liqd / a4-meinberlin

The central participation platform of the city of Berlin, Germany
https://mein.berlin.de
GNU Affero General Public License v3.0
40 stars 6 forks source link

chore(deps): update dependency djangorestframework to v3.15.2 [security] #5632

Open renovate[bot] opened 5 months ago

renovate[bot] commented 5 months ago

This PR contains the following updates:

Package Change Age Adoption Passing Confidence
djangorestframework (source, changelog) ==3.15.1 -> ==3.15.2 age adoption passing confidence

GitHub Vulnerability Alerts

CVE-2024-21520

Versions of the package djangorestframework before 3.15.2 are vulnerable to Cross-site Scripting (XSS) via the break_long_headers template filter due to improper input sanitization before splitting and joining with
tags.


Release Notes

encode/django-rest-framework (djangorestframework) ### [`v3.15.2`](https://redirect.github.com/encode/django-rest-framework/compare/3.15.1...3.15.2) [Compare Source](https://redirect.github.com/encode/django-rest-framework/compare/3.15.1...3.15.2)

Configuration

📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

â™» Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.



This PR was generated by Mend Renovate. View the repository job log.