Upgrade Django to 4.2.14

TheRacetrack / racetrack

An opinionated framework for deploying, managing, and serving application workloads

https://theracetrack.github.io/racetrack/

Apache License 2.0

28 stars 6 forks source link

Upgrade Django to 4.2.14 #495

Closed anders314159 closed 1 month ago

anders314159 commented 1 month ago

There are a bunch of CVE's for our current Django version, 4.2.13. 4.2.14 is the patched version. I am unsure as to whether or not we use any of the affected functions mentioned below, but I'd rather just upgrade either way.

See: https://github.com/advisories/GHSA-qg2p-9jwr-mmqf https://github.com/advisories/GHSA-9jmf-237g-qf46 https://github.com/advisories/GHSA-x7q2-wr7g-xqmf https://github.com/advisories/GHSA-f6f8-9mx6-9mx2

iszulcdeepsense commented 1 month ago

Absolutely. just so you know, you can generate patches from https://github.com/TheRacetrack/racetrack/security/dependabot In my opinion, next time you can make them without asking in the issue, we can always discuss in Pull request.