Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Bump jinja2 from 3.1.4 to 3.1.5 in /src/api in the pip group across 1 directory #320

Open
wants to merge 1 commit into
base: main
Choose a base branch
from

Conversation

dependabot[bot]
Copy link

@dependabot dependabot bot commented on behalf of github Dec 24, 2024

Bumps the pip group with 1 update in the /src/api directory: jinja2.

Updates jinja2 from 3.1.4 to 3.1.5

Release notes

Sourced from jinja2's releases.

3.1.5

This is the Jinja 3.1.5 security fix release, which fixes security issues and bugs but does not otherwise change behavior and should not result in breaking changes compared to the latest feature release.

PyPI: https://pypi.org/project/Jinja2/3.1.5/ Changes: https://jinja.palletsprojects.com/changes/#version-3-1-5 Milestone: https://github.com/pallets/jinja/milestone/16?closed=1

  • The sandboxed environment handles indirect calls to str.format, such as by passing a stored reference to a filter that calls its argument. GHSA-q2x7-8rv6-6q7h
  • Escape template name before formatting it into error messages, to avoid issues with names that contain f-string syntax. #1792, GHSA-gmj6-6f8f-6699
  • Sandbox does not allow clear and pop on known mutable sequence types. #2032
  • Calling sync render for an async template uses asyncio.run. #1952
  • Avoid unclosed auto_aiter warnings. #1960
  • Return an aclose-able AsyncGenerator from Template.generate_async. #1960
  • Avoid leaving root_render_func() unclosed in Template.generate_async. #1960
  • Avoid leaving async generators unclosed in blocks, includes and extends. #1960
  • The runtime uses the correct concat function for the current environment when calling block references. #1701
  • Make |unique async-aware, allowing it to be used after another async-aware filter. #1781
  • |int filter handles OverflowError from scientific notation. #1921
  • Make compiling deterministic for tuple unpacking in a {% set ... %} call. #2021
  • Fix dunder protocol (copy/pickle/etc) interaction with Undefined objects. #2025
  • Fix copy/pickle support for the internal missing object. #2027
  • Environment.overlay(enable_async) is applied correctly. #2061
  • The error message from FileSystemLoader includes the paths that were searched. #1661
  • PackageLoader shows a clearer error message when the package does not contain the templates directory. #1705
  • Improve annotations for methods returning copies. #1880
  • urlize does not add mailto: to values like @a@b. #1870
  • Tests decorated with @pass_context can be used with the |select filter. #1624
  • Using set for multiple assignment (a, b = 1, 2) does not fail when the target is a namespace attribute. #1413
  • Using set in all branches of {% if %}{% elif %}{% else %} blocks does not cause the variable to be considered initially undefined. #1253
Changelog

Sourced from jinja2's changelog.

Version 3.1.5

Released 2024-12-21

  • The sandboxed environment handles indirect calls to str.format, such as by passing a stored reference to a filter that calls its argument. :ghsa:q2x7-8rv6-6q7h
  • Escape template name before formatting it into error messages, to avoid issues with names that contain f-string syntax. :issue:1792, :ghsa:gmj6-6f8f-6699
  • Sandbox does not allow clear and pop on known mutable sequence types. :issue:2032
  • Calling sync render for an async template uses asyncio.run. :pr:1952
  • Avoid unclosed auto_aiter warnings. :pr:1960
  • Return an aclose-able AsyncGenerator from Template.generate_async. :pr:1960
  • Avoid leaving root_render_func() unclosed in Template.generate_async. :pr:1960
  • Avoid leaving async generators unclosed in blocks, includes and extends. :pr:1960
  • The runtime uses the correct concat function for the current environment when calling block references. :issue:1701
  • Make |unique async-aware, allowing it to be used after another async-aware filter. :issue:1781
  • |int filter handles OverflowError from scientific notation. :issue:1921
  • Make compiling deterministic for tuple unpacking in a {% set ... %} call. :issue:2021
  • Fix dunder protocol (copy/pickle/etc) interaction with Undefined objects. :issue:2025
  • Fix copy/pickle support for the internal missing object. :issue:2027
  • Environment.overlay(enable_async) is applied correctly. :pr:2061
  • The error message from FileSystemLoader includes the paths that were searched. :issue:1661
  • PackageLoader shows a clearer error message when the package does not contain the templates directory. :issue:1705
  • Improve annotations for methods returning copies. :pr:1880
  • urlize does not add mailto: to values like @a@b. :pr:1870
  • Tests decorated with @pass_context`` can be used with the ``|select`` filter. :issue:1624`
  • Using set for multiple assignment (a, b = 1, 2) does not fail when the target is a namespace attribute. :issue:1413
  • Using set in all branches of {% if %}{% elif %}{% else %} blocks does not cause the variable to be considered initially undefined. :issue:1253
Commits
  • 877f6e5 release version 3.1.5
  • 8d58859 remove test pypi
  • eda8fe8 update dev dependencies
  • c8fdce1 Fix bug involving calling set on a template parameter within all branches of ...
  • 66587ce Fix bug where set would sometimes fail within if
  • fbc3a69 Add support for namespaces in tuple parsing (#1664)
  • b8f4831 more comments about nsref assignment
  • ee83219 Add support for namespaces in tuple assignment
  • 1d55cdd Triple quotes in docs (#2064)
  • 8a8eafc edit block assignment section
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions
    You can disable automated security fix PRs for this repo from the Security Alerts page.

Bumps the pip group with 1 update in the /src/api directory: [jinja2](https://github.com/pallets/jinja).


Updates `jinja2` from 3.1.4 to 3.1.5
- [Release notes](https://github.com/pallets/jinja/releases)
- [Changelog](https://github.com/pallets/jinja/blob/main/CHANGES.rst)
- [Commits](pallets/jinja@3.1.4...3.1.5)

---
updated-dependencies:
- dependency-name: jinja2
  dependency-type: indirect
  dependency-group: pip
...

Signed-off-by: dependabot[bot] <[email protected]>
Copy link

Current benchmark

Type Name Request Count Failure Count Median Response Time Average Response Time Min Response Time Max Response Time Average Content Size Requests/s Failures/s 50% 66% 75% 80% 90% 95% 98% 99% 99.9% 99.99% 100% git timestamp version
GET /auth/whoami 34 0 380.0 522.2277522058755 1.9837599999732447 1505.445285999997 160.0 1.1881073934379378 0.0 380 490 880 1000 1300 1500 1500 1500 1500 1500 1500 534af22 2024-12-24 00:24:45.986020+00:00 0.16.0
POST /dynamique/session/ 33 0 490.0 696.3065630605955 10.485292999987903 1680.7342199999766 45.0 1.153163058336822 0.0 490 1000 1100 1300 1400 1600 1700 1700 1700 1700 1700 534af22 2024-12-24 00:24:45.986020+00:00 0.16.0
POST /dynamique/session/bulk 23 0 730.0 762.8833272608739 35.474752000027365 1461.6457089999813 411.0 0.8037197073256639 0.0 730 990 1300 1300 1300 1400 1500 1500 1500 1500 1500 534af22 2024-12-24 00:24:45.986020+00:00 0.16.0
GET /dynamique/status/ 33 0 790.0 755.9346955151505 16.47454600004039 2300.718704000019 285.0 1.153163058336822 0.0 790 900 930 1000 1300 1300 2300 2300 2300 2300 2300 534af22 2024-12-24 00:24:45.986020+00:00 0.16.0
POST /dynamique/status/ 31 0 650.0 743.46422451613 18.83632099998067 2300.6995790000246 45.0 1.0832743881345903 0.0 650 910 1200 1300 1600 1700 2300 2300 2300 2300 2300 534af22 2024-12-24 00:24:45.986020+00:00 0.16.0
GET /dynamique/status/FRALLEGO002006P3 35 0 1100.0 1007.1714315142864 13.812233999999536 2049.1189129999725 283.0 1.2230517285390536 0.0 1100 1200 1200 1400 1700 2000 2000 2000 2000 2000 2000 534af22 2024-12-24 00:24:45.986020+00:00 0.16.0
GET /dynamique/status/FRALLEGO002006P3/history 33 0 550.0 747.8918719393938 28.412806999995155 1684.926278999967 34502.69696969697 1.153163058336822 0.0 550 920 1000 1300 1600 1700 1700 1700 1700 1700 1700 534af22 2024-12-24 00:24:45.986020+00:00 0.16.0
POST /dynamique/status/bulk 24 0 680.0 748.5508326666637 18.383221999954458 1644.259854999973 411.0 0.8386640424267796 0.0 800 940 1200 1300 1400 1400 1600 1600 1600 1600 1600 534af22 2024-12-24 00:24:45.986020+00:00 0.16.0
POST /statique/ 33 15 910.0 874.0824903333286 12.251581999976224 2300.585399999989 56.63636363636363 1.153163058336822 0.5241650265167372 910 1100 1200 1400 1400 2000 2300 2300 2300 2300 2300 534af22 2024-12-24 00:24:45.986020+00:00 0.16.0
GET /statique/?limit=10 28 0 740.0 814.9252380714245 32.88698500000464 1686.528549000002 13826.75 0.9784413828312428 0.0 780 890 1200 1200 1600 1700 1700 1700 1700 1700 1700 534af22 2024-12-24 00:24:45.986020+00:00 0.16.0
GET /statique/?limit=100 32 0 1000.0 971.10268265625 138.16811700002063 1680.0318380000476 129006.78125 1.118218723235706 0.0 1000 1200 1300 1300 1400 1600 1700 1700 1700 1700 1700 534af22 2024-12-24 00:24:45.986020+00:00 0.16.0
PUT /statique/FR073EP7QU5233 30 0 760.0 793.074073699997 30.738014999997176 1680.6841179999878 1371.0 1.0483300530334745 0.0 870 1100 1300 1300 1500 1600 1700 1700 1700 1700 1700 534af22 2024-12-24 00:24:45.986020+00:00 0.16.0
GET /statique/FRALLEGO002006P3 34 0 720.0 778.5134956470572 42.35473800002865 1662.2979040000132 1202.0 1.1881073934379378 0.0 810 1100 1200 1300 1500 1600 1700 1700 1700 1700 1700 534af22 2024-12-24 00:24:45.986020+00:00 0.16.0
POST /statique/bulk 32 0 1000.0 1036.246057499996 356.24933099995815 1688.2504429999583 1122.53125 1.118218723235706 0.0 1000 1300 1300 1400 1600 1700 1700 1700 1700 1700 1700 534af22 2024-12-24 00:24:45.986020+00:00 0.16.0
Aggregated 435 15 790.0 805.3552506919506 1.9837599999732447 2300.718704000019 13380.896551724138 15.200785768985382 0.5241650265167372 790 1000 1200 1300 1400 1600 1700 2000 2300 2300 2300 534af22 2024-12-24 00:24:45.986020+00:00 0.16.0

Comparison with the latest previous benchmark

A lower (negative) value means the current version performs better than the previous one.

Type Name Request Count Failure Count Median Response Time Average Response Time Min Response Time Max Response Time Average Content Size Requests/s
GET /auth/whoami
POST /dynamique/session/
POST /dynamique/session/bulk
GET /dynamique/status/
POST /dynamique/status/
GET /dynamique/status/FRALLEGO002006P3
GET /dynamique/status/FRALLEGO002006P3/history
POST /dynamique/status/bulk
POST /statique/
GET /statique/?limit=10
GET /statique/?limit=100
PUT /statique/FR073EP7QU5233
GET /statique/FRALLEGO002006P3
POST /statique/bulk
Aggregated

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

Successfully merging this pull request may close these issues.

0 participants