Upgrade Jinja2 to address docs-only vulnerability #4607
Labels
Comments
benjsmi
added a commit
to benjsmi/fabric
that referenced
this issue
Jan 17, 2024
The version of Sphinx we were using is simply not compatible with Jinja2 > v3.0.3, so given that we had to upset the delicate balance of requirements anyway, the goal of this PR is now to bring all docs infrastructure for CI/CD as well as dependencies and indeed the docs themselves to the latest version.
benjsmi
added a commit
to benjsmi/fabric
that referenced
this issue
Jan 17, 2024
The version of Sphinx we were using is simply not compatible with Jinja2 > v3.0.3, so given that we had to upset the delicate balance of requirements anyway, the goal of this PR is now to bring all docs infrastructure for CI/CD as well as dependencies and indeed the docs themselves to the latest version. Signed-off-by: Ben Smith <benjsmi@us.ibm.com>
denyeart
pushed a commit
that referenced
this issue
Jan 17, 2024
The version of Sphinx we were using is simply not compatible with Jinja2 > v3.0.3, so given that we had to upset the delicate balance of requirements anyway, the goal of this PR is now to bring all docs infrastructure for CI/CD as well as dependencies and indeed the docs themselves to the latest version. Signed-off-by: Ben Smith <benjsmi@us.ibm.com>
mergify bot
pushed a commit
that referenced
this issue
Jan 17, 2024
The version of Sphinx we were using is simply not compatible with Jinja2 > v3.0.3, so given that we had to upset the delicate balance of requirements anyway, the goal of this PR is now to bring all docs infrastructure for CI/CD as well as dependencies and indeed the docs themselves to the latest version. Signed-off-by: Ben Smith <benjsmi@us.ibm.com> (cherry picked from commit 145815c) # Conflicts: # docs/requirements.txt
|
#4613 has been approved and merged. |
|
Sorry, I forgot that I need to do this for the release branches as well. |
benjsmi
added a commit
to benjsmi/fabric
that referenced
this issue
Jan 17, 2024
The version of Sphinx we were using is simply not compatible with Jinja2 > v3.0.3, so given that we had to upset the delicate balance of requirements anyway, the goal of this PR is now to bring all docs infrastructure for CI/CD as well as dependencies and indeed the docs themselves to the latest version. Signed-off-by: Ben Smith <benjsmi@us.ibm.com>
|
benjsmi
added a commit
to benjsmi/fabric
that referenced
this issue
Jan 17, 2024
The version of Sphinx we were using is simply not compatible with Jinja2 > v3.0.3, so given that we had to upset the delicate balance of requirements anyway, the goal of this PR is now to bring all docs infrastructure for CI/CD as well as dependencies and indeed the docs themselves to the latest version. Signed-off-by: Ben Smith <benjsmi@us.ibm.com>
denyeart
pushed a commit
that referenced
this issue
Jan 17, 2024
The version of Sphinx we were using is simply not compatible with Jinja2 > v3.0.3, so given that we had to upset the delicate balance of requirements anyway, the goal of this PR is now to bring all docs infrastructure for CI/CD as well as dependencies and indeed the docs themselves to the latest version. Signed-off-by: Ben Smith <benjsmi@us.ibm.com>
benjsmi
added a commit
to benjsmi/fabric
that referenced
this issue
Jan 17, 2024
The version of Sphinx we were using is simply not compatible with Jinja2 > v3.0.3, so given that we had to upset the delicate balance of requirements anyway, the goal of this PR is now to bring all docs infrastructure for CI/CD as well as dependencies and indeed the docs themselves to the latest version. Signed-off-by: Ben Smith <benjsmi@us.ibm.com>
denyeart
pushed a commit
that referenced
this issue
Jan 17, 2024
The version of Sphinx we were using is simply not compatible with Jinja2 > v3.0.3, so given that we had to upset the delicate balance of requirements anyway, the goal of this PR is now to bring all docs infrastructure for CI/CD as well as dependencies and indeed the docs themselves to the latest version. Signed-off-by: Ben Smith <benjsmi@us.ibm.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Current Status
Jinja2 is vulnerable again and needs to be upgraded to v3.1.3.
As per https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-22195.
fabric/docs/requirements.txt
Line 10 in 713ece2
Goal
Upgrade to version v3.1.3 of Jinja2 for docs build that doesn't break the docs build.
Solution
I will be providing a PR.
The text was updated successfully, but these errors were encountered: