ecommerce

ecommerce copied to clipboard

Bumps [django](https://github.com/django/django) from 3.0.7 to 3.1.13. Commits 43873b9 [3.1.x] Bumped version for 3.1.13 release. 0bd57a8 [3.1.x] Fixed CVE-2021-35042 -- Prevented SQL injection in QuerySet.order_by(). 8dc1cc0 [3.1.x] Added stub release notes...

dependabot[bot]

Bumps [pillow](https://github.com/python-pillow/Pillow) from 7.1.2 to 8.3.2. Release notes Sourced from pillow's releases. 8.3.2 https://pillow.readthedocs.io/en/stable/releasenotes/8.3.2.html Security CVE-2021-23437 Raise ValueError if color specifier is too long [hugovk, radarhere] Fix 6-byte OOB read...

dependabot[bot]

Bumps [urllib3](https://github.com/urllib3/urllib3) from 1.25.9 to 1.26.5. Release notes Sourced from urllib3's releases. 1.26.5 :warning: IMPORTANT: urllib3 v2.0 will drop support for Python 2: Read more in the v2.0 Roadmap Fixed...

dependabot[bot]

Bumps [lodash](https://github.com/lodash/lodash) from 4.17.19 to 4.17.21. Commits f299b52 Bump to v4.17.21 c4847eb Improve performance of toNumber, trim and trimEnd on large input strings 3469357 Prevent command injection through _.template's variable...

dependabot[bot]

Bumps [rsa](https://github.com/sybrenstuvel/python-rsa) from 4.6 to 4.7. Changelog Sourced from rsa's changelog. Version 4.7 - released 2021-01-10 Fix #165: CVE-2020-25658 - Bleichenbacher-style timing oracle in PKCS#1 v1.5 decryption code Add padding...

dependabot[bot]

Bumps [ssri](https://github.com/npm/ssri) from 6.0.1 to 6.0.2. Changelog Sourced from ssri's changelog. 6.0.2 (2021-04-07) Bug Fixes backport regex change from 8.0.1 (b30dfdb), closes #19 Commits b7c8c7c chore(release): 6.0.2 b30dfdb fix: backport...

dependabot[bot]

Bumps [django-debug-toolbar](https://github.com/jazzband/django-debug-toolbar) from 2.2 to 2.2.1. Changelog Sourced from django-debug-toolbar's changelog. 2.2.1 (2021-04-14) Fixed SQL Injection vulnerability, CVE-2021-30459. The toolbar now calculates a signature on all fields for the SQL...

dependabot[bot]

Bumps [y18n](https://github.com/yargs/y18n) from 4.0.0 to 4.0.1. Changelog Sourced from y18n's changelog. Change Log All notable changes to this project will be documented in this file. See standard-version for commit guidelines....

dependabot[bot]

Bumps [djangorestframework](https://github.com/encode/django-rest-framework) from 3.11.0 to 3.11.2. Commits 4121b01 Deprecate urlize_quoted_links in favor of Django's built-in urlize f3d9d68 Version 3.11.1 eb2c4c2 Version 3.11.1 See full diff in compare view [![Dependabot compatibility...

dependabot[bot]

Bumps [elliptic](https://github.com/indutny/elliptic) from 6.5.3 to 6.5.4. Commits 43ac7f2 6.5.4 f4bc72b package: bump deps 441b742 ec: validate that a point before deriving keys e71b2d9 lib: relint using eslint 8421a01 build(deps): bump...

dependabot[bot]