fix one snyk issue and ignore another

spiffworkflow-backend/.snyk

@@ -5,7 +5,7 @@ ignore:
   # in case snyk wants werkzeug v3, in the future:
   # we cannot upgrade werkzeug because it breaks connexion
   # and we can't upgrade connexion because it downgrades werkzeug.
-  # this means we cannot satisfy the snyk requiement to upgrade werkzeug to v3.
+  # this means we cannot satisfy the snyk requirement to upgrade werkzeug to v3.
   # we have a ticket to workaround it:
   #   https://github.com/sartography/spiff-arena/issues/592
   # SNYK-PYTHON-CRYPTOGRAPHY-6050294:
@@ -28,6 +28,11 @@ ignore:
         reason: no fix available
         expires: 2024-11-01T00:00:00.000Z
         created: 2024-05-02T17:22:47.098Z
+  SNYK-PYTHON-WERKZEUG-6808933:
+    - '*':
+        reason: unable to upgrade. see above comment.
+        expires: 2024-11-01T00:00:00.000Z
+        created: 2024-05-13T17:22:47.098Z
 
 patch: {}
 

spiffworkflow-backend/poetry.lock

@@ -1324,13 +1324,13 @@ files = [
 
 [[package]]
 name = "jinja2"
-version = "3.1.3"
+version = "3.1.4"
 description = "A very fast and expressive template engine."
 optional = false
 python-versions = ">=3.7"
 files = [
-    {file = "Jinja2-3.1.3-py3-none-any.whl", hash = "sha256:7d6d50dd97d52cbc355597bd845fabfbac3f551e1f99619e39a35ce8c370b5fa"},
-    {file = "Jinja2-3.1.3.tar.gz", hash = "sha256:ac8bd6544d4bb2c9792bf3a159e80bba8fda7f07e81bc3aed565432d5925ba90"},
+    {file = "jinja2-3.1.4-py3-none-any.whl", hash = "sha256:bc5dd2abb727a5319567b7a813e6a2e7318c39f4f487cfe6c89c6f9c7d25197d"},
+    {file = "jinja2-3.1.4.tar.gz", hash = "sha256:4a3aee7acbbe7303aede8e9648d13b8bf88a429282aa6122a993f0ac800cb369"},
 ]
 
 [package.dependencies]