search

liqd / a4-opin

OPIN.me is a youth e-participation platform developed by Liquid Democracy within the H2020 project EUth.
Other
19 stars 4 forks source link

chore(deps): update dependency django to v3.2.20 [security] #2670

Closed renovate[bot] closed 10 months ago

renovate[bot] commented 1 year ago

Mend Renovate

This PR contains the following updates:

Package Change Age Adoption Passing Confidence
Django (source, changelog) ==3.2.18 -> ==3.2.20 age adoption passing confidence

GitHub Vulnerability Alerts

CVE-2023-31047

In Django 3.2 before 3.2.19, 4.x before 4.1.9, and 4.2 before 4.2.1, it was possible to bypass validation when using one form field to upload multiple files. This multiple upload has never been supported by forms.FileField or forms.ImageField (only the last uploaded file was validated). However, Django's "Uploading multiple files" documentation suggested otherwise.

CVE-2023-36053

In Django 3.2 before 3.2.20, 4 before 4.1.10, and 4.2 before 4.2.3, EmailValidator and URLValidator are subject to a potential ReDoS (regular expression denial of service) attack via a very large number of domain name labels of emails and URLs.

Release Notes

django/django (Django) ### [`v3.2.20`](https://togithub.com/django/django/compare/3.2.19...3.2.20) [Compare Source](https://togithub.com/django/django/compare/3.2.19...3.2.20) ### [`v3.2.19`](https://togithub.com/django/django/compare/3.2.18...3.2.19) [Compare Source](https://togithub.com/django/django/compare/3.2.18...3.2.19)

Configuration

📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

This PR has been generated by Mend Renovate. View repository job log here.