Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Added .zenodo.json file and updated jinja2 to 3.1.5 (security fix) #304

Merged
merged 1 commit into from
Jan 17, 2025
Merged

Added .zenodo.json file and updated jinja2 to 3.1.5 (security fix) #304

merged 1 commit into from
Jan 17, 2025

Conversation

yantosca
Copy link
Contributor

Name and Institution (Required)

Name: Bob Yantosca
Institution: Harvard + GCST

Describe the update

In this PR we have done the following:

  1. Added a .zenodo.json file, which will auto-populate fields when a DOI is triggered by each HEMCO release.
  2. Bumped the jinja2 package (which is used by ReadTheDocs) to version 3.1.5 in docs/requirement.txt. This fixes a security issue identified by GitHub Dependabot.

Expected changes

These are zero-diff updates and can be merged alongside another HEMCO PR. It can go either into 3.10.2 or 3.11.0, whichever is worked on first.

@yantosca
Add .zenodo.json; Update jinja2 to 3.1.5 (security fix)
4d6a588 
.zenodo.json
- Added this file to trigger automatic DOI generation and auto-population
  of fields every time a HEMCO release is issued at GitHub

docs/requirements.txt
- Bumped jinja2 to version 3.1.5 as suggested by GitHub Dependabot.
  This fixes a security issue.  Jinja2 is used by ReadTheDocs.

CHANGELOG.md
- Updated accordingly
@yantosca yantosca added no-diff-to-benchmark This update will have no impact on benchmark simulations category: Bug Fix Fixes a bug that was previously reported labels Jan 16, 2025
@yantosca yantosca requested a review from lizziel January 16, 2025 19:15
@yantosca yantosca self-assigned this Jan 16, 2025
@yantosca yantosca merged commit 9cf873a into dev/no-diff-to-benchmark Jan 17, 2025
1 check passed
@yantosca yantosca deleted the bugfix/dependabot-and-zenodo branch January 17, 2025 16:16
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@lizziel lizziel lizziel approved these changes

Assignees

@yantosca yantosca

Labels
category: Bug Fix Fixes a bug that was previously reported no-diff-to-benchmark This update will have no impact on benchmark simulations
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@yantosca @lizziel