Type

webknjaz Apr 16, 2019

Choose a reason for hiding this comment

webknjaz commented Apr 16, 2019

webknjaz commented Apr 18, 2019

webknjaz commented Apr 25, 2019