liqd / a4-opin

OPIN.me is a youth e-participation platform developed by Liquid Democracy within the H2020 project EUth.
Other
19 stars 4 forks source link

chore(deps): update dependency djangorestframework to v3.15.2 [security] #2681

Open renovate[bot] opened 5 months ago

renovate[bot] commented 5 months ago

This PR contains the following updates:

Package Change Age Adoption Passing Confidence
djangorestframework (source, changelog) ==3.14.0 -> ==3.15.2 age adoption passing confidence

GitHub Vulnerability Alerts

CVE-2024-21520

Versions of the package djangorestframework before 3.15.2 are vulnerable to Cross-site Scripting (XSS) via the break_long_headers template filter due to improper input sanitization before splitting and joining with
tags.


Release Notes

encode/django-rest-framework (djangorestframework) ### [`v3.15.2`](https://redirect.github.com/encode/django-rest-framework/compare/3.15.1...3.15.2) [Compare Source](https://redirect.github.com/encode/django-rest-framework/compare/3.15.1...3.15.2) ### [`v3.15.1`](https://redirect.github.com/encode/django-rest-framework/compare/3.15.0...3.15.1) [Compare Source](https://redirect.github.com/encode/django-rest-framework/compare/3.15.0...3.15.1) ### [`v3.15.0`](https://redirect.github.com/encode/django-rest-framework/compare/3.14.0...3.15.0) [Compare Source](https://redirect.github.com/encode/django-rest-framework/compare/3.14.0...3.15.0)

Configuration

📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.



This PR was generated by Mend Renovate. View the repository job log.