Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

OPT: Update dependency django to v4.2.16 [SECURITY] #141

Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

OPT: Update dependency django to v4.2.16 [SECURITY] #141

wants to merge 1 commit into from

Conversation

renovate[bot]
Copy link
Contributor

@renovate renovate bot commented Oct 9, 2024
edited
Loading

This PR contains the following updates:

Package Change Age Adoption Passing Confidence
django (changelog) 4.2.15 -> 4.2.16 age adoption passing confidence

GitHub Vulnerability Alerts

CVE-2024-45230

An issue was discovered in Django 5.1 before 5.1.1, 5.0 before 5.0.9, and 4.2 before 4.2.16. The urlize() and urlizetrunc() template filters are subject to a potential denial-of-service attack via very large inputs with a specific sequence of characters.

CVE-2024-45231

An issue was discovered in Django v5.1.1, v5.0.9, and v4.2.16. The django.contrib.auth.forms.PasswordResetForm class, when used in a view implementing password reset flows, allows remote attackers to enumerate user e-mail addresses by sending password reset requests and observing the outcome (only when e-mail sending is consistently failing).

Release Notes

django/django (django)

v4.2.16

Compare Source

Configuration

📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@renovate renovate bot added the dependencies Pull requests that update a dependency file label Oct 9, 2024
@renovate renovate bot requested a review from eigenein as a code owner October 9, 2024 01:26
@codecov Codecov
Copy link

codecov bot commented Oct 9, 2024

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 92.00%. Comparing base (dc3dc1c) to head (3d8610d).

Additional details and impacted files 
@@           Coverage Diff           @@
##             main     #141   +/-   ##
=======================================
  Coverage   92.00%   92.00%           
=======================================
  Files          35       35           
  Lines         801      801           
  Branches       89       89           
=======================================
  Hits          737      737           
  Misses         45       45           
  Partials       19       19

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@eigenein eigenein Awaiting requested review from eigenein eigenein is a code owner

At least 1 approving review is required to merge this pull request.

Assignees
No one assigned
Labels
dependencies Pull requests that update a dependency file
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
0 participants