search

pythonindia / junction

Junction is a software to manage proposals, reviews, schedule, feedback during conference.
MIT License
192 stars 185 forks source link

Upgrade dependencies for security #571

Open zerothabhishek opened 5 years ago

zerothabhishek commented 5 years ago

Ref: https://requires.io/github/pythonindia/junction/requirements/?branch=master

Many libraries in requirements.txt are using old, insecure versions. They must be updated to the latest secure versions.

This also requires a Django upgrade. Related Issue: 514

pradyunsg commented 5 years ago

pillow seems to be unused.

ananyo2012 commented 4 years ago

3 more dependencies need update - handlebars, extend and sshpk as pointed out by GitHub @dependabot

gutsytechster commented 4 years ago

Won't @dependabot create a PR if a security issue be found? Do we explicitly need to update some dependency?