Merge pull request #9630 from haskell/mergify/bp/3.10/pr-9619

mergify[bot] · web-flow · commit 767973df2ddc · 2024-01-20T02:30:11.000Z
update jinja2 per CVE-2024-22195 (backport #9619)
diff --git a/doc/requirements.in b/doc/requirements.in
@@ -4,5 +4,9 @@ sphinx-jsonschema
 sphinxnotes-strike
 # Pygments>=2.7.4 suggested by CVE-2021-20270 CVE-2021-27291
 Pygments >= 2.7.4
-# Suggested by dependabot in https://github.com/haskell/cabal/pull/8807
-certifi >= 2022.12.7
+# CVE-2023-37920
+certifi >= 2023.07.22
+# CVE-2023-45803
+urllib3 >= 2.0.7
+# CVE-2024-22195
+jinja2 == 3.1.3
diff --git a/doc/requirements.txt b/doc/requirements.txt
@@ -23,9 +23,11 @@ idna==2.10
     # via requests
 imagesize==1.4.1
     # via sphinx
-jinja2==3.1.2
-    # via sphinx
-jsonpointer==2.1
+jinja2==3.1.3
+    # via
+    #   -r requirements.in
+    #   sphinx
+jsonpointer==2.3
     # via sphinx-jsonschema
 markupsafe==2.1.2
     # via jinja2
