mistercrunch commented on PR #31636: URL: https://github.com/apache/superset/pull/31636#issuecomment-2565692265
you'll want to run `pip-compile-multi -P jinja2` or CI is going to fail, could also be good to bump the lower bound here -> https://github.com/apache/superset/blob/master/pyproject.toml#L64 . I just realized that `jinja2` isn't listed as a direct dependency in our `pyproject.toml` though it should be since we use it directly in the package. Guessing we never added it since it's a sub-dependency of Flask and other packages we import. Since we use it directly, let's add an entry: ``` # 3.1.4 has a known security vulnerability "jinja2>=3.1.5", ``` You'll want to: 1. add this line to pyproject.toml 2. run `pip-compile-multi -P jinja2` 3. commit and push -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: notifications-unsubscr...@superset.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org --------------------------------------------------------------------- To unsubscribe, e-mail: notifications-unsubscr...@superset.apache.org For additional commands, e-mail: notifications-h...@superset.apache.org
