catalin/moto
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity

Bump Jinja2 to >=2.10.1, addresses CVE-2019-10906

Browse source 
Given how moto is intended to be used, and how it uses Jinja2, [CVE-2019-10906](https://nvd.nist.gov/vuln/detail/CVE-2019-10906) is unlikely to affect many users, but we should use a secure version anyway just in case moto is being used in unforeseen ways.
This commit is contained in:
Dan Palmer 2019-04-15 10:48:55 +01:00 committed by GitHub
commit e28bcf20ea
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 1 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

2
setup.py
View file

@ -19,7 +19,7 @@ def read(*parts):
install_requires = [
"Jinja2>=2.7.3",
"Jinja2>=2.10.1",
"boto>=2.36.0",
"boto3>=1.9.86",
"botocore>=1.12.86",