Fix potential security issues with jinja2 and pyyaml dep

Added escaping to jinja templates. With PyYAML dependency, accidentally
added '<3.4.1' whereas the intent was to make it '==3.4.1', while fixing
as per dependabot alert. Fixed it now.

Signed-off-by: Rushi Agrawal <rushi.agr@gmail.com>
This commit is contained in:
Rushi Agrawal
2021-09-09 18:41:44 +05:30
parent d0edcc5c87
commit f4891be3c3
2 changed files with 3 additions and 2 deletions
+1 -1
View File
@@ -12,7 +12,7 @@ numpy; python_version<"3.10"
pandas; python_version<"3.10"
pyyaml>=5.4; python_version>="3.6"
pyyaml<5.3.1; python_version<"3.6"
pyyaml==5.3.1; python_version<"3.6"
isort
black; python_version>="3.6"
+2 -1
View File
@@ -42,7 +42,7 @@ import black
import unasync
import urllib3
from click.testing import CliRunner
from jinja2 import Environment, FileSystemLoader, TemplateNotFound
from jinja2 import Environment, FileSystemLoader, TemplateNotFound, select_autoescape
http = urllib3.PoolManager()
@@ -67,6 +67,7 @@ GLOBAL_QUERY_PARAMS = {
}
jinja_env = Environment(
autoescape=select_autoescape(["html", "xml"]),
loader=FileSystemLoader([CODE_ROOT / "utils" / "templates"]),
trim_blocks=True,
lstrip_blocks=True,