From 07e4bca4586d3a8345b1aff38532056541d6e7f9 Mon Sep 17 00:00:00 2001
From: "woodingben@gmail.com" <you@example.com>
Date: Tue, 17 Mar 2026 11:45:44 -0500
Subject: [PATCH] Upgrade Jinja2 to 3.1.6 to fix 4 moderate CVEs
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

CVE-2024-34064, CVE-2024-56326, CVE-2024-56201, CVE-2025-27516 —
all sandbox escape / XSS vulnerabilities patched in 3.1.4–3.1.6.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
---
 requirements.txt | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/requirements.txt b/requirements.txt
index 1f81489..c038f5c 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -2,7 +2,7 @@ Brian2==2.6.0
 colorama==0.4.6
 cvxopt==1.3.2
 Cython==3.0.10
-Jinja2==3.1.3
+Jinja2==3.1.6
 MarkupSafe==2.1.5
 Mosek==10.1.26
 mpmath==1.3.0