Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Bump jinja2 from 3.1.4 to 3.1.5 in /integrations/docker/images/stage-2/chip-build-efr32 #36935

Conversation

dependabot[bot]
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Dec 24, 2024

Bumps jinja2 from 3.1.4 to 3.1.5.

Release notes

Sourced from jinja2's releases.

3.1.5

This is the Jinja 3.1.5 security fix release, which fixes security issues and bugs but does not otherwise change behavior and should not result in breaking changes compared to the latest feature release.

PyPI: https://pypi.org/project/Jinja2/3.1.5/ Changes: https://jinja.palletsprojects.com/changes/#version-3-1-5 Milestone: https://github.com/pallets/jinja/milestone/16?closed=1

  • The sandboxed environment handles indirect calls to str.format, such as by passing a stored reference to a filter that calls its argument. GHSA-q2x7-8rv6-6q7h
  • Escape template name before formatting it into error messages, to avoid issues with names that contain f-string syntax. #1792, GHSA-gmj6-6f8f-6699
  • Sandbox does not allow clear and pop on known mutable sequence types. #2032
  • Calling sync render for an async template uses asyncio.run. #1952
  • Avoid unclosed auto_aiter warnings. #1960
  • Return an aclose-able AsyncGenerator from Template.generate_async. #1960
  • Avoid leaving root_render_func() unclosed in Template.generate_async. #1960
  • Avoid leaving async generators unclosed in blocks, includes and extends. #1960
  • The runtime uses the correct concat function for the current environment when calling block references. #1701
  • Make |unique async-aware, allowing it to be used after another async-aware filter. #1781
  • |int filter handles OverflowError from scientific notation. #1921
  • Make compiling deterministic for tuple unpacking in a {% set ... %} call. #2021
  • Fix dunder protocol (copy/pickle/etc) interaction with Undefined objects. #2025
  • Fix copy/pickle support for the internal missing object. #2027
  • Environment.overlay(enable_async) is applied correctly. #2061
  • The error message from FileSystemLoader includes the paths that were searched. #1661
  • PackageLoader shows a clearer error message when the package does not contain the templates directory. #1705
  • Improve annotations for methods returning copies. #1880
  • urlize does not add mailto: to values like @a@b. #1870
  • Tests decorated with @pass_context can be used with the |select filter. #1624
  • Using set for multiple assignment (a, b = 1, 2) does not fail when the target is a namespace attribute. #1413
  • Using set in all branches of {% if %}{% elif %}{% else %} blocks does not cause the variable to be considered initially undefined. #1253
Changelog

Sourced from jinja2's changelog.

Version 3.1.5

Released 2024-12-21

  • The sandboxed environment handles indirect calls to str.format, such as by passing a stored reference to a filter that calls its argument. :ghsa:q2x7-8rv6-6q7h
  • Escape template name before formatting it into error messages, to avoid issues with names that contain f-string syntax. :issue:1792, :ghsa:gmj6-6f8f-6699
  • Sandbox does not allow clear and pop on known mutable sequence types. :issue:2032
  • Calling sync render for an async template uses asyncio.run. :pr:1952
  • Avoid unclosed auto_aiter warnings. :pr:1960
  • Return an aclose-able AsyncGenerator from Template.generate_async. :pr:1960
  • Avoid leaving root_render_func() unclosed in Template.generate_async. :pr:1960
  • Avoid leaving async generators unclosed in blocks, includes and extends. :pr:1960
  • The runtime uses the correct concat function for the current environment when calling block references. :issue:1701
  • Make |unique async-aware, allowing it to be used after another async-aware filter. :issue:1781
  • |int filter handles OverflowError from scientific notation. :issue:1921
  • Make compiling deterministic for tuple unpacking in a {% set ... %} call. :issue:2021
  • Fix dunder protocol (copy/pickle/etc) interaction with Undefined objects. :issue:2025
  • Fix copy/pickle support for the internal missing object. :issue:2027
  • Environment.overlay(enable_async) is applied correctly. :pr:2061
  • The error message from FileSystemLoader includes the paths that were searched. :issue:1661
  • PackageLoader shows a clearer error message when the package does not contain the templates directory. :issue:1705
  • Improve annotations for methods returning copies. :pr:1880
  • urlize does not add mailto: to values like @a@b. :pr:1870
  • Tests decorated with @pass_context`` can be used with the ``|select`` filter. :issue:1624`
  • Using set for multiple assignment (a, b = 1, 2) does not fail when the target is a namespace attribute. :issue:1413
  • Using set in all branches of {% if %}{% elif %}{% else %} blocks does not cause the variable to be considered initially undefined. :issue:1253
Commits
  • 877f6e5 release version 3.1.5
  • 8d58859 remove test pypi
  • eda8fe8 update dev dependencies
  • c8fdce1 Fix bug involving calling set on a template parameter within all branches of ...
  • 66587ce Fix bug where set would sometimes fail within if
  • fbc3a69 Add support for namespaces in tuple parsing (#1664)
  • b8f4831 more comments about nsref assignment
  • ee83219 Add support for namespaces in tuple assignment
  • 1d55cdd Triple quotes in docs (#2064)
  • 8a8eafc edit block assignment section
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    You can disable automated security fix PRs for this repo from the Security Alerts page.

Bumps [jinja2](https://github.com/pallets/jinja) from 3.1.4 to 3.1.5.
- [Release notes](https://github.com/pallets/jinja/releases)
- [Changelog](https://github.com/pallets/jinja/blob/main/CHANGES.rst)
- [Commits](pallets/jinja@3.1.4...3.1.5)

---
updated-dependencies:
- dependency-name: jinja2
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot dependabot bot requested a review from a team as a code owner December 24, 2024 00:59
@dependabot dependabot bot added external dependency Bugs that require changes in third party projects. python labels Dec 24, 2024
Copy link

Review changes with  SemanticDiff

Copy link

github-actions bot commented Dec 24, 2024

PR #36935: Size comparison from 4865e5e to ec9e48e

Full report (69 builds for bl602, bl702, bl702l, cc13x4_26x4, cc32xx, cyw30739, efr32, esp32, linux, nrfconnect, nxp, psoc6, qpg, stm32, telink, tizen)
platform target config section 4865e5e ec9e48e change % change
bl602 lighting-app bl602+mfd+littlefs+rpc FLASH 1354912 1354912 0 0.0
RAM 104160 104160 0 0.0
bl702 lighting-app bl702+eth FLASH 652134 652134 0 0.0
RAM 25353 25353 0 0.0
bl702+wifi FLASH 829738 829738 0 0.0
RAM 14093 14093 0 0.0
bl706+mfd+rpc+littlefs FLASH 1058210 1058210 0 0.0
RAM 23933 23933 0 0.0
bl702l lighting-app bl702l+mfd+littlefs FLASH 979328 979328 0 0.0
RAM 16596 16596 0 0.0
cc13x4_26x4 lighting-app LP_EM_CC1354P10_6 FLASH 840208 840208 0 0.0
RAM 123696 123696 0 0.0
lock-ftd LP_EM_CC1354P10_6 FLASH 825748 825748 0 0.0
RAM 125584 125584 0 0.0
pump-app LP_EM_CC1354P10_6 FLASH 772568 772568 0 0.0
RAM 114060 114060 0 0.0
pump-controller-app LP_EM_CC1354P10_6 FLASH 756748 756748 0 0.0
RAM 114260 114260 0 0.0
cc32xx air-purifier CC3235SF_LAUNCHXL FLASH 540049 540049 0 0.0
RAM 205800 205800 0 0.0
lock CC3235SF_LAUNCHXL FLASH 574209 574209 0 0.0
RAM 205944 205944 0 0.0
cyw30739 light CYW30739B2-P5-EVK-01 unknown 2040 2040 0 0.0
FLASH 681745 681745 0 0.0
RAM 78756 78756 0 0.0
CYW30739B2-P5-EVK-02 unknown 2040 2040 0 0.0
FLASH 701597 701597 0 0.0
RAM 81396 81396 0 0.0
CYW30739B2-P5-EVK-03 unknown 2040 2040 0 0.0
FLASH 701597 701597 0 0.0
RAM 81396 81396 0 0.0
CYW930739M2EVB-02 unknown 2040 2040 0 0.0
FLASH 658525 658525 0 0.0
RAM 73824 73824 0 0.0
light-switch CYW30739B2-P5-EVK-01 unknown 2040 2040 0 0.0
FLASH 618369 618369 0 0.0
RAM 71748 71748 0 0.0
CYW30739B2-P5-EVK-02 unknown 2040 2040 0 0.0
FLASH 637997 637997 0 0.0
RAM 74292 74292 0 0.0
CYW30739B2-P5-EVK-03 unknown 2040 2040 0 0.0
FLASH 637997 637997 0 0.0
RAM 74292 74292 0 0.0
lock CYW30739B2-P5-EVK-01 unknown 2040 2040 0 0.0
FLASH 637769 637769 0 0.0
RAM 74756 74756 0 0.0
CYW30739B2-P5-EVK-02 unknown 2040 2040 0 0.0
FLASH 657477 657477 0 0.0
RAM 77300 77300 0 0.0
CYW30739B2-P5-EVK-03 unknown 2040 2040 0 0.0
FLASH 657477 657477 0 0.0
RAM 77300 77300 0 0.0
thermostat CYW30739B2-P5-EVK-01 unknown 2040 2040 0 0.0
FLASH 614389 614389 0 0.0
RAM 68844 68844 0 0.0
CYW30739B2-P5-EVK-02 unknown 2040 2040 0 0.0
FLASH 634241 634241 0 0.0
RAM 71476 71476 0 0.0
CYW30739B2-P5-EVK-03 unknown 2040 2040 0 0.0
FLASH 634241 634241 0 0.0
RAM 71476 71476 0 0.0
efr32 lock-app BRD4187C FLASH 932676 932676 0 0.0
RAM 160228 160228 0 0.0
BRD4338a FLASH 747160 747152 -8 -0.0
RAM 233356 233356 0 0.0
window-app BRD4187C FLASH 1025592 1025592 0 0.0
RAM 128332 128332 0 0.0
esp32 all-clusters-app c3devkit DRAM 95352 95352 0 0.0
FLASH 1541938 1541938 0 0.0
IRAM 82552 82552 0 0.0
m5stack DRAM 116332 116332 0 0.0
FLASH 1548142 1548142 0 0.0
IRAM 117039 117039 0 0.0
linux air-purifier-app debug unknown 4720 4720 0 0.0
FLASH 2720013 2720013 0 0.0
RAM 130120 130120 0 0.0
all-clusters-app debug unknown 5560 5560 0 0.0
FLASH 6018422 6018422 0 0.0
RAM 523848 523848 0 0.0
all-clusters-minimal-app debug unknown 5456 5456 0 0.0
FLASH 5354956 5354956 0 0.0
RAM 242904 242904 0 0.0
bridge-app debug unknown 5440 5440 0 0.0
FLASH 4694524 4694524 0 0.0
RAM 218752 218752 0 0.0
chip-tool debug unknown 5992 5992 0 0.0
FLASH 1286854 1286854 0 0.0
RAM 582650 582650 0 0.0
chip-tool-ipv6only arm64 unknown 21408 21408 0 0.0
FLASH 10997280 10997280 0 0.0
RAM 633664 633664 0 0.0
fabric-admin debug unknown 5816 5816 0 0.0
FLASH 11274255 11274255 0 0.0
RAM 582994 582994 0 0.0
fabric-bridge-app debug unknown 4696 4696 0 0.0
FLASH 4519762 4519762 0 0.0
RAM 205920 205920 0 0.0
fabric-sync debug unknown 4936 4936 0 0.0
FLASH 5630501 5630501 0 0.0
RAM 472984 472984 0 0.0
lighting-app debug+rpc+ui unknown 6104 6104 0 0.0
FLASH 5630369 5630369 0 0.0
RAM 229080 229080 0 0.0
lock-app debug unknown 5376 5376 0 0.0
FLASH 4742884 4742884 0 0.0
RAM 205064 205064 0 0.0
ota-provider-app debug unknown 4752 4752 0 0.0
FLASH 4369470 4369470 0 0.0
RAM 198752 198752 0 0.0
ota-requestor-app debug unknown 4688 4688 0 0.0
FLASH 4508496 4508496 0 0.0
RAM 203336 203336 0 0.0
shell debug unknown 4248 4248 0 0.0
FLASH 3036685 3036685 0 0.0
RAM 160736 160736 0 0.0
thermostat-no-ble arm64 unknown 9560 9560 0 0.0
FLASH 4111984 4111984 0 0.0
RAM 243368 243368 0 0.0
tv-app debug unknown 5704 5704 0 0.0
FLASH 5979749 5979749 0 0.0
RAM 596400 596400 0 0.0
tv-casting-app debug unknown 5288 5288 0 0.0
FLASH 11064493 11064493 0 0.0
RAM 692600 692600 0 0.0
nrfconnect all-clusters-app nrf52840dk_nrf52840 FLASH 918100 918100 0 0.0
RAM 143332 143332 0 0.0
nrf7002dk_nrf5340_cpuapp FLASH 890592 890592 0 0.0
RAM 141519 141519 0 0.0
all-clusters-minimal-app nrf52840dk_nrf52840 FLASH 852164 852164 0 0.0
RAM 142244 142244 0 0.0
nxp contact k32w0+release FLASH 585952 585952 0 0.0
RAM 71112 71112 0 0.0
mcxw71+release FLASH 600512 600512 0 0.0
RAM 63208 63208 0 0.0
light k32w0+release FLASH 612700 612700 0 0.0
RAM 70504 70504 0 0.0
k32w1+release FLASH 686920 686920 0 0.0
RAM 48840 48840 0 0.0
lock mcxw71+release FLASH 763264 763264 0 0.0
RAM 70876 70876 0 0.0
psoc6 all-clusters cy8ckit_062s2_43012 FLASH 1647500 1647500 0 0.0
RAM 212128 212128 0 0.0
all-clusters-minimal cy8ckit_062s2_43012 FLASH 1555132 1555132 0 0.0
RAM 208944 208944 0 0.0
light cy8ckit_062s2_43012 FLASH 1470236 1470236 0 0.0
RAM 200912 200912 0 0.0
lock cy8ckit_062s2_43012 FLASH 1467956 1467956 0 0.0
RAM 225272 225272 0 0.0
qpg lighting-app qpg6105+debug FLASH 664328 664328 0 0.0
RAM 105456 105456 0 0.0
lock-app qpg6105+debug FLASH 622156 622156 0 0.0
RAM 99908 99908 0 0.0
stm32 light STM32WB5MM-DK FLASH 485072 485072 0 0.0
RAM 144912 144912 0 0.0
telink bridge-app tlsr9258a FLASH 683634 683634 0 0.0
RAM 91248 91248 0 0.0
contact-sensor-app tlsr9528a_retention FLASH 623874 623874 0 0.0
RAM 31488 31488 0 0.0
light-app-ota-compress-lzma-shell-factory-data tl3218x FLASH 772784 772784 0 0.0
RAM 49348 49348 0 0.0
light-switch-app-ota-compress-lzma-shell-factory-data tlsr9528a FLASH 711316 711316 0 0.0
RAM 73544 73544 0 0.0
lighting-app-ota-factory-data tlsr9118bdk40d FLASH 628320 628320 0 0.0
RAM 142180 142180 0 0.0
lighting-app-ota-rpc-factory-data-4mb tlsr9518adk80d FLASH 814338 814338 0 0.0
RAM 99724 99724 0 0.0
tizen all-clusters-app arm unknown 5000 5000 0 0.0
FLASH 1736692 1736692 0 0.0
RAM 90888 90888 0 0.0
chip-tool-ubsan arm unknown 10848 10848 0 0.0
FLASH 18003486 18003486 0 0.0
RAM 7858000 7858000 0 0.0

@Alami-Amine Alami-Amine self-requested a review December 24, 2024 12:26
@andy31415 andy31415 merged commit 2a686a7 into master Jan 7, 2025
112 checks passed
@andy31415 andy31415 deleted the dependabot/pip/integrations/docker/images/stage-2/chip-build-efr32/jinja2-3.1.5 branch January 7, 2025 14:09
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants