taroved / pol

RSS generator website
MIT License
381 stars 88 forks source link

Bump django from 1.8.6 to 1.11.23 #31

Closed dependabot[bot] closed 4 years ago

dependabot[bot] commented 5 years ago

Bumps django from 1.8.6 to 1.11.23.

Commits - [`9748977`](https://github.com/django/django/commit/974897759e9afc4cc56fb87e12319fa9697e93c9) [1.11.x] Bumped version for 1.11.23 release. - [`869b34e`](https://github.com/django/django/commit/869b34e9b3be3a4cfcb3a145f218ffd3f5e3fd79) [1.11.x] Fixed CVE-2019-14235 -- Fixed potential memory exhaustion in django.... - [`ed682a2`](https://github.com/django/django/commit/ed682a24fca774818542757651bfba576c3fc3ef) [1.11.x] Fixed CVE-2019-14234 -- Protected JSONField/HStoreField key and inde... - [`52479ac`](https://github.com/django/django/commit/52479acce792ad80bb0f915f20b835f919993c72) [1.11.x] Fixed CVE-2019-14233 -- Prevented excessive HTMLParser recursion in ... - [`42a66e9`](https://github.com/django/django/commit/42a66e969023c00536256469f0e8b8a099ef109d) [1.11.X] Fixed CVE-2019-14232 -- Adjusted regex to avoid backtracking issues ... - [`693046e`](https://github.com/django/django/commit/693046e54b9f207dece1907a2515ce555cec83be) [1.11.x] Added stub release notes for security releases. - [`6d054b5`](https://github.com/django/django/commit/6d054b5a8f8812169b74e4304291d94874c2b012) [1.11.x] Added CVE-2019-12781 to the security release archive. - [`7c849b9`](https://github.com/django/django/commit/7c849b9e3babdecfc441161847e5316c63b1ecac) [1.11.x] Post-release version bump. - [`480380c`](https://github.com/django/django/commit/480380c9935a2e920a41828b3a07bee66a686a67) [1.11.x] Bumped version for 1.11.22 release. - [`32124fc`](https://github.com/django/django/commit/32124fc41e75074141b05f10fc55a4f01ff7f050) [1.11.x] Fixed CVE-2019-12781 -- Made HttpRequest always trust SECURE_PROXY_S... - Additional commits viewable in [compare view](https://github.com/django/django/compare/1.8.6...1.11.23)


Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot ignore this [patch|minor|major] version` will close this PR and stop Dependabot creating any more for this minor/major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) - `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language - `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language - `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language - `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/taroved/pol/network/alerts).
dependabot[bot] commented 4 years ago

Superseded by #43.