python312Packages.jinja2: 3.1.4 -> 3.1.5

https://github.com/pallets/jinja/releases/tag/3.1.5
https://github.com/pallets/jinja/security/advisories/GHSA-q2x7-8rv6-6q7h
https://github.com/pallets/jinja/security/advisories/GHSA-gmj6-6f8f-6699

Fixes: CVE-2024-56326, CVE-2024-56201

pkgs/development/python-modules/jinja2/default.nix

@@ -21,19 +21,29 @@
 
 buildPythonPackage rec {
   pname = "jinja2";
-  version = "3.1.4";
+  version = "3.1.5";
   pyproject = true;
 
   disabled = pythonOlder "3.7";
 
   src = fetchPypi {
     inherit pname version;
-    hash = "sha256-Sjruesu+cwOu3o6WSNE7i/iKQpKCqmEiqZPwrIAMs2k=";
+    hash = "sha256-j+//jcMDTie7gNZ8Zx64qbxCTA70wIJu2/8wTM7/Q7s=";
   };
 
-  nativeBuildInputs = [ flit-core ];
+  postPatch = ''
+    # Do not test with trio, it increases jinja2's dependency closure by a lot
+    # and everyone consuming these dependencies cannot rely on sphinxHook,
+    # because sphinx itself depends on jinja2.
+    substituteInPlace tests/test_async{,_filters}.py \
+      --replace-fail "import trio" "" \
+      --replace-fail ", trio.run" "" \
+      --replace-fail ", \"trio\"" ""
+  '';
 
-  propagatedBuildInputs = [ markupsafe ];
+  build-system = [ flit-core ];
+
+  dependencies = [ markupsafe ];
 
   optional-dependencies = {
     i18n = [ babel ];
@@ -45,14 +55,6 @@ buildPythonPackage rec {
 
   nativeCheckInputs = [ pytestCheckHook ] ++ optional-dependencies.i18n;
 
-  disabledTests = lib.optionals (pythonAtLeast "3.13") [
-    # https://github.com/pallets/jinja/issues/1900
-    "test_custom_async_iteratable_filter"
-    "test_first"
-    "test_loop_errors"
-    "test_package_zip_list"
-  ];
-
   passthru.doc = stdenv.mkDerivation {
     # Forge look and feel of multi-output derivation as best as we can.
     #