You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Hey @eugene-nikolaev, dbt started tightly pinning Jinja2 because of a breaking change in a patch release last year (April 2020, see 626f835 in #2318).
Thanks for calling out the security advisory. We currently intend to bump the Jinja2 pin (#3077), along with all other pinned dependencies, before the next minor version of dbt.
Hello!
Describe the bug
Tried to resolve a security alert:
GHSA-g3rq-g295-4j3m
But
jinja2
version is harcoded herehttps://github.com/fishtown-analytics/dbt/blob/77c10713a325d2bee91d1822951ce5d91ccc3278/core/setup.py#L62
So I was not able to bump up the version within my project.
Steps To Reproduce
Expected behavior
jinja2 to be upgraded
Screenshots and log output
not applicable
System information
Which database are you using dbt with?
The output of
dbt --version
:But basically it was merged in master in: 626f835
so not only
The operating system you're using:
MacOS
The output of
python --version
:Python 3.7.7
Additional context
Add any other context about the problem here.
The text was updated successfully, but these errors were encountered: