google-api-php-client-services icon indicating copy to clipboard operation
google-api-php-client-services copied to clipboard
verified publisher icon googleapis

Update dependency django to v4 [SECURITY]

Open renovate-bot opened this issue 1 year ago • 1 comments

This PR contains the following updates:

Package Change Age Adoption Passing Confidence
django (changelog) ==2.2.28 -> ==4.2.16 age adoption passing confidence

GitHub Vulnerability Alerts

CVE-2022-36359

An issue was discovered in the HTTP FileResponse class in Django 3.2 before 3.2.15 and 4.0 before 4.0.7. An application is vulnerable to a reflected file download (RFD) attack that sets the Content-Disposition header of a FileResponse when the filename is derived from user-supplied input.

CVE-2024-45231

An issue was discovered in Django v5.1.1, v5.0.9, and v4.2.16. The django.contrib.auth.forms.PasswordResetForm class, when used in a view implementing password reset flows, allows remote attackers to enumerate user e-mail addresses by sending password reset requests and observing the outcome (only when e-mail sending is consistently failing).

Release Notes

django/django (django)

v4.2.16

Compare Source

v4.2.15

Compare Source

v4.2.14

Compare Source

v4.2.13

Compare Source

v4.2.12

Compare Source

v4.2.11

Compare Source

v4.2.10

Compare Source

v4.2.9

Compare Source

v4.2.8

Compare Source

v4.2.7

Compare Source

v4.2.6

Compare Source

v4.2.5

Compare Source

v4.2.4

Compare Source

v4.2.3

Compare Source

v4.2.2

Compare Source

v4.2.1

Compare Source

v4.2

Compare Source

v4.1.13

Compare Source

v4.1.12

Compare Source

v4.1.11

Compare Source

v4.1.10

Compare Source

v4.1.9

Compare Source

v4.1.8

Compare Source

v4.1.7

Compare Source

v4.1.6

Compare Source

v4.1.5

Compare Source

v4.1.4

Compare Source

v4.1.3

Compare Source

v4.1.2

Compare Source

v4.1.1

Compare Source

v4.1

Compare Source

v4.0.10

Compare Source

v4.0.9

Compare Source

v4.0.8

Compare Source

v4.0.7

Compare Source

v4.0.6

Compare Source

v4.0.5

Compare Source

v4.0.4

Compare Source

v4.0.3

Compare Source

v4.0.2

Compare Source

v4.0.1

Compare Source

v4.0

Compare Source

v3.2.25

Compare Source

v3.2.24

Compare Source

v3.2.23

Compare Source

v3.2.22

Compare Source

v3.2.21

Compare Source

v3.2.20

Compare Source

v3.2.19

Compare Source

v3.2.18

Compare Source

v3.2.17

Compare Source

v3.2.16

Compare Source

v3.2.15

Compare Source

v3.2.14

Compare Source

v3.2.13

Compare Source

v3.2.12

Compare Source

v3.2.11

Compare Source

v3.2.10

Compare Source

v3.2.9

Compare Source

v3.2.8

Compare Source

v3.2.7

Compare Source

v3.2.6

Compare Source

v3.2.5

Compare Source

v3.2.4

Compare Source

v3.2.3

Compare Source

v3.2.2

Compare Source

v3.2.1

Compare Source

v3.2

Compare Source

v3.1.14

Compare Source

v3.1.13

Compare Source

v3.1.12

Compare Source

v3.1.11

Compare Source

v3.1.10

Compare Source

v3.1.9

Compare Source

v3.1.8

Compare Source

v3.1.7

Compare Source

v3.1.6

Compare Source

v3.1.5

Compare Source

v3.1.4

Compare Source

v3.1.3

Compare Source

v3.1.2

Compare Source

v3.1.1

Compare Source

v3.1

Compare Source

v3.0.14

Compare Source

v3.0.13

Compare Source

v3.0.12

Compare Source

v3.0.11

Compare Source

v3.0.10

Compare Source

v3.0.9

Compare Source

v3.0.8

Compare Source

v3.0.7

Compare Source

v3.0.6

Compare Source

v3.0.5

Compare Source

v3.0.4

Compare Source

v3.0.3

Compare Source

v3.0.2

Compare Source

v3.0.1

Compare Source

v3.0

Compare Source

Configuration

📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

  • [ ] If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

renovate-bot avatar Aug 27 '24 18:08 renovate-bot

🤖 I detect that the PR title and the commit message differ and there's only one commit. To use the PR title for the commit history, you can use Github's automerge feature with squashing, or use automerge label. Good luck human!

-- conventional-commit-lint bot https://conventionalcommits.org/

conventional-commit-lint-gcf[bot] avatar Aug 30 '24 01:08 conventional-commit-lint-gcf[bot]

Renovate Ignore Notification

Because you closed this PR without merging, Renovate will ignore this update. You will not get PRs for any future 4.x releases. But if you manually upgrade to 4.x then Renovate will re-enable minor and patch updates automatically.

If you accidentally closed this PR, or if you changed your mind: rename this PR to get a fresh replacement PR.

forking-renovate[bot] avatar Sep 12 '25 07:09 forking-renovate[bot]