You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
There is apparently a vulnerability in jinja2 < 3.1.3 which triggers a security alert when pushing to Spine-Database-API, spine-engine and Spine-Toolbox repositories because their requirements.txt files restrict jinja2 < 3.0 with a comment stating that the restriction comes from Dagster
We should just remove the restriction from Spine-Database-API because it does not depend on Dagster in any way.
I am not sure what to do with Spine-Engine, though. Perhaps we need to try to upgrade to latest Dagster?
The text was updated successfully, but these errors were encountered:
The jinja2 requirement is in spinedb_api/docs/requirements.txt and it was added there so that the spinedb-api docs requirements would install the same version of Sphinx as spinetoolbox/docs/requirements.txt. If we don't do that, there is a dependency conflict (there is an older issue on this). I don't know how to deal with the security alert though. Do a lot of people actually install the docs requirements using the spinedb-api/docs/requirements.txt. Maybe we should remove it and point them to the spinetoolbox/docs/requirements.txt instead.
There is apparently a vulnerability in jinja2 < 3.1.3 which triggers a security alert when pushing to Spine-Database-API, spine-engine and Spine-Toolbox repositories because their
requirements.txt
files restrict jinja2 < 3.0 with a comment stating that the restriction comes from DagsterWe should just remove the restriction from Spine-Database-API because it does not depend on Dagster in any way.
I am not sure what to do with Spine-Engine, though. Perhaps we need to try to upgrade to latest Dagster?
The text was updated successfully, but these errors were encountered: