From a87ee680b941db45b1962a872898babef32e68fb Mon Sep 17 00:00:00 2001
From: "github.actions" <actions@users.noreply.github.com>
Date: Fri, 10 Jan 2025 08:06:41 +0000
Subject: [PATCH] Latest data: Fri Jan 10 08:06:41 UTC 2025

---
 audits/aider-requirements.audit.json         |  6 +++-
 audits/ansible-lint-requirements.audit.json  |  6 +++-
 audits/certsync-requirements.audit.json      |  6 +++-
 audits/charmcraft-requirements.audit.json    |  6 +++-
 audits/gdbgui-requirements.audit.json        |  6 +++-
 audits/gi-docgen-requirements.audit.json     |  6 +++-
 audits/harlequin-requirements.audit.json     |  6 +++-
 audits/libplacebo-requirements.audit.json    |  6 +++-
 audits/litani-requirements.audit.json        |  6 +++-
 audits/mentat-requirements.audit.json        |  6 +++-
 audits/organize-tool-requirements.audit.json |  6 +++-
 audits/pytorch-requirements.audit.json       |  6 +++-
 audits/recon-ng-requirements.audit.json      |  6 +++-
 audits/sail-requirements.audit.json          |  6 +++-
 audits/vunnel-requirements.audit.json        |  6 +++-
 requirements/apprise-requirements.txt        |  6 ++--
 requirements/bzt-requirements.txt            | 28 +++++++++---------
 requirements/cfn-lint-requirements.txt       |  6 ++--
 requirements/dstack-requirements.txt         | 30 ++++++++++----------
 requirements/literate-git-requirements.txt   |  4 +--
 requirements/ola-requirements.txt            |  2 +-
 requirements/ruff-lsp-requirements.txt       |  2 +-
 22 files changed, 114 insertions(+), 54 deletions(-)

diff --git a/audits/aider-requirements.audit.json b/audits/aider-requirements.audit.json
index 957f9d5e..d0d93aaf 100644
--- a/audits/aider-requirements.audit.json
+++ b/audits/aider-requirements.audit.json
@@ -24,8 +24,10 @@
           "CGA-gvvw-7w3r-7m54",
           "CGA-h79h-32w2-7vmp",
           "CGA-jjj9-fv4h-c9cv",
+          "CGA-jr6g-xxjr-rgc8",
           "CGA-mvqg-6j62-4pjm",
           "CGA-vj5f-6mc5-q329",
+          "CGA-w9xc-2j9j-8rrv",
           "CGA-whf8-42p9-686q"
         ],
         "summary": "Jinja has a sandbox breakout through malicious filenames",
@@ -129,8 +131,10 @@
           "CGA-f7wq-crqm-v76f",
           "CGA-gm37-p355-3fq6",
           "CGA-h3v9-xgx5-mrgr",
+          "CGA-hvm4-vp8w-6q8r",
           "CGA-p9v5-jpj2-q3ww",
-          "CGA-rx48-pgcw-gx64"
+          "CGA-rx48-pgcw-gx64",
+          "CGA-w2xv-8gr2-xp8m"
         ],
         "summary": "Jinja has a sandbox breakout through indirect reference to format method",
         "details": "An oversight in how the Jinja sandboxed environment detects calls to `str.format` allows an attacker that controls the content of a template to execute arbitrary Python code.\n\nTo exploit the vulnerability, an attacker needs to control the content of a template. Whether that is the case depends on the type of application using Jinja. This vulnerability impacts users of applications which execute untrusted templates.\n\nJinja's sandbox does catch calls to `str.format` and ensures they don't escape the sandbox. However, it's possible to store a reference to a malicious string's `format` method, then pass that to a filter that calls it. No such filters are built-in to Jinja, but could be present through custom filters in an application. After the fix, such indirect calls are also handled by the sandbox.",
diff --git a/audits/ansible-lint-requirements.audit.json b/audits/ansible-lint-requirements.audit.json
index 3b454e64..b800aff7 100644
--- a/audits/ansible-lint-requirements.audit.json
+++ b/audits/ansible-lint-requirements.audit.json
@@ -24,8 +24,10 @@
           "CGA-gvvw-7w3r-7m54",
           "CGA-h79h-32w2-7vmp",
           "CGA-jjj9-fv4h-c9cv",
+          "CGA-jr6g-xxjr-rgc8",
           "CGA-mvqg-6j62-4pjm",
           "CGA-vj5f-6mc5-q329",
+          "CGA-w9xc-2j9j-8rrv",
           "CGA-whf8-42p9-686q"
         ],
         "summary": "Jinja has a sandbox breakout through malicious filenames",
@@ -129,8 +131,10 @@
           "CGA-f7wq-crqm-v76f",
           "CGA-gm37-p355-3fq6",
           "CGA-h3v9-xgx5-mrgr",
+          "CGA-hvm4-vp8w-6q8r",
           "CGA-p9v5-jpj2-q3ww",
-          "CGA-rx48-pgcw-gx64"
+          "CGA-rx48-pgcw-gx64",
+          "CGA-w2xv-8gr2-xp8m"
         ],
         "summary": "Jinja has a sandbox breakout through indirect reference to format method",
         "details": "An oversight in how the Jinja sandboxed environment detects calls to `str.format` allows an attacker that controls the content of a template to execute arbitrary Python code.\n\nTo exploit the vulnerability, an attacker needs to control the content of a template. Whether that is the case depends on the type of application using Jinja. This vulnerability impacts users of applications which execute untrusted templates.\n\nJinja's sandbox does catch calls to `str.format` and ensures they don't escape the sandbox. However, it's possible to store a reference to a malicious string's `format` method, then pass that to a filter that calls it. No such filters are built-in to Jinja, but could be present through custom filters in an application. After the fix, such indirect calls are also handled by the sandbox.",
diff --git a/audits/certsync-requirements.audit.json b/audits/certsync-requirements.audit.json
index 9835ba76..3ad57626 100644
--- a/audits/certsync-requirements.audit.json
+++ b/audits/certsync-requirements.audit.json
@@ -24,8 +24,10 @@
           "CGA-gvvw-7w3r-7m54",
           "CGA-h79h-32w2-7vmp",
           "CGA-jjj9-fv4h-c9cv",
+          "CGA-jr6g-xxjr-rgc8",
           "CGA-mvqg-6j62-4pjm",
           "CGA-vj5f-6mc5-q329",
+          "CGA-w9xc-2j9j-8rrv",
           "CGA-whf8-42p9-686q"
         ],
         "summary": "Jinja has a sandbox breakout through malicious filenames",
@@ -129,8 +131,10 @@
           "CGA-f7wq-crqm-v76f",
           "CGA-gm37-p355-3fq6",
           "CGA-h3v9-xgx5-mrgr",
+          "CGA-hvm4-vp8w-6q8r",
           "CGA-p9v5-jpj2-q3ww",
-          "CGA-rx48-pgcw-gx64"
+          "CGA-rx48-pgcw-gx64",
+          "CGA-w2xv-8gr2-xp8m"
         ],
         "summary": "Jinja has a sandbox breakout through indirect reference to format method",
         "details": "An oversight in how the Jinja sandboxed environment detects calls to `str.format` allows an attacker that controls the content of a template to execute arbitrary Python code.\n\nTo exploit the vulnerability, an attacker needs to control the content of a template. Whether that is the case depends on the type of application using Jinja. This vulnerability impacts users of applications which execute untrusted templates.\n\nJinja's sandbox does catch calls to `str.format` and ensures they don't escape the sandbox. However, it's possible to store a reference to a malicious string's `format` method, then pass that to a filter that calls it. No such filters are built-in to Jinja, but could be present through custom filters in an application. After the fix, such indirect calls are also handled by the sandbox.",
diff --git a/audits/charmcraft-requirements.audit.json b/audits/charmcraft-requirements.audit.json
index 425ccef1..bf82fb9c 100644
--- a/audits/charmcraft-requirements.audit.json
+++ b/audits/charmcraft-requirements.audit.json
@@ -24,8 +24,10 @@
           "CGA-gvvw-7w3r-7m54",
           "CGA-h79h-32w2-7vmp",
           "CGA-jjj9-fv4h-c9cv",
+          "CGA-jr6g-xxjr-rgc8",
           "CGA-mvqg-6j62-4pjm",
           "CGA-vj5f-6mc5-q329",
+          "CGA-w9xc-2j9j-8rrv",
           "CGA-whf8-42p9-686q"
         ],
         "summary": "Jinja has a sandbox breakout through malicious filenames",
@@ -129,8 +131,10 @@
           "CGA-f7wq-crqm-v76f",
           "CGA-gm37-p355-3fq6",
           "CGA-h3v9-xgx5-mrgr",
+          "CGA-hvm4-vp8w-6q8r",
           "CGA-p9v5-jpj2-q3ww",
-          "CGA-rx48-pgcw-gx64"
+          "CGA-rx48-pgcw-gx64",
+          "CGA-w2xv-8gr2-xp8m"
         ],
         "summary": "Jinja has a sandbox breakout through indirect reference to format method",
         "details": "An oversight in how the Jinja sandboxed environment detects calls to `str.format` allows an attacker that controls the content of a template to execute arbitrary Python code.\n\nTo exploit the vulnerability, an attacker needs to control the content of a template. Whether that is the case depends on the type of application using Jinja. This vulnerability impacts users of applications which execute untrusted templates.\n\nJinja's sandbox does catch calls to `str.format` and ensures they don't escape the sandbox. However, it's possible to store a reference to a malicious string's `format` method, then pass that to a filter that calls it. No such filters are built-in to Jinja, but could be present through custom filters in an application. After the fix, such indirect calls are also handled by the sandbox.",
diff --git a/audits/gdbgui-requirements.audit.json b/audits/gdbgui-requirements.audit.json
index 607ee44f..3504fb56 100644
--- a/audits/gdbgui-requirements.audit.json
+++ b/audits/gdbgui-requirements.audit.json
@@ -286,8 +286,10 @@
           "CGA-gvvw-7w3r-7m54",
           "CGA-h79h-32w2-7vmp",
           "CGA-jjj9-fv4h-c9cv",
+          "CGA-jr6g-xxjr-rgc8",
           "CGA-mvqg-6j62-4pjm",
           "CGA-vj5f-6mc5-q329",
+          "CGA-w9xc-2j9j-8rrv",
           "CGA-whf8-42p9-686q"
         ],
         "summary": "Jinja has a sandbox breakout through malicious filenames",
@@ -682,8 +684,10 @@
           "CGA-f7wq-crqm-v76f",
           "CGA-gm37-p355-3fq6",
           "CGA-h3v9-xgx5-mrgr",
+          "CGA-hvm4-vp8w-6q8r",
           "CGA-p9v5-jpj2-q3ww",
-          "CGA-rx48-pgcw-gx64"
+          "CGA-rx48-pgcw-gx64",
+          "CGA-w2xv-8gr2-xp8m"
         ],
         "summary": "Jinja has a sandbox breakout through indirect reference to format method",
         "details": "An oversight in how the Jinja sandboxed environment detects calls to `str.format` allows an attacker that controls the content of a template to execute arbitrary Python code.\n\nTo exploit the vulnerability, an attacker needs to control the content of a template. Whether that is the case depends on the type of application using Jinja. This vulnerability impacts users of applications which execute untrusted templates.\n\nJinja's sandbox does catch calls to `str.format` and ensures they don't escape the sandbox. However, it's possible to store a reference to a malicious string's `format` method, then pass that to a filter that calls it. No such filters are built-in to Jinja, but could be present through custom filters in an application. After the fix, such indirect calls are also handled by the sandbox.",
diff --git a/audits/gi-docgen-requirements.audit.json b/audits/gi-docgen-requirements.audit.json
index eabe9fbf..b1db3dcb 100644
--- a/audits/gi-docgen-requirements.audit.json
+++ b/audits/gi-docgen-requirements.audit.json
@@ -24,8 +24,10 @@
           "CGA-gvvw-7w3r-7m54",
           "CGA-h79h-32w2-7vmp",
           "CGA-jjj9-fv4h-c9cv",
+          "CGA-jr6g-xxjr-rgc8",
           "CGA-mvqg-6j62-4pjm",
           "CGA-vj5f-6mc5-q329",
+          "CGA-w9xc-2j9j-8rrv",
           "CGA-whf8-42p9-686q"
         ],
         "summary": "Jinja has a sandbox breakout through malicious filenames",
@@ -129,8 +131,10 @@
           "CGA-f7wq-crqm-v76f",
           "CGA-gm37-p355-3fq6",
           "CGA-h3v9-xgx5-mrgr",
+          "CGA-hvm4-vp8w-6q8r",
           "CGA-p9v5-jpj2-q3ww",
-          "CGA-rx48-pgcw-gx64"
+          "CGA-rx48-pgcw-gx64",
+          "CGA-w2xv-8gr2-xp8m"
         ],
         "summary": "Jinja has a sandbox breakout through indirect reference to format method",
         "details": "An oversight in how the Jinja sandboxed environment detects calls to `str.format` allows an attacker that controls the content of a template to execute arbitrary Python code.\n\nTo exploit the vulnerability, an attacker needs to control the content of a template. Whether that is the case depends on the type of application using Jinja. This vulnerability impacts users of applications which execute untrusted templates.\n\nJinja's sandbox does catch calls to `str.format` and ensures they don't escape the sandbox. However, it's possible to store a reference to a malicious string's `format` method, then pass that to a filter that calls it. No such filters are built-in to Jinja, but could be present through custom filters in an application. After the fix, such indirect calls are also handled by the sandbox.",
diff --git a/audits/harlequin-requirements.audit.json b/audits/harlequin-requirements.audit.json
index 06d0e1fc..0765ba2f 100644
--- a/audits/harlequin-requirements.audit.json
+++ b/audits/harlequin-requirements.audit.json
@@ -24,8 +24,10 @@
           "CGA-gvvw-7w3r-7m54",
           "CGA-h79h-32w2-7vmp",
           "CGA-jjj9-fv4h-c9cv",
+          "CGA-jr6g-xxjr-rgc8",
           "CGA-mvqg-6j62-4pjm",
           "CGA-vj5f-6mc5-q329",
+          "CGA-w9xc-2j9j-8rrv",
           "CGA-whf8-42p9-686q"
         ],
         "summary": "Jinja has a sandbox breakout through malicious filenames",
@@ -129,8 +131,10 @@
           "CGA-f7wq-crqm-v76f",
           "CGA-gm37-p355-3fq6",
           "CGA-h3v9-xgx5-mrgr",
+          "CGA-hvm4-vp8w-6q8r",
           "CGA-p9v5-jpj2-q3ww",
-          "CGA-rx48-pgcw-gx64"
+          "CGA-rx48-pgcw-gx64",
+          "CGA-w2xv-8gr2-xp8m"
         ],
         "summary": "Jinja has a sandbox breakout through indirect reference to format method",
         "details": "An oversight in how the Jinja sandboxed environment detects calls to `str.format` allows an attacker that controls the content of a template to execute arbitrary Python code.\n\nTo exploit the vulnerability, an attacker needs to control the content of a template. Whether that is the case depends on the type of application using Jinja. This vulnerability impacts users of applications which execute untrusted templates.\n\nJinja's sandbox does catch calls to `str.format` and ensures they don't escape the sandbox. However, it's possible to store a reference to a malicious string's `format` method, then pass that to a filter that calls it. No such filters are built-in to Jinja, but could be present through custom filters in an application. After the fix, such indirect calls are also handled by the sandbox.",
diff --git a/audits/libplacebo-requirements.audit.json b/audits/libplacebo-requirements.audit.json
index 1f01bf51..84a72d4d 100644
--- a/audits/libplacebo-requirements.audit.json
+++ b/audits/libplacebo-requirements.audit.json
@@ -24,8 +24,10 @@
           "CGA-gvvw-7w3r-7m54",
           "CGA-h79h-32w2-7vmp",
           "CGA-jjj9-fv4h-c9cv",
+          "CGA-jr6g-xxjr-rgc8",
           "CGA-mvqg-6j62-4pjm",
           "CGA-vj5f-6mc5-q329",
+          "CGA-w9xc-2j9j-8rrv",
           "CGA-whf8-42p9-686q"
         ],
         "summary": "Jinja has a sandbox breakout through malicious filenames",
@@ -129,8 +131,10 @@
           "CGA-f7wq-crqm-v76f",
           "CGA-gm37-p355-3fq6",
           "CGA-h3v9-xgx5-mrgr",
+          "CGA-hvm4-vp8w-6q8r",
           "CGA-p9v5-jpj2-q3ww",
-          "CGA-rx48-pgcw-gx64"
+          "CGA-rx48-pgcw-gx64",
+          "CGA-w2xv-8gr2-xp8m"
         ],
         "summary": "Jinja has a sandbox breakout through indirect reference to format method",
         "details": "An oversight in how the Jinja sandboxed environment detects calls to `str.format` allows an attacker that controls the content of a template to execute arbitrary Python code.\n\nTo exploit the vulnerability, an attacker needs to control the content of a template. Whether that is the case depends on the type of application using Jinja. This vulnerability impacts users of applications which execute untrusted templates.\n\nJinja's sandbox does catch calls to `str.format` and ensures they don't escape the sandbox. However, it's possible to store a reference to a malicious string's `format` method, then pass that to a filter that calls it. No such filters are built-in to Jinja, but could be present through custom filters in an application. After the fix, such indirect calls are also handled by the sandbox.",
diff --git a/audits/litani-requirements.audit.json b/audits/litani-requirements.audit.json
index e2c4e357..336aeeb6 100644
--- a/audits/litani-requirements.audit.json
+++ b/audits/litani-requirements.audit.json
@@ -24,8 +24,10 @@
           "CGA-gvvw-7w3r-7m54",
           "CGA-h79h-32w2-7vmp",
           "CGA-jjj9-fv4h-c9cv",
+          "CGA-jr6g-xxjr-rgc8",
           "CGA-mvqg-6j62-4pjm",
           "CGA-vj5f-6mc5-q329",
+          "CGA-w9xc-2j9j-8rrv",
           "CGA-whf8-42p9-686q"
         ],
         "summary": "Jinja has a sandbox breakout through malicious filenames",
@@ -129,8 +131,10 @@
           "CGA-f7wq-crqm-v76f",
           "CGA-gm37-p355-3fq6",
           "CGA-h3v9-xgx5-mrgr",
+          "CGA-hvm4-vp8w-6q8r",
           "CGA-p9v5-jpj2-q3ww",
-          "CGA-rx48-pgcw-gx64"
+          "CGA-rx48-pgcw-gx64",
+          "CGA-w2xv-8gr2-xp8m"
         ],
         "summary": "Jinja has a sandbox breakout through indirect reference to format method",
         "details": "An oversight in how the Jinja sandboxed environment detects calls to `str.format` allows an attacker that controls the content of a template to execute arbitrary Python code.\n\nTo exploit the vulnerability, an attacker needs to control the content of a template. Whether that is the case depends on the type of application using Jinja. This vulnerability impacts users of applications which execute untrusted templates.\n\nJinja's sandbox does catch calls to `str.format` and ensures they don't escape the sandbox. However, it's possible to store a reference to a malicious string's `format` method, then pass that to a filter that calls it. No such filters are built-in to Jinja, but could be present through custom filters in an application. After the fix, such indirect calls are also handled by the sandbox.",
diff --git a/audits/mentat-requirements.audit.json b/audits/mentat-requirements.audit.json
index d600ccef..758b21fc 100644
--- a/audits/mentat-requirements.audit.json
+++ b/audits/mentat-requirements.audit.json
@@ -390,8 +390,10 @@
           "CGA-gvvw-7w3r-7m54",
           "CGA-h79h-32w2-7vmp",
           "CGA-jjj9-fv4h-c9cv",
+          "CGA-jr6g-xxjr-rgc8",
           "CGA-mvqg-6j62-4pjm",
           "CGA-vj5f-6mc5-q329",
+          "CGA-w9xc-2j9j-8rrv",
           "CGA-whf8-42p9-686q"
         ],
         "summary": "Jinja has a sandbox breakout through malicious filenames",
@@ -786,8 +788,10 @@
           "CGA-f7wq-crqm-v76f",
           "CGA-gm37-p355-3fq6",
           "CGA-h3v9-xgx5-mrgr",
+          "CGA-hvm4-vp8w-6q8r",
           "CGA-p9v5-jpj2-q3ww",
-          "CGA-rx48-pgcw-gx64"
+          "CGA-rx48-pgcw-gx64",
+          "CGA-w2xv-8gr2-xp8m"
         ],
         "summary": "Jinja has a sandbox breakout through indirect reference to format method",
         "details": "An oversight in how the Jinja sandboxed environment detects calls to `str.format` allows an attacker that controls the content of a template to execute arbitrary Python code.\n\nTo exploit the vulnerability, an attacker needs to control the content of a template. Whether that is the case depends on the type of application using Jinja. This vulnerability impacts users of applications which execute untrusted templates.\n\nJinja's sandbox does catch calls to `str.format` and ensures they don't escape the sandbox. However, it's possible to store a reference to a malicious string's `format` method, then pass that to a filter that calls it. No such filters are built-in to Jinja, but could be present through custom filters in an application. After the fix, such indirect calls are also handled by the sandbox.",
diff --git a/audits/organize-tool-requirements.audit.json b/audits/organize-tool-requirements.audit.json
index 7c91a6d6..a1b2f0da 100644
--- a/audits/organize-tool-requirements.audit.json
+++ b/audits/organize-tool-requirements.audit.json
@@ -24,8 +24,10 @@
           "CGA-gvvw-7w3r-7m54",
           "CGA-h79h-32w2-7vmp",
           "CGA-jjj9-fv4h-c9cv",
+          "CGA-jr6g-xxjr-rgc8",
           "CGA-mvqg-6j62-4pjm",
           "CGA-vj5f-6mc5-q329",
+          "CGA-w9xc-2j9j-8rrv",
           "CGA-whf8-42p9-686q"
         ],
         "summary": "Jinja has a sandbox breakout through malicious filenames",
@@ -129,8 +131,10 @@
           "CGA-f7wq-crqm-v76f",
           "CGA-gm37-p355-3fq6",
           "CGA-h3v9-xgx5-mrgr",
+          "CGA-hvm4-vp8w-6q8r",
           "CGA-p9v5-jpj2-q3ww",
-          "CGA-rx48-pgcw-gx64"
+          "CGA-rx48-pgcw-gx64",
+          "CGA-w2xv-8gr2-xp8m"
         ],
         "summary": "Jinja has a sandbox breakout through indirect reference to format method",
         "details": "An oversight in how the Jinja sandboxed environment detects calls to `str.format` allows an attacker that controls the content of a template to execute arbitrary Python code.\n\nTo exploit the vulnerability, an attacker needs to control the content of a template. Whether that is the case depends on the type of application using Jinja. This vulnerability impacts users of applications which execute untrusted templates.\n\nJinja's sandbox does catch calls to `str.format` and ensures they don't escape the sandbox. However, it's possible to store a reference to a malicious string's `format` method, then pass that to a filter that calls it. No such filters are built-in to Jinja, but could be present through custom filters in an application. After the fix, such indirect calls are also handled by the sandbox.",
diff --git a/audits/pytorch-requirements.audit.json b/audits/pytorch-requirements.audit.json
index 99d25341..f09e8530 100644
--- a/audits/pytorch-requirements.audit.json
+++ b/audits/pytorch-requirements.audit.json
@@ -24,8 +24,10 @@
           "CGA-gvvw-7w3r-7m54",
           "CGA-h79h-32w2-7vmp",
           "CGA-jjj9-fv4h-c9cv",
+          "CGA-jr6g-xxjr-rgc8",
           "CGA-mvqg-6j62-4pjm",
           "CGA-vj5f-6mc5-q329",
+          "CGA-w9xc-2j9j-8rrv",
           "CGA-whf8-42p9-686q"
         ],
         "summary": "Jinja has a sandbox breakout through malicious filenames",
@@ -129,8 +131,10 @@
           "CGA-f7wq-crqm-v76f",
           "CGA-gm37-p355-3fq6",
           "CGA-h3v9-xgx5-mrgr",
+          "CGA-hvm4-vp8w-6q8r",
           "CGA-p9v5-jpj2-q3ww",
-          "CGA-rx48-pgcw-gx64"
+          "CGA-rx48-pgcw-gx64",
+          "CGA-w2xv-8gr2-xp8m"
         ],
         "summary": "Jinja has a sandbox breakout through indirect reference to format method",
         "details": "An oversight in how the Jinja sandboxed environment detects calls to `str.format` allows an attacker that controls the content of a template to execute arbitrary Python code.\n\nTo exploit the vulnerability, an attacker needs to control the content of a template. Whether that is the case depends on the type of application using Jinja. This vulnerability impacts users of applications which execute untrusted templates.\n\nJinja's sandbox does catch calls to `str.format` and ensures they don't escape the sandbox. However, it's possible to store a reference to a malicious string's `format` method, then pass that to a filter that calls it. No such filters are built-in to Jinja, but could be present through custom filters in an application. After the fix, such indirect calls are also handled by the sandbox.",
diff --git a/audits/recon-ng-requirements.audit.json b/audits/recon-ng-requirements.audit.json
index f4a34831..230a7790 100644
--- a/audits/recon-ng-requirements.audit.json
+++ b/audits/recon-ng-requirements.audit.json
@@ -24,8 +24,10 @@
           "CGA-gvvw-7w3r-7m54",
           "CGA-h79h-32w2-7vmp",
           "CGA-jjj9-fv4h-c9cv",
+          "CGA-jr6g-xxjr-rgc8",
           "CGA-mvqg-6j62-4pjm",
           "CGA-vj5f-6mc5-q329",
+          "CGA-w9xc-2j9j-8rrv",
           "CGA-whf8-42p9-686q"
         ],
         "summary": "Jinja has a sandbox breakout through malicious filenames",
@@ -129,8 +131,10 @@
           "CGA-f7wq-crqm-v76f",
           "CGA-gm37-p355-3fq6",
           "CGA-h3v9-xgx5-mrgr",
+          "CGA-hvm4-vp8w-6q8r",
           "CGA-p9v5-jpj2-q3ww",
-          "CGA-rx48-pgcw-gx64"
+          "CGA-rx48-pgcw-gx64",
+          "CGA-w2xv-8gr2-xp8m"
         ],
         "summary": "Jinja has a sandbox breakout through indirect reference to format method",
         "details": "An oversight in how the Jinja sandboxed environment detects calls to `str.format` allows an attacker that controls the content of a template to execute arbitrary Python code.\n\nTo exploit the vulnerability, an attacker needs to control the content of a template. Whether that is the case depends on the type of application using Jinja. This vulnerability impacts users of applications which execute untrusted templates.\n\nJinja's sandbox does catch calls to `str.format` and ensures they don't escape the sandbox. However, it's possible to store a reference to a malicious string's `format` method, then pass that to a filter that calls it. No such filters are built-in to Jinja, but could be present through custom filters in an application. After the fix, such indirect calls are also handled by the sandbox.",
diff --git a/audits/sail-requirements.audit.json b/audits/sail-requirements.audit.json
index 8fa1f093..40d76512 100644
--- a/audits/sail-requirements.audit.json
+++ b/audits/sail-requirements.audit.json
@@ -24,8 +24,10 @@
           "CGA-gvvw-7w3r-7m54",
           "CGA-h79h-32w2-7vmp",
           "CGA-jjj9-fv4h-c9cv",
+          "CGA-jr6g-xxjr-rgc8",
           "CGA-mvqg-6j62-4pjm",
           "CGA-vj5f-6mc5-q329",
+          "CGA-w9xc-2j9j-8rrv",
           "CGA-whf8-42p9-686q"
         ],
         "summary": "Jinja has a sandbox breakout through malicious filenames",
@@ -129,8 +131,10 @@
           "CGA-f7wq-crqm-v76f",
           "CGA-gm37-p355-3fq6",
           "CGA-h3v9-xgx5-mrgr",
+          "CGA-hvm4-vp8w-6q8r",
           "CGA-p9v5-jpj2-q3ww",
-          "CGA-rx48-pgcw-gx64"
+          "CGA-rx48-pgcw-gx64",
+          "CGA-w2xv-8gr2-xp8m"
         ],
         "summary": "Jinja has a sandbox breakout through indirect reference to format method",
         "details": "An oversight in how the Jinja sandboxed environment detects calls to `str.format` allows an attacker that controls the content of a template to execute arbitrary Python code.\n\nTo exploit the vulnerability, an attacker needs to control the content of a template. Whether that is the case depends on the type of application using Jinja. This vulnerability impacts users of applications which execute untrusted templates.\n\nJinja's sandbox does catch calls to `str.format` and ensures they don't escape the sandbox. However, it's possible to store a reference to a malicious string's `format` method, then pass that to a filter that calls it. No such filters are built-in to Jinja, but could be present through custom filters in an application. After the fix, such indirect calls are also handled by the sandbox.",
diff --git a/audits/vunnel-requirements.audit.json b/audits/vunnel-requirements.audit.json
index a9e9d936..595582b6 100644
--- a/audits/vunnel-requirements.audit.json
+++ b/audits/vunnel-requirements.audit.json
@@ -24,8 +24,10 @@
           "CGA-gvvw-7w3r-7m54",
           "CGA-h79h-32w2-7vmp",
           "CGA-jjj9-fv4h-c9cv",
+          "CGA-jr6g-xxjr-rgc8",
           "CGA-mvqg-6j62-4pjm",
           "CGA-vj5f-6mc5-q329",
+          "CGA-w9xc-2j9j-8rrv",
           "CGA-whf8-42p9-686q"
         ],
         "summary": "Jinja has a sandbox breakout through malicious filenames",
@@ -129,8 +131,10 @@
           "CGA-f7wq-crqm-v76f",
           "CGA-gm37-p355-3fq6",
           "CGA-h3v9-xgx5-mrgr",
+          "CGA-hvm4-vp8w-6q8r",
           "CGA-p9v5-jpj2-q3ww",
-          "CGA-rx48-pgcw-gx64"
+          "CGA-rx48-pgcw-gx64",
+          "CGA-w2xv-8gr2-xp8m"
         ],
         "summary": "Jinja has a sandbox breakout through indirect reference to format method",
         "details": "An oversight in how the Jinja sandboxed environment detects calls to `str.format` allows an attacker that controls the content of a template to execute arbitrary Python code.\n\nTo exploit the vulnerability, an attacker needs to control the content of a template. Whether that is the case depends on the type of application using Jinja. This vulnerability impacts users of applications which execute untrusted templates.\n\nJinja's sandbox does catch calls to `str.format` and ensures they don't escape the sandbox. However, it's possible to store a reference to a malicious string's `format` method, then pass that to a filter that calls it. No such filters are built-in to Jinja, but could be present through custom filters in an application. After the fix, such indirect calls are also handled by the sandbox.",
diff --git a/requirements/apprise-requirements.txt b/requirements/apprise-requirements.txt
index 11764bc1..c4fa4961 100644
--- a/requirements/apprise-requirements.txt
+++ b/requirements/apprise-requirements.txt
@@ -1,9 +1,9 @@
-charset-normalizer==3.4.0
-click==8.1.7
+charset-normalizer==3.4.1
+click==8.1.8
 idna==3.10
 markdown==3.7
 oauthlib==3.2.2
 pyyaml==6.0.2
 requests==2.32.3
 requests-oauthlib==2.0.0
-urllib3==2.2.3
+urllib3==2.3.0
diff --git a/requirements/bzt-requirements.txt b/requirements/bzt-requirements.txt
index e72e5884..9fffc07f 100644
--- a/requirements/bzt-requirements.txt
+++ b/requirements/bzt-requirements.txt
@@ -1,11 +1,11 @@
 aiodogstatsd==0.16.0.post0
-aiohappyeyeballs==2.4.3
-aiohttp==3.11.4
-aiosignal==1.3.1
+aiohappyeyeballs==2.4.4
+aiohttp==3.11.11
+aiosignal==1.3.2
 astunparse==1.6.3
-attrs==24.2.0
+attrs==24.3.0
 bidict==0.23.1
-charset-normalizer==3.4.0
+charset-normalizer==3.4.1
 colorlog==6.9.0
 cssselect==1.2.0
 cython==3.0.11
@@ -24,24 +24,24 @@ multidict==6.1.0
 multiprocess==0.70.17
 progressbar33==2.4
 prompt-toolkit==3.0.48
-propcache==0.2.0
-psutil==6.1.0
+propcache==0.2.1
+psutil==6.1.1
 python-dateutil==2.9.0.post0
-python-engineio==4.10.1
-python-socketio==5.11.4
+python-engineio==4.11.2
+python-socketio==5.12.1
 pytz==2024.2
 pyvirtualdisplay==3.0
 pyyaml==6.0.2
-rapidfuzz==3.10.1
+rapidfuzz==3.11.0
 requests==2.32.3
-setuptools==75.3.0
+setuptools==75.8.0
 simple-websocket==1.1.0
-six==1.16.0
+six==1.17.0
 terminaltables==3.1.10
 urllib3==1.26.17
 urwid==2.1.2
 wcwidth==0.2.13
 websocket-client==1.8.0
-wheel==0.45.0
+wheel==0.45.1
 wsproto==1.2.0
-yarl==1.17.2
+yarl==1.18.3
diff --git a/requirements/cfn-lint-requirements.txt b/requirements/cfn-lint-requirements.txt
index dfde1039..4e1bd1fa 100644
--- a/requirements/cfn-lint-requirements.txt
+++ b/requirements/cfn-lint-requirements.txt
@@ -1,8 +1,8 @@
 annotated-types==0.7.0
 attrs==24.3.0
 aws-sam-translator==1.94.0
-boto3==1.35.90
-botocore==1.35.90
+boto3==1.35.95
+botocore==1.35.95
 jmespath==1.0.1
 jsonpatch==1.33
 jsonpointer==3.0.0
@@ -10,7 +10,7 @@ jsonschema==4.23.0
 jsonschema-specifications==2024.10.1
 mpmath==1.3.0
 networkx==3.4.2
-pydantic==2.10.4
+pydantic==2.10.5
 pydantic-core==2.27.2
 python-dateutil==2.9.0.post0
 pyyaml==6.0.2
diff --git a/requirements/dstack-requirements.txt b/requirements/dstack-requirements.txt
index ad604697..83946150 100644
--- a/requirements/dstack-requirements.txt
+++ b/requirements/dstack-requirements.txt
@@ -2,8 +2,8 @@ aiocache==0.12.3
 aiorwlock==1.5.0
 aiosqlite==0.20.0
 alembic==1.14.0
-alembic-postgresql-enum==1.4.0
-anyio==4.7.0
+alembic-postgresql-enum==1.5.0
+anyio==4.8.0
 apscheduler==3.11.0
 asyncpg==0.30.0
 attrs==24.3.0
@@ -17,8 +17,8 @@ azure-mgmt-network==27.0.0
 azure-mgmt-resource==23.2.0
 azure-mgmt-subscription==3.1.1
 bcrypt==4.2.1
-boto3==1.35.88
-botocore==1.35.88
+boto3==1.35.94
+botocore==1.35.94
 cached-classproperty==1.0.1
 cachetools==5.5.0
 charset-normalizer==3.4.1
@@ -28,10 +28,10 @@ deprecated==1.2.15
 docker==7.1.0
 fastapi==0.115.6
 filelock==3.16.1
-gitdb==4.0.11
-gitpython==3.1.43
+gitdb==4.0.12
+gitpython==3.1.44
 google-api-core==2.24.0
-google-api-python-client==2.156.0
+google-api-python-client==2.157.0
 google-auth==2.37.0
 google-auth-httplib2==0.2.0
 google-cloud-appengine-logging==1.5.0
@@ -45,11 +45,11 @@ google-cloud-tpu==1.20.0
 google-crc32c==1.6.0
 google-resumable-media==2.7.2
 googleapis-common-protos==1.66.0
-gpuhunt==0.0.17
+gpuhunt==0.0.18
 greenlet==3.1.1
-grpc-google-iam-v1==0.13.1
-grpcio==1.68.1
-grpcio-status==1.68.1
+grpc-google-iam-v1==0.14.0
+grpcio==1.69.0
+grpcio-status==1.69.0
 h11==0.14.0
 httpcore==1.0.7
 httplib2==0.22.0
@@ -78,12 +78,12 @@ protobuf==5.29.2
 psutil==6.1.1
 pyasn1==0.6.1
 pyasn1-modules==0.4.1
-pydantic==1.10.19
+pydantic==1.10.20
 pydantic-duality==1.2.4
-pygments==2.18.0
+pygments==2.19.1
 pyjwt==2.10.1
 pynacl==1.5.0
-pyparsing==3.2.0
+pyparsing==3.2.1
 python-dateutil==2.9.0.post0
 python-dxf==12.1.0
 python-json-logger==3.2.1
@@ -100,7 +100,7 @@ s3transfer==0.10.4
 sentry-sdk==2.19.2
 simple-term-menu==1.6.6
 six==1.17.0
-smmap==5.0.1
+smmap==5.0.2
 sniffio==1.3.1
 sqlalchemy==2.0.36
 sqlalchemy-utils==0.41.2
diff --git a/requirements/literate-git-requirements.txt b/requirements/literate-git-requirements.txt
index 5c1f928a..fdd7ce91 100644
--- a/requirements/literate-git-requirements.txt
+++ b/requirements/literate-git-requirements.txt
@@ -1,5 +1,5 @@
 click==8.1.8
 jinja2==3.1.5
 markdown2==2.5.2
-markupsafe==2.1.5
-pygments==2.18.0
+markupsafe==3.0.2
+pygments==2.19.1
diff --git a/requirements/ola-requirements.txt b/requirements/ola-requirements.txt
index 630d9eac..c35f5e74 100644
--- a/requirements/ola-requirements.txt
+++ b/requirements/ola-requirements.txt
@@ -1 +1 @@
-protobuf==5.29.2
+protobuf==5.29.3
diff --git a/requirements/ruff-lsp-requirements.txt b/requirements/ruff-lsp-requirements.txt
index 3f6c430d..2cd33693 100644
--- a/requirements/ruff-lsp-requirements.txt
+++ b/requirements/ruff-lsp-requirements.txt
@@ -1,4 +1,4 @@
-attrs==24.2.0
+attrs==24.3.0
 cattrs==24.1.2
 lsprotocol==2023.0.1
 packaging==24.2