-
Notifications
You must be signed in to change notification settings - Fork 0
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Update dependency Django to v3.1.14 [SECURITY] #21
base: master
Are you sure you want to change the base?
Conversation
|
5f42886
to
a6aa9ca
Compare
|
a6aa9ca
to
e69732f
Compare
e69732f
to
40080ad
Compare
⚠ Artifact update problemRenovate failed to update an artifact related to this branch. You probably do not want to merge this PR as-is. ♻ Renovate will retry this branch, including artifacts, only when one of the following happens:
The artifact failure details are included below: File name: Pipfile.lock
|
40080ad
to
6d60a5c
Compare
6d60a5c
to
1c7efe7
Compare
1c7efe7
to
afc3731
Compare
afc3731
to
047c9c2
Compare
047c9c2
to
4845bf7
Compare
4845bf7
to
12fe544
Compare
12fe544
to
08783d8
Compare
08783d8
to
91b351e
Compare
8b70d1a
to
3ae9248
Compare
3ae9248
to
8799ced
Compare
8799ced
to
e976975
Compare
e976975
to
09610d7
Compare
9cb1b6c
to
945b759
Compare
945b759
to
7be67cb
Compare
7be67cb
to
f0f6502
Compare
f0f6502
to
97b6417
Compare
97b6417
to
8ea3bc2
Compare
8ea3bc2
to
bf6c9a9
Compare
bf6c9a9
to
eb43379
Compare
eb43379
to
1d294cc
Compare
1d294cc
to
6228d0c
Compare
6228d0c
to
08c325e
Compare
314184e
to
34016a6
Compare
34016a6
to
dc6efa1
Compare
dc6efa1
to
a3d82f6
Compare
This PR contains the following updates:
==3.0.2
->==3.1.14
GitHub Vulnerability Alerts
CVE-2021-28658
In Django 2.2 before 2.2.20, 3.0 before 3.0.14, and 3.1 before 3.1.8, MultiPartParser allowed directory traversal via uploaded files with suitably crafted file names. Built-in upload handlers were not affected by this vulnerability.
CVE-2021-31542
In Django 2.2 before 2.2.21, 3.1 before 3.1.9, and 3.2 before 3.2.1, MultiPartParser, UploadedFile, and FieldFile allowed directory traversal via uploaded files with suitably crafted file names.
CVE-2021-35042
Django 3.1.x before 3.1.13 and 3.2.x before 3.2.5 allows QuerySet.order_by SQL injection if order_by is untrusted input from a client of a web application.
CVE-2021-44420
In Django 2.2 before 2.2.25, 3.1 before 3.1.14, and 3.2 before 3.2.10, HTTP requests for URLs with trailing newlines could bypass upstream access control based on URL paths. This issue has low severity, according to the Django security policy.
Release Notes
django/django (Django)
v3.1.14
Compare Source
v3.1.13
Compare Source
v3.1.12
Compare Source
v3.1.11
Compare Source
v3.1.10
Compare Source
v3.1.9
Compare Source
v3.1.8
Compare Source
v3.1.7
Compare Source
v3.1.6
Compare Source
v3.1.5
Compare Source
v3.1.4
Compare Source
v3.1.3
Compare Source
v3.1.2
Compare Source
v3.1.1
Compare Source
v3.1
Compare Source
v3.0.14
Compare Source
v3.0.13
Compare Source
v3.0.12
Compare Source
v3.0.11
Compare Source
v3.0.10
Compare Source
v3.0.9
Compare Source
v3.0.8
Compare Source
v3.0.7
Compare Source
v3.0.6
Compare Source
v3.0.5
Compare Source
v3.0.4
Compare Source
v3.0.3
Compare Source
Configuration
📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about these updates again.
This PR has been generated by Mend Renovate. View repository job log here.