guardrails[bot]
commented
2 years ago :warning: We detected 1 security issue in this pull request:
Vulnerable Libraries (1)
Severity | Details ----- | -------- N/A | [django@3.1.14](https://github.com/koromerzhin/template-django/blob/b572d2ee5952c982bcc09551374f12a6ce34feb3/apps/requirements.txt#L2) upgrade to: *>=3.2.12* More info on how to fix Vulnerable Libraries in [Python](https://docs.guardrails.io/docs/en/vulnerabilities/python/using_vulnerable_libraries.html?utm_source=ghpr).
👉 Go to the dashboard for detailed results.
📥 Happy? Share your feedback with us.
This PR contains the following updates:
==3.1.12->==3.1.14GitHub Vulnerability Alerts
CVE-2021-35042
Django 3.1.x before 3.1.13 and 3.2.x before 3.2.5 allows QuerySet.order_by SQL injection if order_by is untrusted input from a client of a web application.
CVE-2021-44420
In Django 2.2 before 2.2.25, 3.1 before 3.1.14, and 3.2 before 3.2.10, HTTP requests for URLs with trailing newlines could bypass upstream access control based on URL paths. This issue has low severity, according to the Django security policy.
Release Notes
django/django
### [`v3.1.14`](https://togithub.com/django/django/compare/3.1.13...3.1.14) [Compare Source](https://togithub.com/django/django/compare/3.1.13...3.1.14) ### [`v3.1.13`](https://togithub.com/django/django/compare/3.1.12...3.1.13) [Compare Source](https://togithub.com/django/django/compare/3.1.12...3.1.13)Configuration
📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
â™» Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR has been generated by Mend Renovate. View repository job log here.