fix(build): upgrade pip and jinja2 to address other dependabot issues

amyheather · amyheather · commit 9bccaf76be03 · 2026-02-11T11:59:19.000Z
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -19,7 +19,10 @@ Stable release, with minor changes from 0.2.0 including quality assurance docume
 
 ### Fixed
 
-* Upgraded `nbconvert` (security issue with 7.16.6 - upgraded to 7.17.0).
+* Upgraded packages to address security risks identified by GitHub Dependabot:
+    * `nbconvert` (7.16.6 to 7.17.0).
+    * `pip` (25.0 to 26.0.1).
+    * `jinja2` (3.1.5 to 3.1.6).
 * Upgraded `genbadge` (`pkg_resources` warning with 1.1.2 - upgraded to 1.1.3).
 
 ## v0.2.0 - 2025-11-06
diff --git a/environment.yaml b/environment.yaml
@@ -3,14 +3,14 @@ channels:
   - conda-forge
 dependencies:
   - ipykernel=6.29.5
-  - jinja2=3.1.5
+  - jinja2=3.1.6
   - joblib=1.4.2
   - nbconvert=7.17.0
   - nbformat=5.10.4
   - nbqa=1.9.0
   - numpy=2.2.2
   - pandas=2.2.3
-  - pip=25.0
+  - pip=26.0.1
   - plotly_express=0.4.1
   - pylint=3.3.4
   - pytest=8.3.4
diff --git a/requirements.txt b/requirements.txt
@@ -1,14 +1,14 @@
 genbadge==1.1.3
 ipykernel==6.29.5
-jinja2==3.1.5
+jinja2==3.1.6
 joblib==1.4.2
 kaleido==0.2.1
 nbconvert==7.17.0
 nbformat==5.10.4
 nbqa==1.9.0
 numpy==2.2.2
 pandas==2.2.3
-pip==25.0
+pip==26.0.1
 plotly_express==0.4.1
 pylint==3.3.4
 pytest==8.3.4
