Skip to content

chore(deps): bump mako from 1.3.10 to 1.3.12 in /backend#35

Closed
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/uv/backend/mako-1.3.12
Closed

chore(deps): bump mako from 1.3.10 to 1.3.12 in /backend#35
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/uv/backend/mako-1.3.12

Conversation

@dependabot
Copy link
Copy Markdown

@dependabot dependabot Bot commented on behalf of github May 15, 2026
edited
Loading

Bumps mako from 1.3.10 to 1.3.12.

Release notes

Sourced from mako's releases.

1.3.12

Released: Tue Apr 28 2026

bug

  • [bug] [template] Fixed issue in TemplateLookup where a URI with backslash path separators (e.g. \..\secret.txt) could bypass the directory traversal check on Windows, allowing reads of arbitrary files outside of the template directory. Backslash characters in URIs are now normalized to forward slashes before path resolution.

    References: #435

1.3.11

Released: Tue Apr 14 2026

bug

  • [bug] [template] Fixed issue in TemplateLookup where a URI with a double-slash prefix (e.g. //../../) could bypass the directory traversal check in Template, allowing reads of arbitrary files outside of the template directory. The issue was caused by an inconsistency in how leading slashes were stripped between TemplateLookup.get_template() and Template initialization.

    References: #434

Commits

@dependabot dependabot Bot added dependencies Pull requests that update a dependency file python:uv Pull requests that update python:uv code labels May 15, 2026
@dependabot dependabot Bot requested a review from Gahroot as a code owner May 15, 2026 17:18
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file python:uv Pull requests that update python:uv code labels May 15, 2026
@vercel
Copy link
Copy Markdown

vercel Bot commented May 15, 2026
edited
Loading

The latest updates on your projects. Learn more about Vercel for GitHub.

Project Deployment Actions Updated (UTC)
aicrm Ready Ready Preview, Comment Jun 3, 2026 2:21pm
frontend Ready Ready Preview, Comment Jun 3, 2026 2:21pm

Request Review

@dependabot dependabot Bot force-pushed the dependabot/uv/backend/mako-1.3.12 branch from d03a4ca to 7885da8 Compare May 15, 2026 17:42
@dependabot dependabot Bot force-pushed the dependabot/uv/backend/mako-1.3.12 branch from 7885da8 to 0e8a629 Compare May 15, 2026 17:44
@dependabot dependabot Bot force-pushed the dependabot/uv/backend/mako-1.3.12 branch from 0e8a629 to c68e8a9 Compare May 15, 2026 17:56
@dependabot dependabot Bot force-pushed the dependabot/uv/backend/mako-1.3.12 branch from c68e8a9 to 9608fc3 Compare May 15, 2026 19:28
@dependabot dependabot Bot force-pushed the dependabot/uv/backend/mako-1.3.12 branch from 9608fc3 to 6c5b59b Compare May 15, 2026 20:07
@dependabot dependabot Bot changed the title chore(deps): bump mako from 1.3.10 to 1.3.12 in /backend build(deps): bump mako from 1.3.10 to 1.3.12 in /backend May 16, 2026
@dependabot dependabot Bot force-pushed the dependabot/uv/backend/mako-1.3.12 branch from 6c5b59b to 4991be9 Compare May 16, 2026 01:32
@dependabot dependabot Bot force-pushed the dependabot/uv/backend/mako-1.3.12 branch from 4991be9 to ade588b Compare May 16, 2026 02:37
@dependabot dependabot Bot force-pushed the dependabot/uv/backend/mako-1.3.12 branch from 0564761 to dea06ac Compare May 16, 2026 03:55
@dependabot dependabot Bot force-pushed the dependabot/uv/backend/mako-1.3.12 branch from dea06ac to edd7f04 Compare May 16, 2026 04:45
@dependabot dependabot Bot force-pushed the dependabot/uv/backend/mako-1.3.12 branch from edd7f04 to fd0add6 Compare May 16, 2026 05:17
@Gahroot
Copy link
Copy Markdown
Owner

Gahroot commented May 21, 2026

@dependabot rebase

@dependabot dependabot Bot force-pushed the dependabot/uv/backend/mako-1.3.12 branch from fd0add6 to f4c02cd Compare May 21, 2026 16:13
@Gahroot
Copy link
Copy Markdown
Owner

Gahroot commented May 21, 2026

@dependabot rebase

@dependabot dependabot Bot force-pushed the dependabot/uv/backend/mako-1.3.12 branch from f4c02cd to ff1014c Compare May 21, 2026 16:19
@dependabot dependabot Bot changed the title build(deps): bump mako from 1.3.10 to 1.3.12 in /backend chore(deps): bump mako from 1.3.10 to 1.3.12 in /backend Jun 1, 2026
@dependabot dependabot Bot force-pushed the dependabot/uv/backend/mako-1.3.12 branch from ff1014c to ff7fa4c Compare June 1, 2026 22:35
@dependabot
chore(deps): bump mako from 1.3.10 to 1.3.12 in /backend
ce63955 
Bumps [mako](https://github.com/sqlalchemy/mako) from 1.3.10 to 1.3.12.
- [Release notes](https://github.com/sqlalchemy/mako/releases)
- [Changelog](https://github.com/sqlalchemy/mako/blob/main/CHANGES)
- [Commits](https://github.com/sqlalchemy/mako/commits)

---
updated-dependencies:
- dependency-name: mako
  dependency-version: 1.3.12
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot force-pushed the dependabot/uv/backend/mako-1.3.12 branch from ff7fa4c to ce63955 Compare June 3, 2026 14:20
@dependabot @github
Copy link
Copy Markdown
Author

dependabot Bot commented on behalf of github Jun 4, 2026

Looks like mako is up-to-date now, so this is no longer needed.

@dependabot dependabot Bot closed this Jun 4, 2026
@dependabot dependabot Bot deleted the dependabot/uv/backend/mako-1.3.12 branch June 4, 2026 17:35
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@Gahroot Gahroot Awaiting requested review from Gahroot Gahroot is a code owner

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file python:uv Pull requests that update python:uv code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@Gahroot