Skip to content

fix(deps): vuln minor upgrades — 7 packages (minor: 3 · patch: 4) [Doc]#42

Draft
gh-worker-campaigns-3e9aa4[bot] wants to merge 1 commit intomainfrom
engraver-auto-version-upgrade/minorpatch/pip/Doc/1-1776956486
Draft

fix(deps): vuln minor upgrades — 7 packages (minor: 3 · patch: 4) [Doc]#42
gh-worker-campaigns-3e9aa4[bot] wants to merge 1 commit intomainfrom
engraver-auto-version-upgrade/minorpatch/pip/Doc/1-1776956486

Conversation

@gh-worker-campaigns-3e9aa4
Copy link
Copy Markdown

@gh-worker-campaigns-3e9aa4 gh-worker-campaigns-3e9aa4 Bot commented Apr 23, 2026
edited by github-actions Bot
Loading

Summary: Security update — 7 packages upgraded (MINOR changes included)

Manifests changed:

  • Doc (pip)

✅ Action Required: Please review the changes below. If they look good, approve and merge this PR.

Updates

Package From To Type Dep Type Vulnerabilities Fixed
Jinja2 3.1.4 3.1.6 patch Direct 6 MODERATE
requests 2.32.3 2.32.5 patch Direct 4 MODERATE
Babel 2.16.0 2.18.0 minor Direct -
Pygments 2.18.0 2.20.0 minor Direct 1 LOW
Sphinx 7.2.6 7.4.7 minor Direct -
MarkupSafe 3.0.1 3.0.3 patch Direct -
charset-normalizer 3.4.0 3.4.7 patch Direct -

Packages marked with "-" are updated due to dependency constraints.

Security Details

ℹ️ Other Vulnerabilities (11)
Package CVE Severity Summary Unsafe Version Fixed In
Jinja2 GHSA-cpwx-vrp4-4pq7 MODERATE Jinja2 vulnerable to sandbox breakout through attr filter selecting format method 3.1.4 3.1.6
Jinja2 CVE-2025-27516 MODERATE Jinja sandbox breakout through attr filter selecting format method 3.1.4 -
Jinja2 GHSA-gmj6-6f8f-6699 MODERATE Jinja has a sandbox breakout through malicious filenames 3.1.4 3.1.5
Jinja2 CVE-2024-56201 MODERATE Jinja has a sandbox breakout through malicious filenames 3.1.4 -
Jinja2 GHSA-q2x7-8rv6-6q7h MODERATE Jinja has a sandbox breakout through indirect reference to format method 3.1.4 3.1.5
Jinja2 CVE-2024-56326 MODERATE Jinja has a sandbox breakout through indirect reference to format method 3.1.4 -
requests GHSA-gc5v-m9x4-r6x2 MODERATE Requests has Insecure Temp File Reuse in its extract_zipped_paths() utility function 2.32.3 2.33.0
requests CVE-2026-25645 MODERATE Requests has Insecure Temp File Reuse in its extract_zipped_paths() utility function 2.32.3 -
requests GHSA-9hjg-9r4m-mvj7 MODERATE Requests vulnerable to .netrc credentials leak via malicious URLs 2.32.3 2.32.4
requests CVE-2024-47081 MODERATE Requests vulnerable to .netrc credentials leak via malicious URLs 2.32.3 -
Pygments GHSA-5239-wwwm-4pmq LOW Pygments has Regular Expression Denial of Service (ReDoS) due to Inefficient Regex for GUID Matching 2.18.0 2.20.0
⚠️ Dependencies that have Reached EOL (2)
Dependency Unsafe Version EOL Date New Version Path
MarkupSafe 3.0.1 - 3.0.3 Doc/requirements-oldest-sphinx.txt
requests 2.32.3 - 2.32.5 Doc/requirements-oldest-sphinx.txt

Review Checklist

Standard review:

  • Review changes for compatibility with your code
  • Check for breaking changes in release notes
  • Run tests locally or wait for CI
  • Approve and merge this PR

Update Mode: Vulnerability Remediation

🤖 Generated by DataDog Automated Dependency Management System

📚 Documentation preview 📚: https://cpython-previews--42.org.readthedocs.build/

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

adms-dependency-update adms-fixes-eol adms-low-severity adms-medium-severity adms-minor-update adms-mode-all-updates adms-python campaigner-automated-change

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants