fix one snyk issue and ignore another

This commit is contained in:
burnettk 2024-05-13 10:28:58 -04:00
parent c967af3d65
commit 11134d1577
No known key found for this signature in database
2 changed files with 9 additions and 4 deletions

View File

@ -5,7 +5,7 @@ ignore:
# in case snyk wants werkzeug v3, in the future: # in case snyk wants werkzeug v3, in the future:
# we cannot upgrade werkzeug because it breaks connexion # we cannot upgrade werkzeug because it breaks connexion
# and we can't upgrade connexion because it downgrades werkzeug. # and we can't upgrade connexion because it downgrades werkzeug.
# this means we cannot satisfy the snyk requiement to upgrade werkzeug to v3. # this means we cannot satisfy the snyk requirement to upgrade werkzeug to v3.
# we have a ticket to workaround it: # we have a ticket to workaround it:
# https://github.com/sartography/spiff-arena/issues/592 # https://github.com/sartography/spiff-arena/issues/592
# SNYK-PYTHON-CRYPTOGRAPHY-6050294: # SNYK-PYTHON-CRYPTOGRAPHY-6050294:
@ -28,6 +28,11 @@ ignore:
reason: no fix available reason: no fix available
expires: 2024-11-01T00:00:00.000Z expires: 2024-11-01T00:00:00.000Z
created: 2024-05-02T17:22:47.098Z created: 2024-05-02T17:22:47.098Z
SNYK-PYTHON-WERKZEUG-6808933:
- '*':
reason: unable to upgrade. see above comment.
expires: 2024-11-01T00:00:00.000Z
created: 2024-05-13T17:22:47.098Z
patch: {} patch: {}

View File

@ -1324,13 +1324,13 @@ files = [
[[package]] [[package]]
name = "jinja2" name = "jinja2"
version = "3.1.3" version = "3.1.4"
description = "A very fast and expressive template engine." description = "A very fast and expressive template engine."
optional = false optional = false
python-versions = ">=3.7" python-versions = ">=3.7"
files = [ files = [
{file = "Jinja2-3.1.3-py3-none-any.whl", hash = "sha256:7d6d50dd97d52cbc355597bd845fabfbac3f551e1f99619e39a35ce8c370b5fa"}, {file = "jinja2-3.1.4-py3-none-any.whl", hash = "sha256:bc5dd2abb727a5319567b7a813e6a2e7318c39f4f487cfe6c89c6f9c7d25197d"},
{file = "Jinja2-3.1.3.tar.gz", hash = "sha256:ac8bd6544d4bb2c9792bf3a159e80bba8fda7f07e81bc3aed565432d5925ba90"}, {file = "jinja2-3.1.4.tar.gz", hash = "sha256:4a3aee7acbbe7303aede8e9648d13b8bf88a429282aa6122a993f0ac800cb369"},
] ]
[package.dependencies] [package.dependencies]