Skip to content

[Snyk] Security upgrade jinja2 from 3.1.3 to 3.1.4 #427

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 120 commits into
base: develop
Choose a base branch
from
Open

[Snyk] Security upgrade jinja2 from 3.1.3 to 3.1.4 #427

wants to merge 120 commits into from

Conversation

@xsa-dev
Copy link
Owner

@xsa-dev xsa-dev commented May 7, 2024

This PR was automatically created by Snyk using the credentials of a real user.


Snyk has created this PR to fix one or more vulnerable packages in the `pip` dependencies of this project.

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • requirements.txt
⚠️ Warning 
ccxt 3.1.44 requires aiohttp, which is not installed.

Vulnerabilities that will be fixed

By pinning:
Severity Priority Score (*) Issue Upgrade Breaking Change Exploit Maturity
medium severity 556/1000
Why? Recently disclosed, Has a fix available, CVSS 5.4		 Cross-site Scripting (XSS)
SNYK-PYTHON-JINJA2-6809379		 jinja2:
3.1.3 -> 3.1.4
No No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Some vulnerabilities couldn't be fully fixed and so Snyk will still find them when the project is tested again. This may be because the vulnerability existed within more than one direct dependency, but not all of the affected dependencies could be upgraded.

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Cross-site Scripting (XSS)

snyk-bot and others added 30 commits July 6, 2023 01:11
@snyk-bot
fix: docker/Dockerfile.armhf to reduce vulnerabilities
8582a89 
The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-DEBIAN11-OPENSSL-3368735
- https://snyk.io/vuln/SNYK-DEBIAN11-OPENSSL-5291773
- https://snyk.io/vuln/SNYK-DEBIAN11-OPENSSL-5291777
- https://snyk.io/vuln/SNYK-DEBIAN11-OPENSSL-5661566
- https://snyk.io/vuln/SNYK-DEBIAN11-OPENSSL-5661566
@snyk-bot
fix: requirements.txt to reduce vulnerabilities
2f3a5a2 
The following vulnerabilities are fixed by pinning transitive dependencies:
- https://snyk.io/vuln/SNYK-PYTHON-CRYPTOGRAPHY-5777683
@snyk-bot
fix: requirements.txt to reduce vulnerabilities
ea04fa6 
The following vulnerabilities are fixed by pinning transitive dependencies:
- https://snyk.io/vuln/SNYK-PYTHON-AIOHTTP-5798483
@snyk-bot
fix: requirements.txt to reduce vulnerabilities
882b2f7 
The following vulnerabilities are fixed by pinning transitive dependencies:
- https://snyk.io/vuln/SNYK-PYTHON-CRYPTOGRAPHY-5813745
- https://snyk.io/vuln/SNYK-PYTHON-CRYPTOGRAPHY-5813746
- https://snyk.io/vuln/SNYK-PYTHON-CRYPTOGRAPHY-5813750
@snyk-bot
fix: docker/Dockerfile.armhf to reduce vulnerabilities
fff59c2 
The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-DEBIAN11-OPENSSL-3368735
- https://snyk.io/vuln/SNYK-DEBIAN11-OPENSSL-3368735
- https://snyk.io/vuln/SNYK-DEBIAN11-OPENSSL-5291773
- https://snyk.io/vuln/SNYK-DEBIAN11-OPENSSL-5291777
- https://snyk.io/vuln/SNYK-DEBIAN11-OPENSSL-5661566
@snyk-bot
fix: docker/Dockerfile.armhf to reduce vulnerabilities
4dc89b6 
The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-DEBIAN11-OPENSSL-3368735
- https://snyk.io/vuln/SNYK-DEBIAN11-OPENSSL-3368735
- https://snyk.io/vuln/SNYK-DEBIAN11-OPENSSL-5291773
- https://snyk.io/vuln/SNYK-DEBIAN11-OPENSSL-5291777
- https://snyk.io/vuln/SNYK-DEBIAN11-OPENSSL-5661566
@snyk-bot
fix: docker/Dockerfile.armhf to reduce vulnerabilities
f132d62 
The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-DEBIAN11-OPENSSL-3368735
- https://snyk.io/vuln/SNYK-DEBIAN11-OPENSSL-3368735
- https://snyk.io/vuln/SNYK-DEBIAN11-OPENSSL-5291773
- https://snyk.io/vuln/SNYK-DEBIAN11-OPENSSL-5291777
- https://snyk.io/vuln/SNYK-DEBIAN11-OPENSSL-5661566
@snyk-bot
fix: requirements.txt to reduce vulnerabilities
1064ba7 
The following vulnerabilities are fixed by pinning transitive dependencies:
- https://snyk.io/vuln/SNYK-PYTHON-CRYPTOGRAPHY-5914629
@snyk-bot
fix: requirements-freqai.txt to reduce vulnerabilities
bac6a1f 
The following vulnerabilities are fixed by pinning transitive dependencies:
- https://snyk.io/vuln/SNYK-PYTHON-PILLOW-5918878
@snyk-bot
fix: requirements.txt to reduce vulnerabilities
a286446 
The following vulnerabilities are fixed by pinning transitive dependencies:
- https://snyk.io/vuln/SNYK-PYTHON-PYDANTIC-5907722
@snyk-bot
fix: requirements.txt to reduce vulnerabilities
8ce0c81 
The following vulnerabilities are fixed by pinning transitive dependencies:
- https://snyk.io/vuln/SNYK-PYTHON-PYDANTIC-5926694
@snyk-bot
fix: requirements.txt to reduce vulnerabilities
54b2cd0 
The following vulnerabilities are fixed by pinning transitive dependencies:
- https://snyk.io/vuln/SNYK-PYTHON-URLLIB3-5926907
@snyk-bot
fix: docker/Dockerfile.armhf to reduce vulnerabilities
90da97f 
The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-DEBIAN11-GLIBC-5927133
- https://snyk.io/vuln/SNYK-DEBIAN11-GLIBC-5927133
- https://snyk.io/vuln/SNYK-DEBIAN11-NCURSES-5421197
- https://snyk.io/vuln/SNYK-DEBIAN11-NCURSES-5421197
- https://snyk.io/vuln/SNYK-DEBIAN11-NCURSES-5421197
@snyk-bot
fix: requirements.txt to reduce vulnerabilities
53e482b 
The following vulnerabilities are fixed by pinning transitive dependencies:
- https://snyk.io/vuln/SNYK-PYTHON-URLLIB3-6002459
@snyk-bot
fix: requirements-freqai.txt to reduce vulnerabilities
5476cad 
The following vulnerabilities are fixed by pinning transitive dependencies:
- https://snyk.io/vuln/SNYK-PYTHON-NUMPY-2321964
- https://snyk.io/vuln/SNYK-PYTHON-NUMPY-2321966
- https://snyk.io/vuln/SNYK-PYTHON-NUMPY-2321970
- https://snyk.io/vuln/SNYK-PYTHON-PILLOW-5918878
@xsa-dev
Merge pull request #253 from xsa-dev/snyk-fix-c2f0658a39d91c39fc168f3…
4655363 
…b06a4ce13
@snyk-bot
fix: requirements-freqai.txt to reduce vulnerabilities
3b04352 
The following vulnerabilities are fixed by pinning transitive dependencies:
- https://snyk.io/vuln/SNYK-PYTHON-NUMPY-2321964
- https://snyk.io/vuln/SNYK-PYTHON-NUMPY-2321966
- https://snyk.io/vuln/SNYK-PYTHON-NUMPY-2321970
- https://snyk.io/vuln/SNYK-PYTHON-PILLOW-5918878
@snyk-bot
fix: requirements.txt to reduce vulnerabilities
eb28aec 
The following vulnerabilities are fixed by pinning transitive dependencies:
- https://snyk.io/vuln/SNYK-PYTHON-CRYPTOGRAPHY-6036192
@xsa-dev
Merge branch 'freqtrade:develop' into develop
0b2a37a
@snyk-bot
fix: docker/Dockerfile.armhf to reduce vulnerabilities
64d1366 
The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-DEBIAN11-GLIBC-5927133
- https://snyk.io/vuln/SNYK-DEBIAN11-GLIBC-5927133
- https://snyk.io/vuln/SNYK-DEBIAN11-NCURSES-5421197
- https://snyk.io/vuln/SNYK-DEBIAN11-NCURSES-5421197
- https://snyk.io/vuln/SNYK-DEBIAN11-NCURSES-5421197
@snyk-bot
fix: docker/Dockerfile.armhf to reduce vulnerabilities
a7d94ba 
The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-DEBIAN11-GLIBC-5927133
- https://snyk.io/vuln/SNYK-DEBIAN11-GLIBC-5927133
- https://snyk.io/vuln/SNYK-DEBIAN11-NCURSES-5421197
- https://snyk.io/vuln/SNYK-DEBIAN11-NCURSES-5421197
- https://snyk.io/vuln/SNYK-DEBIAN11-NCURSES-5421197
@xsa-dev
Merge branch 'freqtrade:develop' into develop
1c0e622
@xsa-dev
Merge branch 'freqtrade:develop' into develop
314bb66
@dependabot
Bump scikit-learn from 1.1.3 to 1.3.2
6cc70fd 
Bumps [scikit-learn](https://github.com/scikit-learn/scikit-learn) from 1.1.3 to 1.3.2.
- [Release notes](https://github.com/scikit-learn/scikit-learn/releases)
- [Commits](scikit-learn/scikit-learn@1.1.3...1.3.2)

---
updated-dependencies:
- dependency-name: scikit-learn
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>
@snyk-bot
fix: docker/Dockerfile.armhf to reduce vulnerabilities
a643c46 
The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-DEBIAN11-GLIBC-5927133
- https://snyk.io/vuln/SNYK-DEBIAN11-GLIBC-5927133
- https://snyk.io/vuln/SNYK-DEBIAN11-NCURSES-5421197
- https://snyk.io/vuln/SNYK-DEBIAN11-NCURSES-5421197
- https://snyk.io/vuln/SNYK-DEBIAN11-OPENSSL-3368735
@xsa-dev
Merge branch 'freqtrade:develop' into develop
92fe222
@snyk-bot
fix: requirements.txt to reduce vulnerabilities
4cb5a2a 
The following vulnerabilities are fixed by pinning transitive dependencies:
- https://snyk.io/vuln/SNYK-PYTHON-CRYPTOGRAPHY-6092044
@snyk-bot
fix: docker/Dockerfile.armhf to reduce vulnerabilities
ef5baf7 
The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-DEBIAN11-GLIBC-5927133
- https://snyk.io/vuln/SNYK-DEBIAN11-GLIBC-5927133
- https://snyk.io/vuln/SNYK-DEBIAN11-NCURSES-5421197
- https://snyk.io/vuln/SNYK-DEBIAN11-NCURSES-5421197
- https://snyk.io/vuln/SNYK-DEBIAN11-NCURSES-5421197
@xsa-dev
Merge branch 'freqtrade:develop' into develop
840dad6
@snyk-bot
fix: requirements-freqai.txt to reduce vulnerabilities
03515a2 
The following vulnerabilities are fixed by pinning transitive dependencies:
- https://snyk.io/vuln/SNYK-PYTHON-FONTTOOLS-6133203
xsa-dev and others added 29 commits January 26, 2024 11:07
@xsa-dev
Merge pull request #323 from xsa-dev/snyk-fix-031aeedc4d0b40357047ce0…
fd8ee24 
…3ca83d101

[Snyk] Security upgrade urllib3 from 2.0.6 to 2.0.7
@xsa-dev
Merge pull request #174 from xsa-dev/snyk-fix-0fc579b4ae6bac89b753954…
0205f0d 
…9450d4dfe

[Snyk] Security upgrade python from 3.9.16-slim-bullseye to 3.12.0b4-slim-bullseye
@xsa-dev
Merge pull request #229 from xsa-dev/snyk-fix-4644743bef5e8f49b3b339d…
ce55e59 
…16602539a

[Snyk] Security upgrade pydantic from 2.3.0 to 2.4.0
@xsa-dev
Merge branch 'develop' into snyk-fix-76963d7a6d676347a75f1ee4c84cc0a6
d0f916e
@xsa-dev
Merge pull request #231 from xsa-dev/snyk-fix-76963d7a6d676347a75f1ee…
c0b37bb 
…4c84cc0a6

[Snyk] Security upgrade pydantic from 2.3.0 to 2.4.0
@xsa-dev
Merge branch 'develop' into snyk-fix-176ea099dbab023d47a53873ca849099
ccd4a28
@xsa-dev
Merge pull request #316 from xsa-dev/snyk-fix-176ea099dbab023d47a5387…
1828172 
…3ca849099

[Snyk] Security upgrade fonttools from 4.38.0 to 4.43.0
@xsa-dev
Merge branch 'develop' into snyk-fix-b1be591ed9395036d0e658e440812886
41ee0b2
@xsa-dev
Merge pull request #320 from xsa-dev/snyk-fix-b1be591ed9395036d0e658e…
b2fe24c 
…440812886

[Snyk] Fix for 11 vulnerabilities
@xsa-dev
Merge branch 'develop' into snyk-fix-211a5afe0a2ab0f97dd03bee2fbbe48d
ef5b4ca
@xsa-dev
Merge pull request #322 from xsa-dev/snyk-fix-211a5afe0a2ab0f97dd03be…
7de40d5 
…e2fbbe48d

[Snyk] Fix for 10 vulnerabilities
@snyk-bot
fix: requirements-freqai.txt to reduce vulnerabilities
407790e 
The following vulnerabilities are fixed by pinning transitive dependencies:
- https://snyk.io/vuln/SNYK-PYTHON-FONTTOOLS-6133203
- https://snyk.io/vuln/SNYK-PYTHON-NUMPY-2321964
- https://snyk.io/vuln/SNYK-PYTHON-NUMPY-2321966
- https://snyk.io/vuln/SNYK-PYTHON-NUMPY-2321970
@xsa-dev
Merge branch 'develop' into snyk-fix-d182d64243359b51d2ac903e90b8cb39
199ebbf
@xsa-dev
Merge pull request #325 from xsa-dev/snyk-fix-d182d64243359b51d2ac903…
e458bf1 
…e90b8cb39

[Snyk] Fix for 5 vulnerabilities
@xsa-dev
Merge pull request #327 from xsa-dev/snyk-fix-65accae55f244e45935b2b3…
5dc8784 
…ada47db31

[Snyk] Fix for 4 vulnerabilities
@xsa-dev
Merge pull request #324 from xsa-dev/snyk-fix-36c26a8f16f10c0e4378b96…
d5bd167 
…a5d329382

[Snyk] Fix for 3 vulnerabilities
@snyk-bot
fix: requirements.txt to reduce vulnerabilities
84e8bf1 
The following vulnerabilities are fixed by pinning transitive dependencies:
- https://snyk.io/vuln/SNYK-PYTHON-AIOHTTP-6091621
- https://snyk.io/vuln/SNYK-PYTHON-AIOHTTP-6091622
- https://snyk.io/vuln/SNYK-PYTHON-CRYPTOGRAPHY-6092044
@xsa-dev
Merge pull request #328 from xsa-dev/snyk-fix-6af27529f8e958427311a08…
b501426 
…1c8d5ab8b

[Snyk] Fix for 3 vulnerabilities
@snyk-bot
fix: requirements.txt to reduce vulnerabilities
229098d 
The following vulnerabilities are fixed by pinning transitive dependencies:
- https://snyk.io/vuln/SNYK-PYTHON-CRYPTOGRAPHY-6050294
- https://snyk.io/vuln/SNYK-PYTHON-CRYPTOGRAPHY-6126975
@xsa-dev
Merge pull request #330 from xsa-dev/snyk-fix-6046bb06b38c53315f31e58…
a63c03b 
…559fcba96

[Snyk] Security upgrade cryptography from 41.0.6 to 42.0.0
@dependabot
chore(deps): bump peter-evans/dockerhub-description from 3 to 4
efb2a90 
Bumps [peter-evans/dockerhub-description](https://github.com/peter-evans/dockerhub-description) from 3 to 4.
- [Release notes](https://github.com/peter-evans/dockerhub-description/releases)
- [Commits](peter-evans/dockerhub-description@v3...v4)

---
updated-dependencies:
- dependency-name: peter-evans/dockerhub-description
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <[email protected]>
@snyk-bot
fix: requirements.txt to reduce vulnerabilities
495ac9a 
The following vulnerabilities are fixed by pinning transitive dependencies:
- https://snyk.io/vuln/SNYK-PYTHON-CRYPTOGRAPHY-6149518
- https://snyk.io/vuln/SNYK-PYTHON-CRYPTOGRAPHY-6157248
- https://snyk.io/vuln/SNYK-PYTHON-CRYPTOGRAPHY-6210214
@xsa-dev
Merge pull request #342 from xsa-dev/snyk-fix-c9fa9978d4c87bbe943ca32…
38a1ecd 
…c660c24b9

[Snyk] Security upgrade cryptography from 42.0.0 to 42.0.2
@xsa-dev
Merge pull request #341 from xsa-dev/dependabot/github_actions/develo…
a51643b 
…p/peter-evans/dockerhub-description-4

chore(deps): bump peter-evans/dockerhub-description from 3 to 4
@snyk-bot
fix: requirements-freqai.txt to reduce vulnerabilities
f00a2cd 
The following vulnerabilities are fixed by pinning transitive dependencies:
- https://snyk.io/vuln/SNYK-PYTHON-PILLOW-6219984
- https://snyk.io/vuln/SNYK-PYTHON-PILLOW-6219986
@xsa-dev
Merge pull request #345 from xsa-dev/snyk-fix-a1dcb96d68e5d859611eb3c…
6cea9ea 
…dceca636f

[Snyk] Security upgrade pillow from 9.5.0 to 10.2.0
@xsa-dev
remove mypy and discord
859cac0
@xsa-dev
Merge remote-tracking branch 'origin/TheWCKD-1s_timeframe_feature' in…
6239def 
…to develop

# Conflicts:
#	.github/workflows/docker_update_readme.yml
#	docker/Dockerfile.armhf
#	docs/requirements-docs.txt
#	requirements.txt
@snyk-bot
fix: requirements.txt to reduce vulnerabilities
582cfc8 
The following vulnerabilities are fixed by pinning transitive dependencies:
- https://snyk.io/vuln/SNYK-PYTHON-JINJA2-6809379
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@xsa-dev @snyk-bot