From e28bcf20ea28afab7602ef4b2e488055e406ad52 Mon Sep 17 00:00:00 2001
From: Dan Palmer <dan@danpalmer.me>
Date: Mon, 15 Apr 2019 10:48:55 +0100
Subject: [PATCH] Bump Jinja2 to >=2.10.1, addresses CVE-2019-10906

Given how moto is intended to be used, and how it uses Jinja2, [CVE-2019-10906](https://nvd.nist.gov/vuln/detail/CVE-2019-10906) is unlikely to affect many users, but we should use a secure version anyway just in case moto is being used in unforeseen ways.
---
 setup.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/setup.py b/setup.py
index 99be632db..2981d9fc5 100755
--- a/setup.py
+++ b/setup.py
@@ -19,7 +19,7 @@ def read(*parts):
 
 
 install_requires = [
-    "Jinja2>=2.7.3",
+    "Jinja2>=2.10.1",
     "boto>=2.36.0",
     "boto3>=1.9.86",
     "botocore>=1.12.86",