search

Bellettrie / library_system

GNU General Public License v3.0
1 stars 0 forks source link

Update to Django 5.0 #538

Closed nanderv closed 2 weeks ago

RemcoSwenker commented 5 months ago

Ran a check on the update to 5 got this:

python -W all manage.py check --deploy
C:\Users\Remco\PycharmProjects\bellettrie_systeem\.venv\Lib\site-packages\django\db\models\options.py:210: RemovedInDjango51Warning: 'index_together' is deprecated. Use 'Meta.indexes' in 'django_cron.CronJobLog' instead.
  warnings.warn(
System check identified some issues:

WARNINGS:
?: (security.W004) You have not set a value for the SECURE_HSTS_SECONDS setting. If your entire site is served only over SSL, you may want to consider setting a value and enabling HTTP Strict Transport Security. Be sure to read the documentation first; enabling HSTS carelessly can cause serious, irreversible problems.
?: (security.W008) Your SECURE_SSL_REDIRECT setting is not set to True. Unless your site should be available over both SSL and non-SSL connections, you may want to either set this setting True or configure a load balancer or reverse-proxy server to redirect all connections to HTTPS.
?: (security.W012) SESSION_COOKIE_SECURE is not set to True. Using a secure-only session cookie makes it more difficult for network traffic sniffers to hijack user sessions.
?: (security.W016) You have 'django.middleware.csrf.CsrfViewMiddleware' in your MIDDLEWARE, but you have not set CSRF_COOKIE_SECURE to True. Using a secure-only CSRF cookie makes it more difficult for network traffic sniffers to steal the CSRF token.
?: (security.W018) You should not have DEBUG set to True in deployment.

System check identified 5 issues (0 silenced).
nanderv commented 5 months ago

Ran a check on the update to 5 got this:

python -W all manage.py check --deploy
C:\Users\Remco\PycharmProjects\bellettrie_systeem\.venv\Lib\site-packages\django\db\models\options.py:210: RemovedInDjango51Warning: 'index_together' is deprecated. Use 'Meta.indexes' in 'django_cron.CronJobLog' instead.
  warnings.warn(
System check identified some issues:

WARNINGS:
?: (security.W004) You have not set a value for the SECURE_HSTS_SECONDS setting. If your entire site is served only over SSL, you may want to consider setting a value and enabling HTTP Strict Transport Security. Be sure to read the documentation first; enabling HSTS carelessly can cause serious, irreversible problems.
?: (security.W008) Your SECURE_SSL_REDIRECT setting is not set to True. Unless your site should be available over both SSL and non-SSL connections, you may want to either set this setting True or configure a load balancer or reverse-proxy server to redirect all connections to HTTPS.
?: (security.W012) SESSION_COOKIE_SECURE is not set to True. Using a secure-only session cookie makes it more difficult for network traffic sniffers to hijack user sessions.
?: (security.W016) You have 'django.middleware.csrf.CsrfViewMiddleware' in your MIDDLEWARE, but you have not set CSRF_COOKIE_SECURE to True. Using a secure-only CSRF cookie makes it more difficult for network traffic sniffers to steal the CSRF token.
?: (security.W018) You should not have DEBUG set to True in deployment.

System check identified 5 issues (0 silenced).

If we're lucky, then updating django_cron fixes this issue. If not, then we're stuck with django 4.2 for the time being

nanderv commented 5 months ago

This one is blocked by django-cron, which is deprecated. The fix is to move from django-cron to directly running cron jobs on the server, which use django management commands

nanderv commented 2 weeks ago

Done :tada: