Skip to content

fix(deps): vuln minor: requests · patch: jinja2 [src/emailservice]#50

Open
gh-worker-campaigns-3e9aa4[bot] wants to merge 1 commit into
mainfrom
engraver-auto-version-upgrade/minorpatch/pip/emailservice/9-1781532572
Open

fix(deps): vuln minor: requests · patch: jinja2 [src/emailservice]#50
gh-worker-campaigns-3e9aa4[bot] wants to merge 1 commit into
mainfrom
engraver-auto-version-upgrade/minorpatch/pip/emailservice/9-1781532572

Conversation

@gh-worker-campaigns-3e9aa4

@gh-worker-campaigns-3e9aa4 gh-worker-campaigns-3e9aa4 Bot commented Jun 15, 2026

Copy link
Copy Markdown

Summary: Security update — 2 packages upgraded (MINOR changes included)

Manifests changed:

  • src/emailservice (pip)

✅ Action Required: Please review the changes below. If they look good, approve and merge this PR.

Updates

Package From To Type Dep Type Vulnerabilities Fixed
requests 2.31.0 2.34.2 minor Direct 6 MEDIUM
jinja2 3.1.4 3.1.6 patch Direct 6 MEDIUM

Security Details

ℹ️ Other Vulnerabilities (12)
Package CVE Severity Summary Unsafe Version Fixed In
jinja2 GHSA-cpwx-vrp4-4pq7 MODERATE Jinja2 vulnerable to sandbox breakout through attr filter selecting format method 3.1.4 3.1.6
jinja2 CVE-2025-27516 MODERATE Jinja sandbox breakout through attr filter selecting format method 3.1.4 -
jinja2 GHSA-gmj6-6f8f-6699 MODERATE Jinja has a sandbox breakout through malicious filenames 3.1.4 3.1.5
jinja2 CVE-2024-56201 MODERATE Jinja has a sandbox breakout through malicious filenames 3.1.4 -
jinja2 GHSA-q2x7-8rv6-6q7h MODERATE Jinja has a sandbox breakout through indirect reference to format method 3.1.4 3.1.5
jinja2 CVE-2024-56326 MODERATE Jinja has a sandbox breakout through indirect reference to format method 3.1.4 -
requests GHSA-gc5v-m9x4-r6x2 MODERATE Requests has Insecure Temp File Reuse in its extract_zipped_paths() utility function 2.31.0 2.33.0
requests CVE-2026-25645 MODERATE Requests has Insecure Temp File Reuse in its extract_zipped_paths() utility function 2.31.0 -
requests GHSA-9wx4-h78v-vm56 MODERATE Requests Session object does not verify requests after making first request with verify=False 2.31.0 2.32.0
requests CVE-2024-35195 MODERATE Requests Session object does not verify requests after making first request with verify=False 2.31.0 -
requests GHSA-9hjg-9r4m-mvj7 MODERATE Requests vulnerable to .netrc credentials leak via malicious URLs 2.31.0 2.32.4
requests CVE-2024-47081 MODERATE Requests vulnerable to .netrc credentials leak via malicious URLs 2.31.0 -
⚠️ Dependencies that have Reached EOL (1)
Dependency Unsafe Version EOL Date New Version Path
requests 2.31.0 - 2.34.2 src/emailservice/requirements.in

Review Checklist

Standard review:

  • Review changes for compatibility with your code
  • Check for breaking changes in release notes
  • Run tests locally or wait for CI
  • Approve and merge this PR

Update Mode: all_vulns

🤖 Generated by DataDog Automated Dependency Management System

@campaigner-prod campaigner-prod Bot marked this pull request as ready for review June 16, 2026 12:18
@dd-prapprover

dd-prapprover Bot commented Jun 16, 2026
edited
Loading

Copy link
Copy Markdown

PRApprover will approve and merge this PR, FAQ, #dx-source-code-management

🛠️ PRApproval Status

  • ✅ PR is eligible for auto-approval by rule dependency-management-version-updater - 2026-06-16T12:21:15Z
  • ⬜ CI tests passed
  • ⬜ Approved
  • ⬜ Merge Started
  • ⬜ Merged

➡️ Current phase: waiting for CI tests to complete...

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

adms-dependency-update adms-fixes-eol adms-medium-severity adms-minor-update adms-mode-all-vulns adms-python campaigner-automated-change

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants