Skip to content

VULN UPGRADE: minor upgrades — 7 packages (minor: 3 · patch: 4) [src/emailservice]#35

Open
campaigner-prod[bot] wants to merge 1 commit intomainfrom
engraver-auto-version-upgrade/minorpatch/pip/emailservice/5-1770993595
Open

VULN UPGRADE: minor upgrades — 7 packages (minor: 3 · patch: 4) [src/emailservice]#35
campaigner-prod[bot] wants to merge 1 commit intomainfrom
engraver-auto-version-upgrade/minorpatch/pip/emailservice/5-1770993595

Conversation

@campaigner-prod
Copy link

@campaigner-prod campaigner-prod bot commented Feb 13, 2026

Summary: Security update — 7 packages upgraded (MINOR changes included)

Manifests changed:

  • src/emailservice (pip)

Updates

Package From To Type Vulnerabilities Fixed
jinja2 3.1.4 3.1.6 patch 6 MODERATE
requests 2.31.0 2.32.5 minor 4 MODERATE
google-api-core 2.18.0 2.29.0 minor -
opentelemetry-exporter-otlp-proto-grpc 1.24.0 1.39.1 minor -
google-cloud-trace 1.13.3 1.13.5 patch -
grpcio 1.62.2 1.62.3 patch -
grpcio-health-checking 1.62.2 1.62.3 patch -

Packages marked with "-" are updated due to dependency constraints.

Security Details

ℹ️ Other Vulnerabilities (10)
Package CVE Severity Summary Unsafe Version Fixed In
jinja2 GHSA-q2x7-8rv6-6q7h MODERATE Jinja has a sandbox breakout through indirect reference to format method 3.1.4 3.1.5
jinja2 CVE-2024-56326 MODERATE Jinja has a sandbox breakout through indirect reference to format method 3.1.4 -
jinja2 GHSA-cpwx-vrp4-4pq7 MODERATE Jinja2 vulnerable to sandbox breakout through attr filter selecting format method 3.1.4 3.1.6
jinja2 CVE-2025-27516 MODERATE Jinja sandbox breakout through attr filter selecting format method 3.1.4 -
jinja2 GHSA-gmj6-6f8f-6699 MODERATE Jinja has a sandbox breakout through malicious filenames 3.1.4 3.1.5
jinja2 CVE-2024-56201 MODERATE Jinja has a sandbox breakout through malicious filenames 3.1.4 -
requests GHSA-9wx4-h78v-vm56 MODERATE Requests Session object does not verify requests after making first request with verify=False 2.31.0 2.32.0
requests CVE-2024-35195 MODERATE Requests Session object does not verify requests after making first request with verify=False 2.31.0 -
requests GHSA-9hjg-9r4m-mvj7 MODERATE Requests vulnerable to .netrc credentials leak via malicious URLs 2.31.0 2.32.4
requests CVE-2024-47081 MODERATE Requests vulnerable to .netrc credentials leak via malicious URLs 2.31.0 -
⚠️ Dependencies that have Reached EOL (1)
Dependency Unsafe Version EOL Date New Version Path
requests 2.31.0 - 2.32.5 src/emailservice/requirements.in

Review Checklist

Standard review:

  • Review changes for compatibility with your code
  • Check for breaking changes in release notes
  • Run tests locally or wait for CI

Update Mode: Vulnerability Remediation

🤖 Generated by DataDog Automated Dependency Management System

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

adms-dependency-update adms-fixes-eol adms-medium-severity adms-minor-update adms-mode-all-updates adms-python campaigner-automated-change

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants