Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Ensure Jinja is upgraded to address Medium vulnerability (affecting analytics and API) #3356

Closed
1 task
mdragon opened this issue Dec 24, 2024 · 0 comments · Fixed by #3368
Closed
1 task

Ensure Jinja is upgraded to address Medium vulnerability (affecting analytics and API) #3356

mdragon opened this issue Dec 24, 2024 · 0 comments · Fixed by #3368
Assignees
@mikehgrantsgov

Comments

@mdragon
Copy link
Collaborator

mdragon commented Dec 24, 2024

Summary

https://github.com/HHS/simpler-grants-gov/actions/runs/12481427243/job/34833926210#step:6:17

Jinja needs to be upgrade to 3.1.5 (we're currently on 3.1.4)

Acceptance criteria

  • Anchore tests passing for Jinja vulnerability.
@mdragon mdragon moved this from Icebox to Todo in Simpler.Grants.gov Product Backlog Dec 24, 2024
@mikehgrantsgov mikehgrantsgov self-assigned this Dec 24, 2024
@mikehgrantsgov mikehgrantsgov moved this from Todo to In Progress in Simpler.Grants.gov Product Backlog Dec 24, 2024
@mikehgrantsgov mikehgrantsgov mentioned this issue Dec 27, 2024
Merged
@mikehgrantsgov mikehgrantsgov moved this from In Progress to In Review in Simpler.Grants.gov Product Backlog Dec 27, 2024
doug-s-nava pushed a commit that referenced this issue Dec 30, 2024
@mikehgrantsgov @doug-s-nava
[Issue #3356] Upgrade Jinja2 to 3.1.5 (#3368)
5b58541 
## Summary
Fixes #3356 

### Time to review: 5 mins

## Changes proposed
Upgrade Jinja2 to 3.1.5 in API and Analytics projects

## Context for reviewers
The currently installed Jinja version was flagged for a medium
vulnerability in CI

## Additional information
More info on the run here:
https://github.com/HHS/simpler-grants-gov/actions/runs/12481427243/job/34833926210#step:6:17
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@mikehgrantsgov mikehgrantsgov

Labels
None yet
Projects
Simpler.Grants.gov Product Backlog
Status: Done
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

[Issue #3356] Upgrade Jinja2 to 3.1.5 HHS/simpler-grants-gov
2 participants
@mdragon @mikehgrantsgov