chore(deps): Updated jinja2 from 3.1.4 to 3.1.5

[chickahoona]

SUMMARY

jinja2 @ 3.1.4 is vulnerable to GHSA-q2x7-8rv6-6q7h and GHSA-gmj6-6f8f-6699 which were addressed with 3.1.5

[korbit-ai]

I've completed my review and didn't find any issues... but I did find this kitten.

    |\__/,|   (`\
  _.|o o  |_   ) )
-(((---(((--------

Need a new review? Comment /korbit-review on this PR and I'll review your latest changes.

Korbit Guide: Usage and Customization

Interacting with Korbit

• You can manually ask Korbit to review your PR using the /korbit-review command in a comment at the root of your PR.
• You can ask Korbit to generate a new PR description using the /korbit-generate-pr-description command in any comment on your PR.
• Too many Korbit comments? I can resolve all my comment threads if you use the /korbit-resolve command in any comment on your PR.
• Chat with Korbit on issues we post by tagging @korbit-ai in your reply.
• Help train Korbit to improve your reviews by giving a 👍 or 👎 on the comments Korbit posts.

Customizing Korbit

• Check out our docs on how you can make Korbit work best for you and your team.
• Customize Korbit for your organization through the Korbit Console.

Current Korbit Configuration

General Settings

​

Setting	Value
Review Schedule	Automatic excluding drafts
Max Issue Count	10
Automatic PR Descriptions	❌

Issue Categories

​

Category	Enabled
Naming	✅
Database Operations	✅
Documentation	✅
Logging	✅
Error Handling	✅
Systems and Environment	✅
Objects and Data Structures	✅
Readability and Maintainability	✅
Asynchronous Processing	✅
Design Patterns	✅
Third-Party Libraries	✅
Performance	✅
Security	✅
Functionality	✅

Feedback and Support

• Tell us what you think of Korbit
• Schedule a call with our team
• Email us @ [email protected]

Note

Korbit Pro is free for open source projects 🎉

Looking to add Korbit to your team? Get started with a free 2 week trial here

[github-actions]

Congrats on making your first PR and thank you for contributing to Superset! 🎉 ❤️

We hope to see you in our Slack community too! Not signed up? Use our Slack App to self-register.

[codecov]

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 83.75%. Comparing base (76d897e) to head (d1d845d).
Report is 1243 commits behind head on master.

Additional details and impacted files

@@             Coverage Diff             @@
##           master   #31636       +/-   ##
===========================================
+ Coverage   60.48%   83.75%   +23.26%     
===========================================
  Files        1931      538     -1393     
  Lines       76236    39128    -37108     
  Branches     8568        0     -8568     
===========================================
- Hits        46114    32772    -13342     
+ Misses      28017     6356    -21661     
+ Partials     2105        0     -2105     

Flag	Coverage Δ
hive	48.75% <ø> (-0.41%)	⬇️
javascript	?
mysql	76.51% <ø> (?)
postgres	76.57% <ø> (?)
presto	53.27% <ø> (-0.54%)	⬇️
python	83.75% <ø> (+20.26%)	⬆️
sqlite	76.03% <ø> (?)
unit	60.88% <ø> (+3.25%)	⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

[mistercrunch]

you'll want to run pip-compile-multi -P jinja2 or CI is going to fail, could also be good to bump the lower bound here -> https://github.com/apache/superset/blob/master/pyproject.toml#L64 .

I just realized that jinja2 isn't listed as a direct dependency in our pyproject.toml though it should be since we use it directly in the package. Guessing we never added it since it's a sub-dependency of Flask and other packages we import.

Since we use it directly, let's add an entry:

# 3.1.4 has a known security vulnerability
"jinja2>=3.1.5",

You'll want to:

1. add this line to pyproject.toml
2. run pip-compile-multi -P jinja2
3. commit and push