TEST: Set artificially low Mako minimum to test Dependabot

zzzeek · zzzeek · commit 0e8810db7add · 2026-05-31T09:59:06.000-04:00
Setting Mako>=1.3.10 which is vulnerable to CVE-2026-44307 (GHSA-2h4p-vjrc-8xpq). This is to test whether Dependabot will catch it and create a security alert/PR. Mako 1.3.10 is vulnerable - fix is in 1.3.12. Change-Id: I72079a47c3ecf6af5d153b96a6d3e22fa8e19563
diff --git a/pyproject.toml b/pyproject.toml
@@ -27,7 +27,7 @@ classifiers = [
 requires-python = ">=3.10"
 dependencies = [
     "SQLAlchemy>=1.4.23",
-    "Mako",
+    "Mako>=1.3.10",
     "typing-extensions>=4.12",
     "tomli;python_version<'3.11'",
 ]

Original file line number	Diff line number	Diff line change
`@@ -27,7 +27,7 @@ classifiers = [`
`27`	`27`	`requires-python = ">=3.10"`
`28`	`28`	`dependencies = [`
`29`	`29`	`"SQLAlchemy>=1.4.23",`
`30`		`- "Mako",`
	`30`	`+ "Mako>=1.3.10",`
`31`	`31`	`"typing-extensions>=4.12",`
`32`	`32`	`"tomli;python_version<'3.11'",`
`33`	`33`	`]`